| Age | Commit message (Collapse) | Author |
|---|
|
From Jonas 'Sortie' Termansen
|
|
The only thing it does is error because of a check added in sockargs() in
uipc_syscalls r1.155. As guenther pointed out, this may have been added
because of a misreading of the last sentence of the first paragraph of the
connect(2) manual.
Instead of erroring, this will keep listening if -k is given and otherwise
it will close the socket and exit with success.
ok guenther jeremy
|
|
ok tb@
|
|
system will allocate a port.
|
|
In case a socket error condition occurs, readwrite() invalidates the
corresponding fd. Later on, readwrite() may still issue a syscall on
it. Avoid that by adding a couple of checks for fd == -1.
Reported and fix suggested by Leah Neukirchen.
Fixes https://github.com/libressl/openbsd/issues/143
"looks right" deraadt
|
|
|
|
In udp mode, nc would always print that the connected succeeded
independently of whether that was actually the case. Don't do that.
idea/ok mpf
|
|
The connection test writes four X to the socket, which corrupts data
that we may want to pipe into nc. So don't do that if stdin is not a
tty but still do it in scan mode, this is needed according to chris.
based on a diff by and ok mpf
|
|
ok mpf as part of a larger diff
|
|
Avoids repeated use of ternary operator on globals.
|
|
This simply moves a chunk of code in this spaghetti mess into its own
function with minimal changes.
idea from a diff by mpf
|
|
because these inspire devotion to cargo cult in developers.
Cleanup suggested by kn@.
|
|
support. Identified by Wilmer van der Gaast, ok millert@
|
|
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
diff from robert scheck
discussed with and tweaked by sthen
|
|
similar to what deraadt@ recently did in other manual pages.
|
|
will attempt again later, now that there is new regress
|
|
hash value on the nc(1) server command line, the netcat server must
use the TLS context of the accepted socket for verification. As
the listening socket was used instead, the verification was always
successful.
If the peer provides a certificate, there must be a hash. Make the
hash verification fail safe.
OK tb@
|
|
the file system as it has to connect to the UNIX domain client
socket. The path of the latter is determined dynamically. Instead
add a restrictive pledge(2) after connect(2).
OK tb@
|
|
path name of the socket. This avoids bad errors from getnameinfo(3).
Use the same error check for both calls to getnameinfo(3).
OK millert@ tb@
|
|
noticed by jsing and beck, ok tedu
|
|
to handle tls_shutdown correctly if using TLS, doing tls_shutdown
correctly if we are using the -N flag
ok sthen@
|
|
From Lucas AT sexy DOT is. OK job@ kn@
|
|
Just like pfctl(8)'s -N, this flag only avoid DNS;
"nc -vz ::1 socks" still works.
Fix documentation by copying pfctl's wording.
OK deraadt
|
|
OK kn@
|
|
for tls, since the socket is shut down without calling tls_close().
Since nc appears to have a problem with this in other shutdown() cases
I am simply going to bake a new diff for this.
noticed by bluhm@.
|
|
goes away. This allows for using nc in cases where the network server
will no longer expect anything after eof, instead of hanging waiting
for more input from our end.
Additionaly, shut down if tls is in use if either side of the socket
goes away, since we higher level TLS operations (tls_read and write)
will require the socket to be both readable and writable as we can
get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation.
deraadt@ buying it. found by sthen@
|
|
to misread.
as per suggestion by and OK deraadt@
|
|
Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks.
ok deraadt@
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
ok millert nicm tb, etc
|
|
Otherwise a TLS error (for example the remote end sent a fatal alert) is
silently ignored.
ok bluhm@ tb@
|
|
Use memset(3) instead of bzero(3) since POSIX recommends using the former and
because it's also more portable (conforms to ANSI C standard)
OK tedu@ tb@
|
|
bzero is defined in strings.h.
ok deraadt@
|
|
|
|
specify that ranges must be numeric, and only check for range if
first argument is a digit.
identified by danj, fix suggest by sthen
|
|
bonus: this exposed a few missing const qualifiers.
|
|
call has finished. This allows to write race free scripts as they
can check that the server is up and running.
OK sthen@ tb@
|
|
ok beck@ bluhm@ tb@
|
|
handy if you type the path wrong or don't have permission...
ok deraadt@
|
|
tls_free(3) directly after close(2) to catch all cases.
based on a patch from Nan Xiao; OK tb@ deraadt@
|
|
from nan xiao
|
|
consistent to remote_connect() and getaddrinfo(3).
from Nan Xiao
|
|
from Nan Xiao; OK tb@
|
|
|
|
more precisely which options require which other options, add many
missing incompatibilities, mention the default for -e, and some
macro cleanup.
OK jmc@ tb@
|
|
different unveils. Joint work with beck and florian.
Let us know if you hit any corner cases.
|
|
in preparation for pledgepath
ok deraadt@
|
