Nmap Development mailing list archives
Re: [Ncat] hang on ongoing ssl negotation in brokering mode
From: David Fifield <david () bamsoftware com>
Date: Sat, 11 Jun 2011 11:33:34 -0700
On Mon, Jun 06, 2011 at 01:07:52PM +0300, Shinnok wrote:
Hi, Quote from todo/nmap.txt: o [Ncat] When in connection brokering or chat mode with ssl support enabled, if one client connects and doesn't complete ssl negotiation, it hangs any other connections while that first is active. One way to reproduce: Run SSL chat server like: /usr/local/bin/ncat --ssl -l --chat Window #1: Connect without ssl: ncat -v chatserverip Window #2: Try to connect with SSL: ncat -v --ssl chatserverip Window #2 will not work while #1 is active. If you quit #1, #2 should work again. Attached is a patch that handles this issue for your review. The patch fixes both ncat_listen(.c) brokering as well as ncat_broker(.c) brokering type. The way the patch works, is that I've turned the socket non-blocking for non-exec commands in handle_connection() function and only initiate the ssl through new_ssl() at that spot. Then I handle the actual ssl negotiation(ssl_accept()) in ncat_listen_stream() and ncat_broker() respectively. Some additional ssl data was added in util.h to "struct fdinfo", as necessary in order to keep the ssl info cross functions.
This patch looks very nice, Shinnok. Please change the name "ssldone" to
something more descriptive; it doesn't mean "SSL done," it means "SSL
accept done."
I don't think the patch works when the server runs --sh-exec. For
example
ncat --ssl --sh-exec "date" -lk
Connecting with a non-SSL client prevents SSL clients from receiving any
data. I added a new test for this case. Would you look into it?
./ncat-test.pl issues no additional fails from svn current besides the obvious: UNEXPECTED PASS SSL server doesn't block during handshake
Great, it's nice when a test works. Remove the xfail whenever you make a known-bad test start passing. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 06)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 11)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 15)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 21)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 11)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 13)
- Ncat accepting connections without --keep-open David Fifield (Jun 13)