diff options
| author | tb <> | 2023-08-14 08:07:27 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-14 08:07:27 +0000 |
| commit | d4ac55108c9f22e6e0e39bafa7fcbc1e00289aed (patch) | |
| tree | 7e89c60ea4653a514eb973f7264048ef097a4bec /src | |
| parent | 07d7f4adf74c0400d4df305a728d0afa0ed26537 (diff) | |
| download | openbsd-d4ac55108c9f22e6e0e39bafa7fcbc1e00289aed.tar.gz openbsd-d4ac55108c9f22e6e0e39bafa7fcbc1e00289aed.tar.bz2 openbsd-d4ac55108c9f22e6e0e39bafa7fcbc1e00289aed.zip | |
netcat: avoid issuing syscalls on fd -1
In case a socket error condition occurs, readwrite() invalidates the
corresponding fd. Later on, readwrite() may still issue a syscall on
it. Avoid that by adding a couple of checks for fd == -1.
Reported and fix suggested by Leah Neukirchen.
Fixes https://github.com/libressl/openbsd/issues/143
"looks right" deraadt
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index c8f1cdd9f7..54ddd0ffcc 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.225 2023/01/04 12:53:38 deraadt Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.226 2023/08/14 08:07:27 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -1177,7 +1177,7 @@ readwrite(int net_fd, struct tls *tls_ctx) | |||
| 1177 | pfd[POLL_NETIN].fd = -1; | 1177 | pfd[POLL_NETIN].fd = -1; |
| 1178 | 1178 | ||
| 1179 | if (pfd[POLL_NETOUT].revents & POLLHUP) { | 1179 | if (pfd[POLL_NETOUT].revents & POLLHUP) { |
| 1180 | if (Nflag) | 1180 | if (pfd[POLL_NETOUT].fd != -1 && Nflag) |
| 1181 | shutdown(pfd[POLL_NETOUT].fd, SHUT_WR); | 1181 | shutdown(pfd[POLL_NETOUT].fd, SHUT_WR); |
| 1182 | pfd[POLL_NETOUT].fd = -1; | 1182 | pfd[POLL_NETOUT].fd = -1; |
| 1183 | } | 1183 | } |
| @@ -1256,7 +1256,7 @@ readwrite(int net_fd, struct tls *tls_ctx) | |||
| 1256 | if (netinbufpos == BUFSIZE) | 1256 | if (netinbufpos == BUFSIZE) |
| 1257 | pfd[POLL_NETIN].events = 0; | 1257 | pfd[POLL_NETIN].events = 0; |
| 1258 | /* handle telnet */ | 1258 | /* handle telnet */ |
| 1259 | if (tflag) | 1259 | if (pfd[POLL_NETIN].fd != -1 && tflag) |
| 1260 | atelnet(pfd[POLL_NETIN].fd, netinbuf, | 1260 | atelnet(pfd[POLL_NETIN].fd, netinbuf, |
| 1261 | netinbufpos); | 1261 | netinbufpos); |
| 1262 | } | 1262 | } |
| @@ -1297,6 +1297,9 @@ drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) | |||
| 1297 | ssize_t n; | 1297 | ssize_t n; |
| 1298 | ssize_t adjust; | 1298 | ssize_t adjust; |
| 1299 | 1299 | ||
| 1300 | if (fd == -1) | ||
| 1301 | return -1; | ||
| 1302 | |||
| 1300 | if (tls) { | 1303 | if (tls) { |
| 1301 | n = tls_write(tls, buf, *bufpos); | 1304 | n = tls_write(tls, buf, *bufpos); |
| 1302 | if (n == -1) | 1305 | if (n == -1) |
| @@ -1323,6 +1326,9 @@ fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) | |||
| 1323 | size_t num = BUFSIZE - *bufpos; | 1326 | size_t num = BUFSIZE - *bufpos; |
| 1324 | ssize_t n; | 1327 | ssize_t n; |
| 1325 | 1328 | ||
| 1329 | if (fd == -1) | ||
| 1330 | return -1; | ||
| 1331 | |||
| 1326 | if (tls) { | 1332 | if (tls) { |
| 1327 | n = tls_read(tls, buf + *bufpos, num); | 1333 | n = tls_read(tls, buf + *bufpos, num); |
| 1328 | if (n == -1) | 1334 | if (n == -1) |