diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-08-14 08:07:28 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-08-14 08:07:28 +0000 |
| commit | 1f8a257c22a2b0011e2ab0767fa1d7f9a6f3ad6d (patch) | |
| tree | 80f1bc75232d6abb64a230f53929aa73a31d8161 /usr.bin/nc | |
| parent | f11fd629ca75013925acad498fcc8574eee31bf5 (diff) | |
netcat: avoid issuing syscalls on fd -1
In case a socket error condition occurs, readwrite() invalidates the
corresponding fd. Later on, readwrite() may still issue a syscall on
it. Avoid that by adding a couple of checks for fd == -1.
Reported and fix suggested by Leah Neukirchen.
Fixes https://github.com/libressl/openbsd/issues/143
"looks right" deraadt
Diffstat (limited to 'usr.bin/nc')
| -rw-r--r-- | usr.bin/nc/netcat.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index c8f1cdd9f75..54ddd0ffccf 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.225 2023/01/04 12:53:38 deraadt Exp $ */ +/* $OpenBSD: netcat.c,v 1.226 2023/08/14 08:07:27 tb Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -1177,7 +1177,7 @@ readwrite(int net_fd, struct tls *tls_ctx) pfd[POLL_NETIN].fd = -1; if (pfd[POLL_NETOUT].revents & POLLHUP) { - if (Nflag) + if (pfd[POLL_NETOUT].fd != -1 && Nflag) shutdown(pfd[POLL_NETOUT].fd, SHUT_WR); pfd[POLL_NETOUT].fd = -1; } @@ -1256,7 +1256,7 @@ readwrite(int net_fd, struct tls *tls_ctx) if (netinbufpos == BUFSIZE) pfd[POLL_NETIN].events = 0; /* handle telnet */ - if (tflag) + if (pfd[POLL_NETIN].fd != -1 && tflag) atelnet(pfd[POLL_NETIN].fd, netinbuf, netinbufpos); } @@ -1297,6 +1297,9 @@ drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) ssize_t n; ssize_t adjust; + if (fd == -1) + return -1; + if (tls) { n = tls_write(tls, buf, *bufpos); if (n == -1) @@ -1323,6 +1326,9 @@ fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) size_t num = BUFSIZE - *bufpos; ssize_t n; + if (fd == -1) + return -1; + if (tls) { n = tls_read(tls, buf + *bufpos, num); if (n == -1) |