Bug 52874 - nc parses port name with dash incorrectly
nc parses port name with dash incorrectly
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: nc (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-30 08:08 EDT by Moritz Barsnick
Modified: 2014-03-16 22:23 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-10 10:26:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix service detection of names with dashes (624 bytes, patch)
2002-06-10 10:26 EDT, Moritz Barsnick
no flags Details | Diff
new patch to fix service detection of names with dashes (626 bytes, patch)
2002-07-23 07:34 EDT, Moritz Barsnick
no flags Details | Diff

  None (edit)
Description Moritz Barsnick 2001-08-30 08:08:45 EDT
Description of Problem:




nc (netcat) parses port names which are passed to it (cmdline) incorrectly if they include a dash ('-').









This became evident to me because /etc/services provides a service named "pop-3" but not "pop3". By the way, under Solaris, these are aliased:




$  ypcat services | egrep "pop.*3"




pop3            110/tcp         pop-3           # Post Office Protocol 3









Anyway, trying to use nc to connect to this port results in nc taking only everything up to the dash as the requested name:




$ nc hi1 pop-3




invalid port pop : Bad file number









The suspected reason is given under "additional information" below,.









Version-Release number of selected component (if applicable):









1.10-*









How Reproducible:













Every time.



Steps to Reproduce:




1. 

call nc to have it connect to a port with a service name including a dash:    
$ nc myhost pop-3    


2. 




3. 









Actual Results:










Port name only gets parsed up to first dash.




Expected Results:













nc should correctly connect to the stated port. nc shouldn't parse a port _name_ (string!) as a range, rather take it literally.

Additional Information:




	




In netcat.c, there is    
a) a differentiation between port _names_ (i.e. beginning with a non-digit) and port _numbers_ (beginning with a digit, which is even documented in this source to obviously fail on port _names_ beginning with a digit)    
b) a check for port ranges.    
    
This check for port ranges seems to happen even when a given port is identified as a string. IMHO, range checks are really useful on numbers only (although you _might_ want to give "ftp-finger" as a port range).    
    
I guess you should rearrange code order somewhere below line 1553 of netcat.c to fix this.    
    
As a workaround, I also suggest a proper alias in /etc/services.  ;-)    
    
Thanks for listening,    
Moritz
Comment 1 Moritz Barsnick 2002-06-10 10:19:17 EDT
The case seems a little tricky in the source code.

If the port argument has a dash, it's assumed to be a range
(which causes this named bug).

If you change the source and decide to _first_ try to check
the full arg, the used function getportpoop() will return
"okay" even if you hand it a range of numbers, because it uses
atoi(), which will take the number before the dash.

So I've prepared a patch to use the "dash-checking" section
of the code only if the argument is a numeric string. That does
the trick for all cases.

netcat is a very nice tools, missing just a few little things.
It's so unfortunate that it is (or seems) unmaintained.  :-(
(Although there is "nc6" which is focused on being netcat for
IPv6, but misses a bit of functionality right now.)

Best greetings,
Moritz
Comment 2 Moritz Barsnick 2002-06-10 10:26:10 EDT
Created attachment 60284 [details]
patch to fix service detection of names with dashes
Comment 3 Bill Nottingham 2002-07-18 19:41:57 EDT
Fixed in 1.10-15, thanks!
Comment 4 Moritz Barsnick 2002-07-23 07:29:51 EDT
There's still an obvious blooper ;-) in my code. And I found it _without_
doing any testing, just by reading my code in the new RPM. :-(

(argv[optind][0] > '0') && (argv[optind][0] < '9')

should be

(argv[optind][0] >= '0') && (argv[optind][0] =< '9')

(This time, I also tested it to be wrong, just to go sure.)

Pretty obvious.

Really sorry for breaking things,
Moritz   :-(
Comment 5 Moritz Barsnick 2002-07-23 07:34:05 EDT
Created attachment 66505 [details]
new patch to fix service detection of names with dashes
Comment 6 Bill Nottingham 2002-07-23 12:47:19 EDT
Added, thanks.

Note You need to log in before you can comment on or make changes to this bug.