mailing list archives
[Ncat] hang on ongoing ssl negotation in brokering mode
From: Shinnok <admin () shinnok com>
Date: Mon, 6 Jun 2011 13:07:52 +0300
Quote from todo/nmap.txt:
o [Ncat] When in connection brokering or chat mode with ssl support
enabled, if one client connects and doesn't complete ssl negotiation,
it hangs any other connections while that first is active. One way to
Run SSL chat server like: /usr/local/bin/ncat --ssl -l --chat
Window #1: Connect without ssl: ncat -v chatserverip
Window #2: Try to connect with SSL: ncat -v --ssl chatserverip
Window #2 will not work while #1 is active. If you quit #1, #2
should work again.
Attached is a patch that handles this issue for your review.
The patch fixes both ncat_listen(.c) brokering as well as
ncat_broker(.c) brokering type. The way the patch works, is that I've
turned the socket non-blocking for non-exec commands in
handle_connection() function and only initiate the ssl through new_ssl()
at that spot. Then I handle the actual ssl negotiation(ssl_accept()) in
ncat_listen_stream() and ncat_broker() respectively.
Some additional ssl data was added in util.h to "struct fdinfo", as
necessary in order to keep the ssl info cross functions.
./ncat-test.pl issues no additional fails from svn current besides the
UNEXPECTED PASS SSL server doesn't block during handshake
which should probably be removed with the same commit as this patch, or
left as is, as a bonus. :)
Let my know what you think about the patch and if all is ok I'll commit it.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/