summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc/netcat.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* netcat: drop caddr_t cast. It's not needed and not portable.tb2024-11-021-2/+2
| | | | From Jonas 'Sortie' Termansen
* Remove bogus connect(s, NULL, 0) calltb2024-08-051-5/+1
| | | | | | | | | | | | The only thing it does is error because of a check added in sockargs() in uipc_syscalls r1.155. As guenther pointed out, this may have been added because of a misreading of the last sentence of the first paragraph of the connect(2) manual. Instead of erroring, this will keep listening if -k is given and otherwise it will close the socket and exit with success. ok guenther jeremy
* nc(1): remove useless function pointer dereferencingjan2024-08-021-2/+2
| | | | ok tb@
* netcat: avoid issuing syscalls on fd -1tb2023-08-141-3/+9
| | | | | | | | | | | In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes https://github.com/libressl/openbsd/issues/143 "looks right" deraadt
* ugly white spacederaadt2023-01-041-2/+2
|
* nc: skip connection info on failed or skipped udptest()tb2022-12-181-5/+8
| | | | | | | In udp mode, nc would always print that the connected succeeded independently of whether that was actually the case. Don't do that. idea/ok mpf
* nc: do not test the connection in non-interactive modetb2022-12-181-1/+5
| | | | | | | | The connection test writes four X to the socket, which corrupts data that we may want to pipe into nc. So don't do that if stdin is not a tty but still do it in scan mode, this is needed according to chris. based on a diff by and ok mpf
* nc: clean up and simplify connection_infO()tb2022-12-181-7/+7
| | | | ok mpf as part of a larger diff
* nc: pass protocol name to connection_info()tb2022-12-181-7/+9
| | | | Avoids repeated use of ternary operator on globals.
* nc: factor printing of connection info into a functiontb2022-12-181-25/+28
| | | | | | | This simply moves a chunk of code in this spaghetti mess into its own function with minimal changes. idea from a diff by mpf
* KNF, mostly whitespace - no binary change on amd64tb2022-06-081-22/+19
|
* Change the error reporting pattern throughout the tree when unveilbeck2021-07-121-9/+9
| | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
* Standardize argument naming for "sourceaddr" and unify the wording a bit,schwarze2020-02-121-3/+3
| | | | similar to what deraadt@ recently did in other manual pages.
* revert previous nc loop refactor from 1.211, breaks bluhm's stuffbeck2020-01-261-64/+36
| | | | will attempt again later, now that there is new regress
* If the client provides a TLS certificate and the user specifies abluhm2020-01-071-5/+6
| | | | | | | | | | hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@
* The unveil(2) for nc -U -u -l was wrong. The server cannot unveilbluhm2020-01-061-4/+23
| | | | | | | the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@
* When using UNIX domain sockets, always call report_sock() with thebluhm2020-01-061-6/+10
| | | | | | path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@
* fail to usage if extra argv are presentderaadt2019-11-171-8/+4
| | | | noticed by jsing and beck, ok tedu
* refactor the nc pool loop to not shut down the socket early, andbeck2019-11-131-36/+64
| | | | | | | to handle tls_shutdown correctly if using TLS, doing tls_shutdown correctly if we are using the -N flag ok sthen@
* Fix an out of bound read/write when using a proxy.millert2019-11-041-8/+18
| | | | From Lucas AT sexy DOT is. OK job@ kn@
* Print IP address in verbose modejob2019-10-241-12/+34
| | | | OK kn@
* Revert previous, which works for -N case but causes regress failuresbeck2019-10-231-18/+1
| | | | | | | for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
* Fix -N flag to actually shut down the (entire) socket when the inputbeck2019-10-171-1/+18
| | | | | | | | | | | | | goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-16/+16
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Revert back previous commit and stop including strings.hmestre2019-01-101-6/+5
| | | | | | | Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
* Include strings.h for bzero in usr.bin/ncinoguchi2019-01-091-1/+2
| | | | | | bzero is defined in strings.h. ok deraadt@
* port ranges can be ambiguous with hypenated port-names.tedu2018-12-271-2/+3
| | | | | | specify that ranges must be numeric, and only check for range if first argument is a digit. identified by danj, fix suggest by sthen
* update for libtls default cert changes.tedu2018-11-291-5/+6
| | | | bonus: this exposed a few missing const qualifiers.
* In verbose mode netcat reports to stderr when the listen systembluhm2018-11-091-16/+29
| | | | | | call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-3/+2
| | | | ok beck@ bluhm@ tb@
* show what went wrong with a unix domain socket, rather than fail silentlydlg2018-10-261-2/+4
| | | | | | handy if you type the path wrong or don't have permission... ok deraadt@
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-281-33/+47
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
* Add a "-T tlscompat" option to nc(1), which enables the use of all TLSjsing2017-07-151-3/+8
| | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
* Continue the flattening of the pledge logic started in r1.184 and placetb2017-06-111-8/+8
| | | | | | a blank space somewhere else. suggested by and ok jsing
* Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace andtb2017-06-111-33/+35
| | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
* If -P and -c were given, a second pledge call tried to add "rpath" to thetb2017-06-101-8/+5
| | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
* Fix gcc warnings triggered by WARNINGS=yes.bluhm2017-05-261-9/+9
| | | | OK florian@
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-101-6/+21
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* - -Z before -z in options listjmc2017-04-051-2/+4
| | | | - add -Z to help and usage()