portable ncat 6.47 or 6.49BETA4 doesn't work with --ssl switch

[pkreuzt]

Statically built ncat fails to manage input from network when --ssl switch is active. For example:

C:\nmap-6.47\ncat\Release>ncat.exe 10.0.2.2 8888 --ssl -vvv -e cmd.exe
Ncat: Version 6.47 ( http://nmap.org/ncat )
NCAT DEBUG: Not doing certificate verification.
libnsock nsi_new2(): nsi_new (IOD #1)
libnsock nsock_connect_ssl(): SSL connection requested to 10.0.2.2:8888/tcp (IOD #1) EID 9
libnsock nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9 [10.0.2.2:8888]
Ncat: SSL connection to 10.0.2.2:8888.
Ncat: SHA-1 fingerprint: DBF1 C72E C572 1B5E 6AA1 942C F3D9 FAA1 6710 752D
libnsock nsi_new2(): nsi_new (IOD #2)
NCAT DEBUG: Executing: cmd.exe
NCAT DEBUG: Creating named pipe ".\pipe\ncat-2340-0"
NCAT DEBUG: Register subprocess 00000168 at index 0.

----------------- other side sent command here -----------------

NCAT DEBUG: Unregister subprocess 00000168 from index 0.
NCAT DEBUG: Subprocess still running, terminating it.
NCAT DEBUG: Subprocess ended with exit code 0.

Command is not executed and connection is dropped aparently with no error message. When executing the same sequence without --ssl switch it works as expected.

[dmiller-nmap]

Possibly related: http://seclists.org/nmap-dev/2015/q4/58

[Varunram]

Another report by Olivia Nelson:

Server

# ./ncat.linux -l -p 8888 --ssl -vv
Ncat: Version 7.40 ( https://nmap.org/ncat )
Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and
--ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: CC5E 8A28 A19F 9254 2BC5 869C DFDC 47C0 D566 4D87
Ncat: Listening on :::8888
Ncat: Listening on 0.0.0.0:8888
Ncat: Connection from 172.16.177.30.
Ncat: Connection from 172.16.177.30:49180.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

x:\>dir
NCAT DEBUG: Closing connection.

Client

x:>ncat 172.16.177.200 8888 -e cmd --ssl -vv
Ncat: Version 7.40 ( https://nmap.org/ncat )
NCAT DEBUG: Using trusted CA certificates from x:\ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from x:\ca-bundle.cr
t: error:02001002:system library:fopen:No such file or directory
NCAT DEBUG: Not doing certificate verification.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_ssl(): SSL connection requested to 172.16.177.200:8888/tc
p (IOD #1) EID 9
Ncat: Subject: CN=localhost
Ncat: Issuer: CN=localhost
Ncat: SHA-1 fingerprint: CC5E 8A28 A19F 9254 2BC5 869C DFDC 47C0 D566 4D87
Ncat: Certificate verification failed (self signed certificate).
libnsock nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9
 [172.16.177.200:8888]
Ncat: SSL connection to 172.16.177.200:8888.
Ncat: SHA-1 fingerprint: CC5E 8A28 A19F 9254 2BC5 869C DFDC 47C0 D566 4D87
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
NCAT DEBUG: Executing: cmd
NCAT DEBUG: Terminating subprocesses

[pkreuzt]

Bug still present in ncat version 7.50. Patch from ac8b866 doesn't solve the problem.

[nicholashoule]

Fedora release 29 (Twenty Nine)
Ncat: Version 7.70

Ncat: Version 7.70 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
NCAT DEBUG: Not doing certificate verification.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_ssl(): SSL connection requested to 172.217.2.14:443/tcp (IOD #1) EID 9
libnsock nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9 [172.217.2.14:443]
Ncat: SSL connection to 172.217.2.14:443. Google LLC
Ncat: SHA-1 fingerprint: C847 466B 7BBB D0D4 A31C E97A 4074 9ECC BAFA 5EC0
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
libnsock nsock_read(): Read request from IOD #1 [172.217.2.14:443] (timeout: -1ms) EID 18
libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 26