ncat not work with --proxy at version 7.90, 7.91

[Phuker]

Describe the bug
ncat not work with --proxy at version 7.90, 7.91. The old version 7.80 is OK.

To Reproduce
I'm using a Windows machine, run ssh, just to create a test socks5 proxy.

ssh -D 1080 -NTv root@example.com

Unzip nmap-7.91-win32.zip, then run

.\ncat.exe --proxy 127.0.0.1:1080 --proxy-type socks5 -vv github.com 22

ssh output contains:

debug1: channel 2: free: direct-tcpip: listening port 1080 for github.com port 22, connect from 127.0.0.1 port 10301 to 127.0.0.1 port 1080, nchannels 3

ncat just output this, and exit:

Ncat: Version 7.91 ( https://nmap.org/ncat )
NCAT DEBUG: Using trusted CA certificates from D:\nmap.7.91.buggy\ca-bundle.crt.
Ncat: Connected to proxy 127.0.0.1:1080
Ncat: No authentication needed.
Ncat: Host github.com will be resolved by the proxy.
Ncat: connection succeeded.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
Ncat: 0 bytes sent, 0 bytes received in 0.15 seconds.
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #1)
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #2)

Expected behavior

Output this and wait user input:

SSH-2.0-xxxxxx-xxxxxx

Version info (please complete the following information):

• OS: Windows 10 LTSC
• Output of ncat --version: Ncat: Version 7.91 ( https://nmap.org/ncat )

Additional context
None.

[nnposter]

FWIW, the result of bisecting the commits points to r37944 (0d613e3).
I was able to recover from the bug by adding back the previously removed call to post_connect:

--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1138,6 +1138,7 @@
         /* Create IOD for nsp->stdin */
         if ((cs.stdin_nsi = nsock_iod_new2(mypool, 0, NULL)) == NULL)
             bye("Failed to create stdin nsiod.");
+        post_connect(mypool, cs.sock_nsi);
     }
 
     /* connect */

However, TLS over proxy does not work.
I am not familiar with this area of the code so I cannot help with troubleshooting it further.

[mlashley]

I can confirm the same issue on 7.91 on Linux(Gentoo). i.e. the following works in 7.80 but not in 7.91:
ssh -o ProxyCommand='ncat --proxy <sockshost:port> --proxy-type socks5 %h %p' me@inside.host
Patching in the single line identified by @nnposter above - does indeed get ssh-over-socks5 working again.

[amaranthius]

I can confirm the same issue on MacOS Big Sur (v11.0.1). Reverting to 7.80 didn't work either since it results in this issue.

[dmiller-nmap]

post_connect() is called in connect_handler in the SSL case, which is what I was testing with. I neglected to test the non-SSL case, apparently. Fix incoming.

[yyy]

When will the fix for this be released? Do I understand correctly that right now there's no working way to proxy SSH over SOCKS5 with authentication on Big Sur? Old Ncap versions don't work because of #2079. New Ncap versions have this issue.

Is there a workaround other than manually compiling latest sources? Thank you.

[Un1Gfn]

Arch Linux - same issue - 7.91

workaround - use nc from openbsd @yyy

[hayden-pan]

Now it works fine after update to 7.92

[hayden-pan]

Now it works fine after update to 7.92