[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
user/2436: nc(1) reports wrong error message
- To: gnats@openbsd.org
- Subject: user/2436: nc(1) reports wrong error message
- From: Alexander Yurchenko <grange@rt.mipt.ru>
- Date: Tue, 26 Feb 2002 21:54:15 +0300 (MSK)
- Resent-Date: Tue, 26 Feb 2002 12:00:04 -0700 (MST)
- Resent-From: gnats@cvs.openbsd.org (GNATS Management)
- Resent-Message-Id: <200202261900.g1QJ04ZZ014546@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org,Alexander Yurchenko <grange@rt.mipt.ru>
- Resent-To: bugs@cvs.openbsd.org
>Number: 2436
>Category: user
>Synopsis: nc(1) reports wrong error message
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bugs
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Feb 26 12:00:03 MST 2002
>Last-Modified:
>Originator: Alexander Yurchenko
>Organization:
>Release: 3.0-current
>Environment:
System : OpenBSD 3.0-current
Architecture: OpenBSD.i386
Machine : i386
>Description:
An experiment:
$ nc -l 555
nc: Bad file descriptor
I think the real reason of the failure is that non-root process can't bind
privileged port and isn't that something's wrong with file descriptor.
The problem is here:
netcat.c:408
if (bind(s, (struct sockaddr *)res0->ai_addr,
res0->ai_addrlen) == 0)
break;
close(s);
s = -1;
} while ((res0 = res0->ai_next) != NULL);
if (!uflag) {
if (listen(s, 1) < 0)
errx(1, "%s", strerror(errno));
}
If bind() fails socket will be -1 and then listen() will be called with
wittingly bad file descriptor.
>How-To-Repeat:
Run as non-root
nc -l 555
>Fix:
Index: src/usr.bin/nc/netcat.c
===================================================================
RCS file: /home/cvsup/OpenBSD/src/usr.bin/nc/netcat.c,v
retrieving revision 1.45
diff -u -r1.45 netcat.c
--- src/usr.bin/nc/netcat.c 19 Feb 2002 22:42:04 -0000 1.45
+++ src/usr.bin/nc/netcat.c 26 Feb 2002 12:37:56 -0000
@@ -506,7 +506,7 @@
s = -1;
} while ((res0 = res0->ai_next) != NULL);
- if (!uflag) {
+ if (!uflag && s != -1) {
if (listen(s, 1) < 0)
errx(1, "%s", strerror(errno));
}
After patch applied:
$ nc -l 555
nc: Permission denied
That's more presice error message IMHO.
>Audit-Trail:
>Unformatted: