From 56f3573609ab6c5fd0621eb1537efe25cb1bf911 Mon Sep 17 00:00:00 2001 From: dmiller Date: Sat, 30 Jul 2016 00:13:18 +0000 Subject: [PATCH] Fix interaction of --ssl --exec --max-conns --- CHANGELOG | 4 ++++ ncat/ncat_listen.c | 13 ++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index d3147862e..50bc1f338 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl + and --max-conns, due to improper accounting of file descriptors. [Daniel + Miller] + o FTP Bounce scan: improved some edge cases like anonymous login without password, 500 errors used to indicate port closed, and timeouts for LIST command. Also fixed a 1-byte array overrun (read) when checking for diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c index 6085965c3..3a252a5b5 100644 --- a/ncat/ncat_listen.c +++ b/ncat/ncat_listen.c @@ -532,6 +532,14 @@ static void post_handle_connection(struct fdinfo sinfo) * to our descriptor list or set. */ if (o.cmdexec) { +#ifdef HAVE_OPENSSL + /* We added this in handle_connection, but at this point the ssl + * connection has taken over. Stop tracking. + */ + if (o.ssl) { + rm_fd(&client_fdlist, sinfo.fd); + } +#endif if (o.keepopen) netrun(&sinfo, o.cmdexec); else @@ -546,10 +554,13 @@ static void post_handle_connection(struct fdinfo sinfo) /* add it to our list of fds for maintaining maxfd */ #ifdef HAVE_OPENSSL /* Don't add it twice (see handle_connection above) */ - if (!o.ssl) + if (!o.ssl) { #endif if (add_fdinfo(&client_fdlist, &sinfo) < 0) bye("add_fdinfo() failed."); +#ifdef HAVE_OPENSSL + } +#endif } FD_SET(sinfo.fd, &master_broadcastfds); if (add_fdinfo(&broadcast_fdlist, &sinfo) < 0)