Re: ncat unix domain datagram socket receive only mode

[Guy Lichtman <guy () guylichtman com>]

Hi Dan,

Thanks for the detailed reply.

I think the fix I suggested at https://github.com/nmap/nmap/pull/23 is
still valid as you don't want to initialize a connection if working in
`--recv-only'
mode regardless of the socket type. But I may be missing something.

I would expect that in duplex mode when the unix dgram socket has no remote
address then ncat should fail with a meaningful message. The way I see
it, `--recv-only`
should be a required parameter if working with unix dgram sockets which
don't specify the remote address (as seen with the logger utility).

Best,

Guy

On Wed, Jan 14, 2015 at 9:03 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:

> Guy,
>
>
> Thanks for the bug report. Unfortunately, things aren't as simple as that:
> Ncat crashes even without `--recv-only`. The reason is that `logger` does
> not bind its socket to a filename before sending, meaning that it is an
> unnamed socket. Ncat just can't handle that right now. I'm going to add a
> bug for this, since it is a legit problem.
>
> Removing the `Connect` call (a wrapper around `connect(2)`) works because
> the `connect` call is failing due to an empty (null) `sockaddr` being
> passed as the second argument. This value (`remotess`) is populated farther
> up with a `recvfrom` call, which works for UDP (which always has a remote
> address), but not for AF_UNIX SOCK_DGRAM, which can be unnamed (no remote
> address). We *could possibly* do a more specific check for AF_UNIX and a
> null `remotess.un.sun_path` in order to skip the `Connect`, but I see 2
> potential problems:
>
> 1. We later use `send` and `recv` on this socket, which I think need to
> have a connected socket in order to work properly
> 2. We use connected UDP for some reason (connection tracking?) that is
> probably based on a design decision that would need proper discussion and
> planning to reverse.
>
> I'm open to suggestions on how to move forward. Please comment here or on
> the Github bug report: https://github.com/nmap/nmap/issues/46
>
> Dan
>
> On Mon, Dec 15, 2014 at 2:44 PM, Guy Lichtman <guy () guylichtman com> wrote:
>
> > Hi,
> >
> > I am trying to use ncat to listen on a unix domain datagram socket in
> > receive only mode. I am using this as a simple syslog receiving server for
> > testing.
> >
> > When I use the following command:
> >
> > ncat --recv-only -luU /tmp/test.socket
> >
> > and then try to log a a message using logger with the following command:
> >
> > logger -d -u /tmp/test.socket "this is a test"
> >
> > I get the following error on the ncat side:
> >
> > connect: Invalid argument
> >
> > From looking at the ncat_listen.c code it looks like ncat tries to
> > connect a sending socket even when in recv-only mode. I added a check to
> > connect only when not in recv-only mode and then ncat worked as expected.
> > Here is a suggested patch:
> >
> > svn diff ncat_listen.c
> > Index: ncat_listen.c
> > ===================================================================
> > --- ncat_listen.c       (revision 33864)
> > +++ ncat_listen.c       (working copy)
> > @@ -818,7 +818,9 @@
> >           * We're using connected udp. This has the down side of only
> >           * being able to handle one udp client at a time
> >           */
> > -        Connect(socket_n, &remotess.sockaddr, sslen);
> > +       /* Connect only if not recvonly */
> > +       if (!o.recvonly)
> > +               Connect(socket_n, &remotess.sockaddr, sslen);
> >
> >          /* clean slate for buf */
> >          zmem(buf, sizeof(buf));
> >
> >
> > Best,
> >
> > Guy
> >
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/