Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [Ncat] hang on ongoing ssl negotation in brokering mode
From: David Fifield <david () bamsoftware com>
Date: Sat, 11 Jun 2011 11:33:34 -0700

On Mon, Jun 06, 2011 at 01:07:52PM +0300, Shinnok wrote:
Hi,

Quote from todo/nmap.txt:

o [Ncat] When in connection brokering or chat mode with ssl support
  enabled, if one client connects and doesn't complete ssl negotiation,
  it hangs any other connections while that first is active.  One way to
  reproduce:
  Run SSL chat server like: /usr/local/bin/ncat --ssl -l --chat
  Window #1: Connect without ssl: ncat -v chatserverip
  Window #2: Try to connect with SSL: ncat -v --ssl chatserverip
  Window #2 will not work while #1 is active.  If you quit #1, #2
  should work again.

Attached is a patch that handles this issue for your review.
The patch fixes both ncat_listen(.c) brokering as well as
ncat_broker(.c) brokering type. The way the patch works, is that I've
turned the socket non-blocking for non-exec commands in
handle_connection() function and only initiate the ssl through new_ssl()
at that spot. Then I handle the actual ssl negotiation(ssl_accept()) in
ncat_listen_stream() and ncat_broker() respectively.

Some additional ssl data was added in util.h to "struct fdinfo", as
necessary in order to keep the ssl info cross functions.

This patch looks very nice, Shinnok. Please change the name "ssldone" to
something more descriptive; it doesn't mean "SSL done," it means "SSL
accept done."

I don't think the patch works when the server runs --sh-exec. For
example
        ncat --ssl --sh-exec "date" -lk
Connecting with a non-SSL client prevents SSL clients from receiving any
data. I added a new test for this case. Would you look into it?

./ncat-test.pl issues no additional fails from svn current besides the
obvious:
UNEXPECTED PASS SSL server doesn't block during handshake

Great, it's nice when a test works. Remove the xfail whenever you make a
known-bad test start passing.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]