-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
netcat may read from invalid file descriptors #143
Comments
bob-beck
pushed a commit
to openbsd/src
that referenced
this issue
Aug 14, 2023
In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes libressl/openbsd#143 "looks right" deraadt
duncan-roe
added a commit
to duncan-roe/netcat-openbsd
that referenced
this issue
Nov 22, 2023
Also outdent a block of code that was in 1 level too many OpenBSD commit message was: netcat: avoid issuing syscalls on fd -1 In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes libressl/openbsd#143 "looks right" deraadt 1 of the 4 code changes was already done (differently). Apply other 3.
allanjude
pushed a commit
to allanjude/freebsd
that referenced
this issue
Jun 8, 2024
In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes libressl/openbsd#143 "looks right" deraadt (cherry picked from commit 03fa76f835e0954845b206c6f0cadf39975ba82c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a minor issue, but could be avoided easily. When any socket in the poll loop errored, the fd is set to -1 in
openbsd/src/usr.bin/nc/netcat.c
Line 1164 in 1c25761
openbsd/src/usr.bin/nc/netcat.c
Line 1233 in 1c25761
I suggest readbuf detects fd == -1 and just returns -1 then.
Can be reproduced on Linux with an asynchronous connect that has SO_LINGER set (but probably many ways):
The text was updated successfully, but these errors were encountered: