Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1436402 - nc from nmap ncat crash if ipv6 disabled
nc from nmap ncat crash if ipv6 disabled
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nmap (Show other bugs)
7.3
All Linux
high Severity medium
: rc
: ---
Assigned To: Pavel Zhukov
Jaroslav Aster
: Patch
Depends On: 1460249
Blocks: 1420851 1465887 1465928
  Show dependency treegraph
 
Reported: 2017-03-27 16:52 EDT by Paulo Andrade
Modified: 2018-04-10 04:37 EDT (History)
5 users (show)

See Also:
Fixed In Version: nmap-6.40-13.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 04:36:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0661 None None None 2018-04-10 04:37 EDT

  None (edit)
Description Paulo Andrade 2017-03-27 16:52:50 EDT 
The crash always happen due to to nmap-6.40-allresolve.patch
but can be made to crash without the patch by passing "-6" in
the command line, so the patch is not really wrong, just exposes
the issue.

  Steps to reproduce:
1. Boot with "ipv6.disable=1" as kernel parameter
2. Run "nc -6 localhost"

Adding -6 just for it to not try ipv4 before.

  Expectd output would be the same as:

$ nc -4 localhost
Ncat: Connection refused.

but what happens is:

$ nc -6 localhost
Socket troubles: Address family not supported by protocol
nc: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted (core dumped)

  The fix probably should involve not adding to the event list
in nsock/src/nsock_connect.c:nsp_add_event() if it failed to
connect, or, nsock/src/engine_select.c:iterate_through_event_lists()
check the event and not call process_event() if the (connect_event)
event has event_done set, but would need to check too many states
for that.

  Likely fix would be in pseudo patch:

       if (!nse->event_done) {
         assert(nse->iod->sd >= 0);
         socket_count_read_inc(nse->iod);
         socket_count_write_inc(nse->iod);
         update_events(nse->iod, nsp, EV_READ|EV_WRITE|EV_EXCEPT, EV_NONE);
       }
+      else if (nse->iod->sd < 0) {
+          /* do something else, update logs, etc */
+          msevent_delete(nsp, nse);
+          /* do something else, update logs, etc */
+      }
+      else
       iod_add_event(nse->iod, nse);
Comment 11 Jaroslav Aster 2017-11-08 11:49:22 EST 
Hi Pavel,

I'm not sure, is this output ok? I see the same output in the old/new version, abort without crash.


# rpm -q nmap
nmap-ncat-6.40-12.el7.x86_64

# ncat -6 localhost
Socket troubles: Address family not supported by protocol
ncat: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted



# rpm -q nmap-ncat
nmap-ncat-6.40-7.el7.x86_64

# ncat -6 localhost
Socket troubles: Address family not supported by protocol
ncat: engine_select.c:353: get_evmask: Assertion `sd >= 0' failed.
Aborted
Comment 18 errata-xmlrpc 2018-04-10 04:36:10 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0661
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.