Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Ncat proxy connections broken on Windows, now fixed

From: David Fifield <david () bamsoftware com>
Date: Fri, 9 Oct 2009 21:37:30 -0600
Hi,

I discovered and fixed an error in Ncat on Windows. Right after
connecting in connect mode through a proxy, this assertion failure was
raised:
        (fh >= 0 && (unsigned)fd < (unsigned)_nhandle)
It was caused by the nsi_new2 function in Nsock, which calls dup to make
a copy of a socket descriptor. The dup function on Windows doesn't work
on socket handles, only file descriptors. I fixed it by providing a
dup_socket function in Nbase that calls the native Windows
DuplicateHandle function.

I think this problem has existed since r14194, when the way proxy
connections were made was changed. Formerly, all the proxy negotiations
were done with Nsock, which was hard to understand because all such code
was mixed into the main read/write loop. Now, proxy negotiation is first
done in a blocking fashion and the socket handed over to Nsock when it
is done.

Ncat comes with a pretty decent test program called ncat-test.pl, which
is how I found this bug. I hadn't run it on Windows before because for
some reason I didn't think it would work. But to my surprise it runs
just fine with Perl from Cygwin, needing only a small modification to
the location of the ncat binary:

--- test/ncat-test.pl   (revision 15800)
+++ test/ncat-test.pl   (working copy)
@@ -14,7 +14,7 @@
 use IPC::Open3;
 use strict;
  
-my $NCAT = "../ncat";
+my $NCAT = "../Debug/ncat";
 my $HOST = "localhost";
 my $IPV6_ADDR = "::1";
 my $PORT = 40000;

Not all the tests pass on Windows. It seems that all of the tests
involving SCTP fail, but there are some failures even excluding those.
If a Windows user is looking for a way to get started, this would be a
good thing to tackle. All you do is run the test program, look for the
lines that start with "FAIL", see what commands the test program is
running for that test, and try to reproduce the failure by running the
commands yourself. If you can find the cause of the failure that's even
better.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: