Bug 52874 - nc parses port name with dash incorrectly
Summary: nc parses port name with dash incorrectly
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: nc
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-30 12:08 UTC by Moritz Barsnick
Modified: 2014-03-17 02:23 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-06-10 14:26:16 UTC
Embargoed:


Attachments (Terms of Use)
patch to fix service detection of names with dashes (624 bytes, patch)
2002-06-10 14:26 UTC, Moritz Barsnick
no flags Details | Diff
new patch to fix service detection of names with dashes (626 bytes, patch)
2002-07-23 11:34 UTC, Moritz Barsnick
no flags Details | Diff

Description Moritz Barsnick 2001-08-30 12:08:45 UTC
Description of Problem:




nc (netcat) parses port names which are passed to it (cmdline) incorrectly if they include a dash ('-').









This became evident to me because /etc/services provides a service named "pop-3" but not "pop3". By the way, under Solaris, these are aliased:




$  ypcat services | egrep "pop.*3"




pop3            110/tcp         pop-3           # Post Office Protocol 3









Anyway, trying to use nc to connect to this port results in nc taking only everything up to the dash as the requested name:




$ nc hi1 pop-3




invalid port pop : Bad file number









The suspected reason is given under "additional information" below,.









Version-Release number of selected component (if applicable):









1.10-*









How Reproducible:













Every time.



Steps to Reproduce:




1. 

call nc to have it connect to a port with a service name including a dash:    
$ nc myhost pop-3    


2. 




3. 









Actual Results:










Port name only gets parsed up to first dash.




Expected Results:













nc should correctly connect to the stated port. nc shouldn't parse a port _name_ (string!) as a range, rather take it literally.

Additional Information:




	




In netcat.c, there is    
a) a differentiation between port _names_ (i.e. beginning with a non-digit) and port _numbers_ (beginning with a digit, which is even documented in this source to obviously fail on port _names_ beginning with a digit)    
b) a check for port ranges.    
    
This check for port ranges seems to happen even when a given port is identified as a string. IMHO, range checks are really useful on numbers only (although you _might_ want to give "ftp-finger" as a port range).    
    
I guess you should rearrange code order somewhere below line 1553 of netcat.c to fix this.    
    
As a workaround, I also suggest a proper alias in /etc/services.  ;-)    
    
Thanks for listening,    
Moritz

Comment 1 Moritz Barsnick 2002-06-10 14:19:17 UTC
The case seems a little tricky in the source code.

If the port argument has a dash, it's assumed to be a range
(which causes this named bug).

If you change the source and decide to _first_ try to check
the full arg, the used function getportpoop() will return
"okay" even if you hand it a range of numbers, because it uses
atoi(), which will take the number before the dash.

So I've prepared a patch to use the "dash-checking" section
of the code only if the argument is a numeric string. That does
the trick for all cases.

netcat is a very nice tools, missing just a few little things.
It's so unfortunate that it is (or seems) unmaintained.  :-(
(Although there is "nc6" which is focused on being netcat for
IPv6, but misses a bit of functionality right now.)

Best greetings,
Moritz

Comment 2 Moritz Barsnick 2002-06-10 14:26:10 UTC
Created attachment 60284 [details]
patch to fix service detection of names with dashes

Comment 3 Bill Nottingham 2002-07-18 23:41:57 UTC
Fixed in 1.10-15, thanks!

Comment 4 Moritz Barsnick 2002-07-23 11:29:51 UTC
There's still an obvious blooper ;-) in my code. And I found it _without_
doing any testing, just by reading my code in the new RPM. :-(

(argv[optind][0] > '0') && (argv[optind][0] < '9')

should be

(argv[optind][0] >= '0') && (argv[optind][0] =< '9')

(This time, I also tested it to be wrong, just to go sure.)

Pretty obvious.

Really sorry for breaking things,
Moritz   :-(

Comment 5 Moritz Barsnick 2002-07-23 11:34:05 UTC
Created attachment 66505 [details]
new patch to fix service detection of names with dashes

Comment 6 Bill Nottingham 2002-07-23 16:47:19 UTC
Added, thanks.


Note You need to log in before you can comment on or make changes to this bug.