Red Hat Bugzilla – Bug 52874
nc parses port name with dash incorrectly
Last modified: 2014-03-16 22:23:07 EDT
Description of Problem:
nc (netcat) parses port names which are passed to it (cmdline) incorrectly if they include a dash ('-').
This became evident to me because /etc/services provides a service named "pop-3" but not "pop3". By the way, under Solaris, these are aliased:
$ ypcat services | egrep "pop.*3"
pop3 110/tcp pop-3 # Post Office Protocol 3
Anyway, trying to use nc to connect to this port results in nc taking only everything up to the dash as the requested name:
$ nc hi1 pop-3
invalid port pop : Bad file number
The suspected reason is given under "additional information" below,.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
call nc to have it connect to a port with a service name including a dash:
$ nc myhost pop-3
Port name only gets parsed up to first dash.
nc should correctly connect to the stated port. nc shouldn't parse a port _name_ (string!) as a range, rather take it literally.
In netcat.c, there is
a) a differentiation between port _names_ (i.e. beginning with a non-digit) and port _numbers_ (beginning with a digit, which is even documented in this source to obviously fail on port _names_ beginning with a digit)
b) a check for port ranges.
This check for port ranges seems to happen even when a given port is identified as a string. IMHO, range checks are really useful on numbers only (although you _might_ want to give "ftp-finger" as a port range).
I guess you should rearrange code order somewhere below line 1553 of netcat.c to fix this.
As a workaround, I also suggest a proper alias in /etc/services. ;-)
Thanks for listening,
The case seems a little tricky in the source code.
If the port argument has a dash, it's assumed to be a range
(which causes this named bug).
If you change the source and decide to _first_ try to check
the full arg, the used function getportpoop() will return
"okay" even if you hand it a range of numbers, because it uses
atoi(), which will take the number before the dash.
So I've prepared a patch to use the "dash-checking" section
of the code only if the argument is a numeric string. That does
the trick for all cases.
netcat is a very nice tools, missing just a few little things.
It's so unfortunate that it is (or seems) unmaintained. :-(
(Although there is "nc6" which is focused on being netcat for
IPv6, but misses a bit of functionality right now.)
Created attachment 60284 [details]
patch to fix service detection of names with dashes
Fixed in 1.10-15, thanks!
There's still an obvious blooper ;-) in my code. And I found it _without_
doing any testing, just by reading my code in the new RPM. :-(
(argv[optind] > '0') && (argv[optind] < '9')
(argv[optind] >= '0') && (argv[optind] =< '9')
(This time, I also tested it to be wrong, just to go sure.)
Really sorry for breaking things,
Created attachment 66505 [details]
new patch to fix service detection of names with dashes