summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc/netcat.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-16/+16
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Revert back previous commit and stop including strings.hmestre2019-01-101-6/+5
| | | | | | | Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
* Include strings.h for bzero in usr.bin/ncinoguchi2019-01-091-1/+2
| | | | | | bzero is defined in strings.h. ok deraadt@
* port ranges can be ambiguous with hypenated port-names.tedu2018-12-271-2/+3
| | | | | | specify that ranges must be numeric, and only check for range if first argument is a digit. identified by danj, fix suggest by sthen
* update for libtls default cert changes.tedu2018-11-291-5/+6
| | | | bonus: this exposed a few missing const qualifiers.
* In verbose mode netcat reports to stderr when the listen systembluhm2018-11-091-16/+29
| | | | | | call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-3/+2
| | | | ok beck@ bluhm@ tb@
* show what went wrong with a unix domain socket, rather than fail silentlydlg2018-10-261-2/+4
| | | | | | handy if you type the path wrong or don't have permission... ok deraadt@
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-281-33/+47
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
* Add a "-T tlscompat" option to nc(1), which enables the use of all TLSjsing2017-07-151-3/+8
| | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
* Continue the flattening of the pledge logic started in r1.184 and placetb2017-06-111-8/+8
| | | | | | a blank space somewhere else. suggested by and ok jsing
* Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace andtb2017-06-111-33/+35
| | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
* If -P and -c were given, a second pledge call tried to add "rpath" to thetb2017-06-101-8/+5
| | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
* Fix gcc warnings triggered by WARNINGS=yes.bluhm2017-05-261-9/+9
| | | | OK florian@
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-101-6/+21
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* - -Z before -z in options listjmc2017-04-051-2/+4
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-051-2/+32
| | | | | with -Z ok jsing@
* The netcat server did not print the correct TLS error message ifbluhm2017-03-091-2/+2
| | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
* When netcat was started with -Uz, the exit status was always 1. Ifbluhm2017-02-091-3/+4
| | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)mestre2016-11-301-3/+6
| | | | | | and bail out in case of failure Feedback and OK jsing@
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-061-4/+4
| | | | ok jsing@
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-051-3/+6
|
* Add support for server side OCSP stapling to libtls.beck2016-11-051-2/+10
| | | | Add support for server side OCSP stapling to netcat.
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-041-1/+5
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* Add OCSP client side support to libtls.beck2016-11-021-1/+37
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* squash some possibly-used-uninitialized warningsbcook2016-09-031-3/+3
|
* Let libtls load the CA, certificate and key files for nc(1), now that itjsing2016-08-131-22/+15
| | | | | | does this at the time the tls_config_set_*_file() function is called. ok bluhm@
* use the style from the man page examples for getaddrinfo, which makes ahalex2016-07-301-21/+19
| | | | | | bit more sense ok jung@ deraadt@
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* Revert previous since the libtls change has been reverted.jsing2016-07-071-16/+24
|
* Remove manual file loading (now that libtls does this for us) and adjustjsing2016-07-061-24/+16
| | | | | pledge to match. Also use tls_config_error() to provide friendlier error messages.
* Simplify IP proto-specific sockopt error handling.bcook2016-07-011-34/+26
| | | | | | | This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@
* Add -M and -m options to specify the outgoing and incoming minimum TTLjca2016-06-281-7/+43
| | | | Req by and ok blumh@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-14 00:14:48 +0000