Bug 1436402

Summary: nc from nmap ncat crash if ipv6 disabled
Product: Red Hat Enterprise Linux 7 Reporter: Paulo Andrade <pandrade>
Component: nmapAssignee: Pavel Zhukov <pzhukov>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: medium Docs Contact:
Priority: high    
Version: 7.3CC: jaster, ksrot, omoris, pzhukov, thozza
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nmap-6.40-13.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 08:36:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1460249    
Bug Blocks: 1420851, 1465887, 1465928    

Description Paulo Andrade 2017-03-27 20:52:50 UTC 
The crash always happen due to to nmap-6.40-allresolve.patch
but can be made to crash without the patch by passing "-6" in
the command line, so the patch is not really wrong, just exposes
the issue.

  Steps to reproduce:
1. Boot with "ipv6.disable=1" as kernel parameter
2. Run "nc -6 localhost"

Adding -6 just for it to not try ipv4 before.

  Expectd output would be the same as:

$ nc -4 localhost
Ncat: Connection refused.

but what happens is:

$ nc -6 localhost
Socket troubles: Address family not supported by protocol
nc: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted (core dumped)

  The fix probably should involve not adding to the event list
in nsock/src/nsock_connect.c:nsp_add_event() if it failed to
connect, or, nsock/src/engine_select.c:iterate_through_event_lists()
check the event and not call process_event() if the (connect_event)
event has event_done set, but would need to check too many states
for that.

  Likely fix would be in pseudo patch:

       if (!nse->event_done) {
         assert(nse->iod->sd >= 0);
         socket_count_read_inc(nse->iod);
         socket_count_write_inc(nse->iod);
         update_events(nse->iod, nsp, EV_READ|EV_WRITE|EV_EXCEPT, EV_NONE);
       }
+      else if (nse->iod->sd < 0) {
+          /* do something else, update logs, etc */
+          msevent_delete(nsp, nse);
+          /* do something else, update logs, etc */
+      }
+      else
       iod_add_event(nse->iod, nse);
Comment 11 Jaroslav Aster 2017-11-08 16:49:22 UTC 
Hi Pavel,

I'm not sure, is this output ok? I see the same output in the old/new version, abort without crash.


# rpm -q nmap
nmap-ncat-6.40-12.el7.x86_64

# ncat -6 localhost
Socket troubles: Address family not supported by protocol
ncat: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted



# rpm -q nmap-ncat
nmap-ncat-6.40-7.el7.x86_64

# ncat -6 localhost
Socket troubles: Address family not supported by protocol
ncat: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted
Comment 18 errata-xmlrpc 2018-04-10 08:36:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0661