Re: ncat --max-conns

[David Fifield <david () bamsoftware com>]

On Sat, Oct 03, 2009 at 04:42:40PM +0530, venkat sanaka wrote:
> I fixed this bug using the callback function implementation as suggested
> by David.I tested it and its working fine for me.I am attaching this patch,
> Please take time to test it.

Thank you Venkat, this looks good. Is it possible to modify the POSIX
version of netrun so it works the same way? The idea behind having
separate ncat_posix.c and ncat_exec_win.c files that that
platform-specific differences can be isolated in those files and the
rest of the code can be written with fewer #ifdefs.

netrun in ncat_posix.c should take the termination handler argument as
well, and the POSIX netrun should be responsible for catching SIGCHLD.
Because the handler will run from within the signal handler, you will
have to document that the handler can only run asynchronous-safe code.
For more on that see

https://www.securecoding.cert.org/confluence/display/seccode/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers

It won't be safe to call logdebug from the handler function. It should
be only

static void handle_conn_count(void)
{
        conn_count--;
}

Once this is done, the same handler function will be used for both
Windows and POSIX.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org