diff options
Diffstat (limited to 'netcat.c')
| -rw-r--r-- | netcat.c | 82 |
1 files changed, 51 insertions, 31 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.195 2018/10/04 17:04:50 bluhm Exp $ */ +/* $OpenBSD: netcat.c,v 1.203 2019/02/26 17:32:47 jsing Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -42,6 +42,7 @@ #include <netinet/ip.h> #include <arpa/telnet.h> +#include <ctype.h> #include <err.h> #include <errno.h> #include <limits.h> @@ -66,7 +67,6 @@ #define POLL_NETIN 2 #define POLL_STDOUT 3 #define BUFSIZE 16384 -#define DEFAULT_CA_FILE "/etc/ssl/cert.pem" #define TLS_NOVERIFY (1 << 1) #define TLS_NONAME (1 << 2) @@ -98,10 +98,10 @@ int Tflag = -1; /* IP Type of Service */ int rtableid = -1; int usetls; /* use TLS */ -char *Cflag; /* Public cert file */ -char *Kflag; /* Private key file */ -char *oflag; /* OCSP stapling file */ -char *Rflag = DEFAULT_CA_FILE; /* Root CA file */ +const char *Cflag; /* Public cert file */ +const char *Kflag; /* Private key file */ +const char *oflag; /* OCSP stapling file */ +const char *Rflag; /* Root CA file */ int tls_cachanged; /* Using non-default CA file */ int TLSopt; /* TLS options */ char *tls_expectname; /* required name in peer cert */ @@ -138,7 +138,7 @@ void set_common_sockopts(int, int); int process_tos_opt(char *, int *); int process_tls_opt(char *, int *); void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); -void report_connect(const struct sockaddr *, socklen_t, char *); +void report_sock(const char *, const struct sockaddr *, socklen_t, char *); void report_tls(struct tls *tls_ctx, char * host); void usage(int); ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); @@ -168,6 +168,7 @@ main(int argc, char *argv[]) host = NULL; uport = NULL; sv = NULL; + Rflag = tls_default_ca_cert_file(); signal(SIGPIPE, SIG_IGN); @@ -597,7 +598,8 @@ main(int argc, char *argv[]) err(1, "connect"); if (vflag) - report_connect((struct sockaddr *)&z, len, NULL); + report_sock("Connection received", + (struct sockaddr *)&z, len, NULL); readwrite(s, NULL); } else { @@ -612,7 +614,8 @@ main(int argc, char *argv[]) err(1, "accept"); } if (vflag) - report_connect((struct sockaddr *)&cliaddr, len, + report_sock("Connection received", + (struct sockaddr *)&cliaddr, len, family == AF_UNIX ? host : NULL); if ((usetls) && (tls_cctx = tls_setup_server(tls_ctx, connfd, host))) @@ -639,8 +642,10 @@ main(int argc, char *argv[]) if (!zflag) readwrite(s, NULL); close(s); - } else + } else { + warn("%s", host); ret = 1; + } if (uflag) unlink(unix_dg_tmp_socket); @@ -753,6 +758,8 @@ unix_bind(char *path, int flags) errno = save_errno; return -1; } + if (vflag) + report_sock("Bound", NULL, 0, path); return s; } @@ -889,13 +896,16 @@ int unix_listen(char *path) { int s; + if ((s = unix_bind(path, 0)) < 0) return -1; - if (listen(s, 5) < 0) { close(s); return -1; } + if (vflag) + report_sock("Listening", NULL, 0, path); + return s; } @@ -1036,6 +1046,16 @@ local_listen(const char *host, const char *port, struct addrinfo hints) if (listen(s, 1) < 0) err(1, "listen"); } + if (vflag && s != -1) { + struct sockaddr_storage ss; + socklen_t len; + + len = sizeof(ss); + if (getsockname(s, (struct sockaddr *)&ss, &len) == -1) + err(1, "getsockname"); + report_sock(uflag ? "Bound" : "Listening", + (struct sockaddr *)&ss, len, NULL); + } freeaddrinfo(res0); @@ -1247,9 +1267,11 @@ drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) ssize_t n; ssize_t adjust; - if (tls) + if (tls) { n = tls_write(tls, buf, *bufpos); - else { + if (n == -1) + errx(1, "tls write failed (%s)", tls_error(tls)); + } else { n = write(fd, buf, *bufpos); /* don't treat EAGAIN, EINTR as error */ if (n == -1 && (errno == EAGAIN || errno == EINTR)) @@ -1271,9 +1293,11 @@ fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) size_t num = BUFSIZE - *bufpos; ssize_t n; - if (tls) + if (tls) { n = tls_read(tls, buf + *bufpos, num); - else { + if (n == -1) + errx(1, "tls read failed (%s)", tls_error(tls)); + } else { n = read(fd, buf + *bufpos, num); /* don't treat EAGAIN, EINTR as error */ if (n == -1 && (errno == EAGAIN || errno == EINTR)) @@ -1307,9 +1331,9 @@ fdpass(int nfd) if (isatty(STDOUT_FILENO)) errx(1, "Cannot pass file descriptor to tty"); - bzero(&mh, sizeof(mh)); - bzero(&cmsgbuf, sizeof(cmsgbuf)); - bzero(&iov, sizeof(iov)); + memset(&mh, 0, sizeof(mh)); + memset(&cmsgbuf, 0, sizeof(cmsgbuf)); + memset(&iov, 0, sizeof(iov)); mh.msg_control = (caddr_t)&cmsgbuf.buf; mh.msg_controllen = sizeof(cmsgbuf.buf); @@ -1324,7 +1348,7 @@ fdpass(int nfd) mh.msg_iov = &iov; mh.msg_iovlen = 1; - bzero(&pfd, sizeof(pfd)); + memset(&pfd, 0, sizeof(pfd)); pfd.fd = STDOUT_FILENO; pfd.events = POLLOUT; for (;;) { @@ -1408,7 +1432,7 @@ build_ports(char *p) int hi, lo, cp; int x = 0; - if ((n = strchr(p, '-')) != NULL) { + if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { *n = '\0'; n++; @@ -1688,34 +1712,30 @@ report_tls(struct tls * tls_ctx, char * host) } void -report_connect(const struct sockaddr *sa, socklen_t salen, char *path) +report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, + char *path) { - char remote_host[NI_MAXHOST]; - char remote_port[NI_MAXSERV]; + char host[NI_MAXHOST], port[NI_MAXSERV]; int herr; int flags = NI_NUMERICSERV; if (path != NULL) { - fprintf(stderr, "Connection on %s received!\n", path); + fprintf(stderr, "%s on %s\n", msg, path); return; } if (nflag) flags |= NI_NUMERICHOST; - if ((herr = getnameinfo(sa, salen, - remote_host, sizeof(remote_host), - remote_port, sizeof(remote_port), - flags)) != 0) { + if ((herr = getnameinfo(sa, salen, host, sizeof(host), + port, sizeof(port), flags)) != 0) { if (herr == EAI_SYSTEM) err(1, "getnameinfo"); else errx(1, "getnameinfo: %s", gai_strerror(herr)); } - fprintf(stderr, - "Connection from %s %s " - "received!\n", remote_host, remote_port); + fprintf(stderr, "%s on %s %s\n", msg, host, port); } void |