Skip to content

/ nmap

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ncat] Support for square-bracket notation for IPv6 proxy address #1441

Closed
nnposter opened this issue Jan 22, 2019 · 1 comment
Closed

[ncat] Support for square-bracket notation for IPv6 proxy address #1441

nnposter opened this issue Jan 22, 2019 · 1 comment
Assignees
@nnposter
Labels
Ncat enhancement have code

Comments

@nnposter
Copy link

@nnposter nnposter commented Jan 22, 2019

When Ncat is acting as a proxy client, the remote proxy server is specified as --proxy <addr>[:<port>]. In case of literal IPv6 the option syntax has two quirks:

  • The port part becomes mandatory
  • The result can be confusing, such as --proxy 2001:db8::123:456

I am proposing to adopt the well-established square-bracket notation, making the example above much more clear (--proxy [2001:db8::123]:456) and also providing support for default port numbers.

The controversial part is that this change breaks backward command-line compatibility. The original example would be now interpreted as the default port at address 2001:db8::123:456, instead of port 456 at address 2001:db8::123.

--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -164,12 +164,21 @@
 static size_t parseproxy(char *str, struct sockaddr_storage *ss,
     size_t *sslen, unsigned short *portno)
 {
-    char *p = strrchr(str, ':');
+    char *p = str;
     char *q;
     long pno;
     int rc;
 
-    if (p != NULL) {
+    if (*p == '[') {
+        p = strchr(p, ']');
+        if (p == NULL)
+            bye("Invalid proxy IPv6 address \"%s\".", str);
+        ++str;
+        *p++ = '\0';
+    }
+
+    p = strchr(p, ':');
+    if (p != NULL && strchr(p + 1, ':') == NULL) {
         *p++ = '\0';
         pno = strtol(p, &q, 10);
         if (pno < 1 || pno > 0xFFFF || *q)
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -429,8 +429,10 @@
           using the protocol specified by <option>--proxy-type</option>.</para>
 
           <para>If no port is specified, the proxy protocol's well-known port is used (1080 for
-          SOCKS and 3128 for HTTP).  However, when specifying an IPv6 HTTP proxy server using
-          the IP address rather than the hostname, the port number MUST be specified as well.
+          SOCKS and 3128 for HTTP).  When specifying an IPv6 HTTP proxy server
+          using the IP address rather than the hostname, the square-bracket
+          notation (for example [2001:db8::1]:8080) MUST be used to separate
+          the port from the IPv6 address.
           If the proxy requires authentication, use <option>--proxy-auth</option>.</para>
         </listitem>
       </varlistentry>
@nnposter nnposter self-assigned this Jan 22, 2019
@nnposter
Copy link
Author

@nnposter nnposter commented Feb 23, 2019

Committed as r37587.
@nmap-bot nmap-bot closed this in 504e9d7 Feb 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nnposter nnposter

Labels
Ncat enhancement have code
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@nnposter
You can’t perform that action at this time.