summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* netcat: drop caddr_t cast. It's not needed and not portable.tb2024-11-021-2/+2
| | | | From Jonas 'Sortie' Termansen
* Remove bogus connect(s, NULL, 0) calltb2024-08-051-5/+1
| | | | | | | | | | | | The only thing it does is error because of a check added in sockargs() in uipc_syscalls r1.155. As guenther pointed out, this may have been added because of a misreading of the last sentence of the first paragraph of the connect(2) manual. Instead of erroring, this will keep listening if -k is given and otherwise it will close the socket and exit with success. ok guenther jeremy
* nc(1): remove useless function pointer dereferencingjan2024-08-021-2/+2
| | | | ok tb@
* Mention that port can be specified as 0 in some situations, so that thederaadt2024-04-011-2/+3
| | | | system will allocate a port.
* netcat: avoid issuing syscalls on fd -1tb2023-08-141-3/+9
| | | | | | | | | | | In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes https://github.com/libressl/openbsd/issues/143 "looks right" deraadt
* ugly white spacederaadt2023-01-041-2/+2
|
* nc: skip connection info on failed or skipped udptest()tb2022-12-181-5/+8
| | | | | | | In udp mode, nc would always print that the connected succeeded independently of whether that was actually the case. Don't do that. idea/ok mpf
* nc: do not test the connection in non-interactive modetb2022-12-181-1/+5
| | | | | | | | The connection test writes four X to the socket, which corrupts data that we may want to pipe into nc. So don't do that if stdin is not a tty but still do it in scan mode, this is needed according to chris. based on a diff by and ok mpf
* nc: clean up and simplify connection_infO()tb2022-12-181-7/+7
| | | | ok mpf as part of a larger diff
* nc: pass protocol name to connection_info()tb2022-12-181-7/+9
| | | | Avoids repeated use of ternary operator on globals.
* nc: factor printing of connection info into a functiontb2022-12-181-25/+28
| | | | | | | This simply moves a chunk of code in this spaghetti mess into its own function with minimal changes. idea from a diff by mpf
* Replace archaic \*(Lt and \*(Gt by plain < and >, respectively,schwarze2022-09-111-7/+7
| | | | | because these inspire devotion to cargo cult in developers. Cleanup suggested by kn@.
* do not refuse valid IPv6 addresses in -X connect (HTTP CONNECT proxy)djm2022-06-081-2/+2
| | | | support. Identified by Wilmer van der Gaast, ok millert@
* KNF, mostly whitespace - no binary change on amd64tb2022-06-081-22/+19
|
* Change the error reporting pattern throughout the tree when unveilbeck2021-07-121-9/+9
| | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* Standardize argument naming for "sourceaddr" and unify the wording a bit,schwarze2020-02-122-10/+9
| | | | similar to what deraadt@ recently did in other manual pages.
* revert previous nc loop refactor from 1.211, breaks bluhm's stuffbeck2020-01-261-64/+36
| | | | will attempt again later, now that there is new regress
* If the client provides a TLS certificate and the user specifies abluhm2020-01-071-5/+6
| | | | | | | | | | hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@
* The unveil(2) for nc -U -u -l was wrong. The server cannot unveilbluhm2020-01-061-4/+23
| | | | | | | the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@
* When using UNIX domain sockets, always call report_sock() with thebluhm2020-01-061-6/+10
| | | | | | path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@
* fail to usage if extra argv are presentderaadt2019-11-171-8/+4
| | | | noticed by jsing and beck, ok tedu
* refactor the nc pool loop to not shut down the socket early, andbeck2019-11-131-36/+64
| | | | | | | to handle tls_shutdown correctly if using TLS, doing tls_shutdown correctly if we are using the -N flag ok sthen@
* Fix an out of bound read/write when using a proxy.millert2019-11-042-11/+21
| | | | From Lucas AT sexy DOT is. OK job@ kn@
* Service names are still resolved with -nkn2019-10-241-4/+4
| | | | | | | | | Just like pfctl(8)'s -N, this flag only avoid DNS; "nc -vz ::1 socks" still works. Fix documentation by copying pfctl's wording. OK deraadt
* Print IP address in verbose modejob2019-10-241-12/+34
| | | | OK kn@
* Revert previous, which works for -N case but causes regress failuresbeck2019-10-231-18/+1
| | | | | | | for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
* Fix -N flag to actually shut down the (entire) socket when the inputbeck2019-10-171-1/+18
| | | | | | | | | | | | | goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* Make proxy auth work with http 1.1 speaking webservers.benno2019-07-291-2/+3
| | | | | Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks. ok deraadt@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-3/+3
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-16/+16
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Revert back previous commit and stop including strings.hmestre2019-01-102-9/+7
| | | | | | | Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
* Include strings.h for bzero in usr.bin/ncinoguchi2019-01-092-2/+4
| | | | | | bzero is defined in strings.h. ok deraadt@
* too many words in previous;jmc2018-12-271-2/+2
|
* port ranges can be ambiguous with hypenated port-names.tedu2018-12-272-6/+7
| | | | | | specify that ranges must be numeric, and only check for range if first argument is a digit. identified by danj, fix suggest by sthen
* update for libtls default cert changes.tedu2018-11-291-5/+6
| | | | bonus: this exposed a few missing const qualifiers.
* In verbose mode netcat reports to stderr when the listen systembluhm2018-11-091-16/+29
| | | | | | call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-3/+2
| | | | ok beck@ bluhm@ tb@
* show what went wrong with a unix domain socket, rather than fail silentlydlg2018-10-261-2/+4
| | | | | | handy if you type the path wrong or don't have permission... ok deraadt@
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* -T applies to ip6 too, apparently;jmc2018-09-251-4/+4
| | | | from nan xiao
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* spelling;jmc2018-08-171-2/+2
|
* Make the wording more concise, use the imperative throughout, stateschwarze2018-08-171-108/+126
| | | | | | | more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@