Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug in ncat?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 25 Jul 2014 10:07:13 -0500
Pierluigi,

Grazie! I looked into it, and your assessment was correct. I applied your
patch in r33356.

Dan


On Thu, Jun 26, 2014 at 9:18 AM, Pierluigi Vittori <
pierluigi.vittori () gmail com> wrote:


Hi there,

I think I found a small bug in ncat, namely in the code that builds
the authentication string in the socks5 protocol.
The original code writes the PLEN byte in the wrong position and then
gets overwritten by the password string itself.

Here's the patch, it works for me with my authenticated ss5 server:

diff -u -r nmap-6.46.orig/ncat/ncat_connect.c
../nmap-6.46/ncat/ncat_connect.c
--- nmap-6.46.orig/ncat/ncat_connect.c  2014-02-20 22:22:22.000000000 +0100
+++ ../nmap-6.46/ncat/ncat_connect.c    2014-06-26 08:07:36.682892626 +0200
@@ -723,7 +723,7 @@
             memcpy(socks5auth.data+1,username,strlen(username));
             len = 2 + strlen(username); // (version + strlen) + username

-            socks5auth.data[len]=strlen(password);
+            socks5auth.data[len-1]=strlen(password);
             memcpy(socks5auth.data+len,password,strlen(password));
             len += 1 + strlen(password);

Hope it helps.

Ciao,
Pierluigi
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: