Bug 52874

Summary: nc parses port name with dash incorrectly
Product: [Retired] Red Hat Linux Reporter: Moritz Barsnick <eedmoba>
Component: ncAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: barsnick, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-06-10 14:26:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch to fix service detection of names with dashes
none
new patch to fix service detection of names with dashes none

Description Moritz Barsnick 2001-08-30 12:08:45 UTC 
Description of Problem:




nc (netcat) parses port names which are passed to it (cmdline) incorrectly if they include a dash ('-').









This became evident to me because /etc/services provides a service named "pop-3" but not "pop3". By the way, under Solaris, these are aliased:




$  ypcat services | egrep "pop.*3"




pop3            110/tcp         pop-3           # Post Office Protocol 3









Anyway, trying to use nc to connect to this port results in nc taking only everything up to the dash as the requested name:




$ nc hi1 pop-3




invalid port pop : Bad file number









The suspected reason is given under "additional information" below,.









Version-Release number of selected component (if applicable):









1.10-*









How Reproducible:













Every time.



Steps to Reproduce:




1. 

call nc to have it connect to a port with a service name including a dash:    
$ nc myhost pop-3    


2. 




3. 









Actual Results:










Port name only gets parsed up to first dash.




Expected Results:













nc should correctly connect to the stated port. nc shouldn't parse a port _name_ (string!) as a range, rather take it literally.

Additional Information:




	




In netcat.c, there is    
a) a differentiation between port _names_ (i.e. beginning with a non-digit) and port _numbers_ (beginning with a digit, which is even documented in this source to obviously fail on port _names_ beginning with a digit)    
b) a check for port ranges.    
    
This check for port ranges seems to happen even when a given port is identified as a string. IMHO, range checks are really useful on numbers only (although you _might_ want to give "ftp-finger" as a port range).    
    
I guess you should rearrange code order somewhere below line 1553 of netcat.c to fix this.    
    
As a workaround, I also suggest a proper alias in /etc/services.  ;-)    
    
Thanks for listening,    
Moritz
Comment 1 Moritz Barsnick 2002-06-10 14:19:17 UTC 
The case seems a little tricky in the source code.

If the port argument has a dash, it's assumed to be a range
(which causes this named bug).

If you change the source and decide to _first_ try to check
the full arg, the used function getportpoop() will return
"okay" even if you hand it a range of numbers, because it uses
atoi(), which will take the number before the dash.

So I've prepared a patch to use the "dash-checking" section
of the code only if the argument is a numeric string. That does
the trick for all cases.

netcat is a very nice tools, missing just a few little things.
It's so unfortunate that it is (or seems) unmaintained.  :-(
(Although there is "nc6" which is focused on being netcat for
IPv6, but misses a bit of functionality right now.)

Best greetings,
Moritz
Comment 2 Moritz Barsnick 2002-06-10 14:26:10 UTC 
Created attachment 60284 [details]
patch to fix service detection of names with dashes
Comment 3 Bill Nottingham 2002-07-18 23:41:57 UTC 
Fixed in 1.10-15, thanks!
Comment 4 Moritz Barsnick 2002-07-23 11:29:51 UTC 
There's still an obvious blooper ;-) in my code. And I found it _without_
doing any testing, just by reading my code in the new RPM. :-(

(argv[optind][0] > '0') && (argv[optind][0] < '9')

should be

(argv[optind][0] >= '0') && (argv[optind][0] =< '9')

(This time, I also tested it to be wrong, just to go sure.)

Pretty obvious.

Really sorry for breaking things,
Moritz   :-(
Comment 5 Moritz Barsnick 2002-07-23 11:34:05 UTC 
Created attachment 66505 [details]
new patch to fix service detection of names with dashes
Comment 6 Bill Nottingham 2002-07-23 16:47:19 UTC 
Added, thanks.