Nmap Development mailing list archives

Re: ncat unix domain datagram socket receive only mode

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 14 Jan 2015 13:03:11 -0600

Guy,


Thanks for the bug report. Unfortunately, things aren't as simple as that:
Ncat crashes even without `--recv-only`. The reason is that `logger` does
not bind its socket to a filename before sending, meaning that it is an
unnamed socket. Ncat just can't handle that right now. I'm going to add a
bug for this, since it is a legit problem.

Removing the `Connect` call (a wrapper around `connect(2)`) works because
the `connect` call is failing due to an empty (null) `sockaddr` being
passed as the second argument. This value (`remotess`) is populated farther
up with a `recvfrom` call, which works for UDP (which always has a remote
address), but not for AF_UNIX SOCK_DGRAM, which can be unnamed (no remote
address). We *could possibly* do a more specific check for AF_UNIX and a
null `remotess.un.sun_path` in order to skip the `Connect`, but I see 2
potential problems:

1. We later use `send` and `recv` on this socket, which I think need to
have a connected socket in order to work properly
2. We use connected UDP for some reason (connection tracking?) that is
probably based on a design decision that would need proper discussion and
planning to reverse.

I'm open to suggestions on how to move forward. Please comment here or on
the Github bug report: https://github.com/nmap/nmap/issues/46

Dan

On Mon, Dec 15, 2014 at 2:44 PM, Guy Lichtman <guy () guylichtman com> wrote:

Hi,

I am trying to use ncat to listen on a unix domain datagram socket in
receive only mode. I am using this as a simple syslog receiving server for
testing.

When I use the following command:

ncat --recv-only -luU /tmp/test.socket

and then try to log a a message using logger with the following command:

logger -d -u /tmp/test.socket "this is a test"

I get the following error on the ncat side:

connect: Invalid argument

From looking at the ncat_listen.c code it looks like ncat tries to connect
a sending socket even when in recv-only mode. I added a check to connect
only when not in recv-only mode and then ncat worked as expected. Here is a
suggested patch:

svn diff ncat_listen.c
Index: ncat_listen.c
===================================================================
--- ncat_listen.c       (revision 33864)
+++ ncat_listen.c       (working copy)
@@ -818,7 +818,9 @@
          * We're using connected udp. This has the down side of only
          * being able to handle one udp client at a time
          */
-        Connect(socket_n, &remotess.sockaddr, sslen);
+       /* Connect only if not recvonly */
+       if (!o.recvonly)
+               Connect(socket_n, &remotess.sockaddr, sslen);

         /* clean slate for buf */
         zmem(buf, sizeof(buf));


Best,

Guy

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: ncat unix domain datagram socket receive only mode Daniel Miller (Jan 14)
- Re: ncat unix domain datagram socket receive only mode Guy Lichtman (Jan 20)