New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nmap ncat -i flag works incorrectly if EOF on both stdin and the socket #1311

ssb22 opened this Issue Aug 29, 2018 · 0 comments


None yet
1 participant

ssb22 commented Aug 29, 2018

In nmap's version of ncat, the -i (idle) timeout causes nc to error-exit even if EOF has occurred on both stdin and the socket before the idle timeout has been reached. Surely if EOF has occurred on both stdin and socket before the timeout was reached, then nc should exit normally?

In ncat_connect.c I can see code to:

exit after EOF on stdin in `--send-only` mode,
exit after EOF on the socket in `--recv-only` mode,

but, if in neither --send-only nor --recv-only mode, there is nothing in ncat_connect.c to handle exit when we've seen EOF on both stdin and the socket.

So we look at the lower-level code in nsock_core.c's nsock_loop function. This loop will quit if ms->quit is set (by the above-mentioned --send-only and --recv-only code) or if there are no events_pending.

But it seems the timeout counts in events_pending. So nsock_loop effectively goes "OK, I know stdin has been EOF'd and the socket has been EOF'd, but I'm still not going to quit yet, because there's still an event pending" (the timeout), so it just sits there until the timeout fires and then nc error-exits, even if everything has actually worked just fine.

Obviously this can be worked around by wrapping the nc in a separate timeout command instead of using -i, but it would be nice to fix -i properly so that nc gives an immediate successful exit if the only event pending is the unfired timeout event.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment