Ncat with ssl using 100% cpu

[el draco <eldraco () gmail com>]

Hi everyone, i was testing ncat a little bit and found that under
certain conditions it uses all of my cpu.

I'm using:
Kubuntu 8.10
Kernel 2.6.27-14-generic SMP
openssl 0.9.8g-10
libssl0.9.8
libssl-dev 0.9.8g-10
Nmap 4.85BETA9, svn rev. 13330

Test case 1:

a) ncat -l 8000 --ssl
b) ncat localhost 8000 --ssl

So far so good, and now we type anything on the CLIENT like 'test'

Now ncat client is using 100% of cpu.

Note that it is still working fine, and you have to type in the
client-side and not in the server-side

When using strace with the client it keeps printing this forever:
select(4, [0 3], [3], [], NULL)         = 1 (out [3])
select(4, [0 3], [3], [], NULL)         = 1 (out [3])
select(4, [0 3], [3], [], NULL)         = 1 (out [3])
select(4, [0 3], [3], [], NULL)         = 1 (out [3])

On a side note, if you type on the server-side, everything works just fine.


Test case 2:
a) ncat -l 8000 --ssl --broker --chat
b) ncat localhost 8000 --ssl

Now we have two issues. The first is the same as test case 1, if you
type anything on client-side, cpu reaches 100%

The second one is that if you now type something on server-side, while
your cpu is at 100%, .. client-side stop using 100% cpu!!
You can repeat this from here again. Typing in the client sets cpu to
100%, typing in the server stop this.


Hope this helps.

cheers

sebastián

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org