ncat: close on EOF by default

new --no-terminate option for backward compatibility (#2082270)
2022-05-05 19:49:34 +02:00 · 2022-05-05 19:49:34 +02:00 · 5a4dbdf721
commit 5a4dbdf721
parent 97492c56bb
2 changed files with 122 additions and 1 deletions
--- a/close-on-EOF.patch
+++ b/close-on-EOF.patch
@ -0,0 +1,116 @@
 From c9e091aceaded2d2f82674609d060036ace9d22e Mon Sep 17 00:00:00 2001
 From: Tobias Girstmair <t-nmap@girst.at>
 Date: Sun, 7 Feb 2021 15:49:21 +0100
 Subject: [PATCH] Ncat: match traditional and OpenBSD netcat behaviour of
 terminating on EOF
 Also implements a switch for backwards compatibility with the previous
 behaviour, --no-terminate. Previously discussed at
 https://seclists.org/nmap-dev/2017/q2/94
 Fixes #1779, #894 and #1413.
 ---
 ncat/docs/ncat.xml  | 13 +++++++++++++
 ncat/ncat_connect.c |  8 ++++----
 ncat/ncat_core.c    |  1 +
 ncat/ncat_core.h    |  1 +
 ncat/ncat_main.c    |  2 ++
 5 files changed, 21 insertions(+), 4 deletions(-)
 diff --git a/ncat/docs/ncat.xml b/ncat/docs/ncat.xml
 index 653ae36a2..39c4d587b 100644
 --- a/ncat/docs/ncat.xml
 +++ b/ncat/docs/ncat.xml
@@ -874,6 +874,19 @@
         </listitem>
       </varlistentry>
 +      <varlistentry>
 +        <term>
 +          <option>--no-terminate</option> (Do not terminate on stdin/socket EOF)
 +          <indexterm><primary><option>--no-terminate</option> (Ncat option)</primary></indexterm>
 +        </term>
 +        <listitem>
 +          <para>If this option is passed, Ncat will not terminate when EOF is
 +          seen on the socket or stdin when connected over TCP. This used to be
 +          the default in Ncat in the past, and is provided for
 +          backwards-compatibility.</para>
 +        </listitem>
 +      </varlistentry>
 +
       <varlistentry>
         <term>
           <option>-n</option>,
 diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
 index f59dd4372..dffec9a91 100644
 --- a/ncat/ncat_connect.c
 +++ b/ncat/ncat_connect.c
@@ -1274,8 +1274,8 @@ static void read_stdin_handler(nsock_pool nsp, nsock_event evt, void *data)
     if (status == NSE_STATUS_EOF) {
         if (!o.noshutdown)
             shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR);
 -        /* In --send-only mode or non-TCP mode, exit after EOF on stdin. */
 -        if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly))
 +        /* Unless --no-terminate is specified, exit after EOF on stdin. */
 +        if (o.proto != IPPROTO_TCP || !o.noterminate)
             nsock_loop_quit(nsp);
         return;
     } else if (status == NSE_STATUS_ERROR) {
@@ -1325,8 +1325,8 @@ static void read_socket_handler(nsock_pool nsp, nsock_event evt, void *data)
 #else
         Close(STDOUT_FILENO);
 #endif
 -        /* In --recv-only mode or non-TCP mode, exit after EOF on the socket. */
 -        if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.recvonly))
 +        /* Unless --no-terminate is specified, exit after EOF on the socket. */
 +        if (o.proto != IPPROTO_TCP || !o.noterminate)
             nsock_loop_quit(nsp);
         return;
     } else if (status == NSE_STATUS_ERROR) {
 diff --git a/ncat/ncat_core.c b/ncat/ncat_core.c
 index 7c39e5d36..d5e5d7d68 100644
 --- a/ncat/ncat_core.c
 +++ b/ncat/ncat_core.c
@@ -107,6 +107,7 @@ void options_init(void)
     o.sendonly = 0;
     o.recvonly = 0;
     o.noshutdown = 0;
 +    o.noterminate = 0;
     o.telnet = 0;
     o.linedelay = 0;
     o.chat = 0;
 diff --git a/ncat/ncat_core.h b/ncat/ncat_core.h
 index f03813dc5..9bd751264 100644
 --- a/ncat/ncat_core.h
 +++ b/ncat/ncat_core.h
@@ -111,6 +111,7 @@ struct options {
     int sendonly;
     int recvonly;
     int noshutdown;
 +    int noterminate;
     int telnet;
     int linedelay;
     int chat;
 diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
 index 2792a6ac2..d49398f5f 100644
 --- a/ncat/ncat_main.c
 +++ b/ncat/ncat_main.c
@@ -263,6 +263,7 @@ int main(int argc, char *argv[])
         {"source",          required_argument,  NULL,         's'},
         {"send-only",       no_argument,        &o.sendonly,  1},
         {"no-shutdown",     no_argument,        &o.noshutdown,1},
 +        {"no-terminate",    no_argument,        &o.noterminate,1},
         {"broker",          no_argument,        NULL,         0},
         {"chat",            no_argument,        NULL,         0},
         {"talk",            no_argument,        NULL,         0},
@@ -615,6 +616,7 @@ int main(int argc, char *argv[])
 "      --send-only            Only send data, ignoring received; quit on EOF\n"
 "      --recv-only            Only receive data, never send anything\n"
 "      --no-shutdown          Continue half-duplex when receiving EOF on stdin\n"
 +"      --no-terminate         Do not exit when EOF is received on socket/stdin\n"
 "      --allow                Allow only given hosts to connect to Ncat\n"
 "      --allowfile            A file of hosts allowed to connect to Ncat\n"
 "      --deny                 Deny given hosts from connecting to Ncat\n"
 -- 
 2.35.1
--- a/nmap.spec
+++ b/nmap.spec
@ -7,7 +7,7 @@ Name: nmap
 Epoch: 3
 Version: 7.92
 #global prerelease TEST5
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Network exploration tool and security scanner
 URL: http://nmap.org/
 # Uses combination of licenses based on GPL license, but with extra modification
@ -30,6 +30,7 @@ Patch3: ncat_reg_stdin.diff
 Patch4: nmap-6.25-displayerror.patch
 # https://github.com/nmap/nmap/pull/2247
 Patch7: nmap_resolve_config.patch
 Patch8: close-on-EOF.patch
 BuildRequires: automake make
@ -153,6 +154,10 @@ fi
 %{_mandir}/man1/ncat.1.gz
 %changelog
 * Thu May 05 2022 Martin Osvald <mosvald@redhat.com> - 3:7.92-3
 - ncat: close on EOF by default, new --no-terminate option
  for backward compatibility (#2082270)
 * Tue Feb 22 2022 Martin Osvald <mosvald@redhat.com> - 3:7.92-1
 - New version 7.92