Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [Ncat] hang on ongoing ssl negotation in brokering mode
From: Shinnok <admin () shinnok com>
Date: Wed, 15 Jun 2011 20:33:46 +0300

On 6/13/2011 11:09 PM, David Fifield wrote:
Argh, and there's ncat_exec_win.c that I have to handle too, if I'm not
mistaken, since I only too cake of the netexec() in ncat_posix.c? Any
special comments for that David? I see there's some playing around with
blocking/unblocking of the remote socket(@420) which might interfere
with making this work.
Yes, it should work for Windows too. You probably don't have to worry
about that blocking detail.
Fixed in r24036. I have a question though, regarding both posix and windows versions of this exec behaviour: Since exec invocations usually have that already available to send to the socket even if the ssl negotiation didn't finish, calls to fselect() @210 in ncat_posix.c and WaitForMultipleObjects() @387 in ncat_exec_win.c will basically return the minute they are called thus no waiting is accomplished. However I block the loops from sending that data over the socket if the ssl handshake is not completed @253 and @415 respectively. This basically means that ncat will enter an infinite loop at that point and consume the entire cpu(or a core/thread) till that handshake is completed or abandoned. Further connections work fine and all that, however the full cpu is not nice. My proposed solution is to timeout this ssl negotiation for a specific number of seconds and then drop the entire connection at question after that time is passed. I'm welcome to suggestions on this issue.
Please find a way to factor this code into its own function. It's too
much to have it repeated in each read loop.

             if(o.ssl&&  info->ssl&&  !info->ssl_accept_done){
                 int ret = SSL_accept(info->ssl);
                 int sslerr = 0;
                 if(ret == 1){
                     info->ssl_accept_done = 1;
                     continue;
                 }else
                 sslerr = SSL_get_error(info->ssl, ret);
                 if(ret == -1&&  (sslerr == SSL_ERROR_WANT_READ
                                  || sslerr == SSL_ERROR_WANT_WRITE)){
                     continue;
                 }else {
                     if (o.verbose) {
                         loguser("Failed SSL connection from %s: %s\n",
                         inet_socktop(&info->remoteaddr),
                                      ERR_error_string(ERR_get_error(), NULL));
                     }
                     goto loop_end;
                 }
             }

David Fifield
I'm working on this right now.

Best regards,
Shinnok
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]