Red Hat Bugzilla – Bug 52874
nc parses port name with dash incorrectly
Last modified: 2014-03-16 22:23:07 EDT
Description of Problem: nc (netcat) parses port names which are passed to it (cmdline) incorrectly if they include a dash ('-'). This became evident to me because /etc/services provides a service named "pop-3" but not "pop3". By the way, under Solaris, these are aliased: $ ypcat services | egrep "pop.*3" pop3 110/tcp pop-3 # Post Office Protocol 3 Anyway, trying to use nc to connect to this port results in nc taking only everything up to the dash as the requested name: $ nc hi1 pop-3 invalid port pop : Bad file number The suspected reason is given under "additional information" below,. Version-Release number of selected component (if applicable): 1.10-* How Reproducible: Every time. Steps to Reproduce: 1. call nc to have it connect to a port with a service name including a dash: $ nc myhost pop-3 2. 3. Actual Results: Port name only gets parsed up to first dash. Expected Results: nc should correctly connect to the stated port. nc shouldn't parse a port _name_ (string!) as a range, rather take it literally. Additional Information: In netcat.c, there is a) a differentiation between port _names_ (i.e. beginning with a non-digit) and port _numbers_ (beginning with a digit, which is even documented in this source to obviously fail on port _names_ beginning with a digit) b) a check for port ranges. This check for port ranges seems to happen even when a given port is identified as a string. IMHO, range checks are really useful on numbers only (although you _might_ want to give "ftp-finger" as a port range). I guess you should rearrange code order somewhere below line 1553 of netcat.c to fix this. As a workaround, I also suggest a proper alias in /etc/services. ;-) Thanks for listening, Moritz
The case seems a little tricky in the source code. If the port argument has a dash, it's assumed to be a range (which causes this named bug). If you change the source and decide to _first_ try to check the full arg, the used function getportpoop() will return "okay" even if you hand it a range of numbers, because it uses atoi(), which will take the number before the dash. So I've prepared a patch to use the "dash-checking" section of the code only if the argument is a numeric string. That does the trick for all cases. netcat is a very nice tools, missing just a few little things. It's so unfortunate that it is (or seems) unmaintained. :-( (Although there is "nc6" which is focused on being netcat for IPv6, but misses a bit of functionality right now.) Best greetings, Moritz
Created attachment 60284 [details] patch to fix service detection of names with dashes
Fixed in 1.10-15, thanks!
There's still an obvious blooper ;-) in my code. And I found it _without_ doing any testing, just by reading my code in the new RPM. :-( (argv[optind][0] > '0') && (argv[optind][0] < '9') should be (argv[optind][0] >= '0') && (argv[optind][0] =< '9') (This time, I also tested it to be wrong, just to go sure.) Pretty obvious. Really sorry for breaking things, Moritz :-(
Created attachment 66505 [details] new patch to fix service detection of names with dashes
Added, thanks.