Nmap Development mailing list archives
Should Ncat --exec wait for EOF in both directions?
From: David Fifield <david () bamsoftware com>
Date: Mon, 16 Dec 2019 23:01:21 -0700
One of the distinguishing features of Ncat has been that it doesn't stop when only one direction of the connection is finished sending. That is, when it gets an EOF on stdin, it does a shutdown(fd, SHUT_WR) on the socket; and when it gets an EOF on the socket, it closes its stdout; but it doesn't quit until both have happened. (There's a proposal to modify this in client mode, https://seclists.org/nmap-dev/2017/q2/94, but afaik it still works like I described.) But it doesn't work that way with --exec and --sh-exec. The listen-mode Ncat quits exchanging with the child process when there is an EOF on *either* the incoming socket or the child's stdout. This means you cannot, for example, have a server return the md5sum of what the client sends to it: $ ncat -l -k 8000 --sh-exec 'md5sum' $ dd if=/dev/zero bs=1M count=1 status=none | ncat -v 127.0.0.1 8000 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 127.0.0.1:8000. Ncat: 1048576 bytes sent, 0 bytes received in 0.02 seconds. Notice the "0 bytes received" on the connect-mode Ncat. Maybe we need something like the attached (barely tested) patch? With it, the md5sum example works: $ ncat -l -k 8000 --sh-exec 'md5sum' $ dd if=/dev/zero bs=1M count=1 status=none | ncat -v 127.0.0.1 8000 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 127.0.0.1:8000. b6d81b360a5672d80c27430f39153e2c - Ncat: 1048576 bytes sent, 36 bytes received in 0.02 seconds. subprocess_thread_func in ncat_exec_win.c would need similar treatment.
Attachment:
ncat-exec-eof.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Should Ncat --exec wait for EOF in both directions? David Fifield (Dec 16)