pool/netcat-openbsd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 510980 from home:scarabeus_iv:branches:network:utilities

Browse Source 
- Drop all patches that were never upstreamed:
  * connect-timeout.patch
  * dccp.patch
  * gcc-warnings.patch
  * getservbyname.patch
  * glib-strlcpy.patch
  * help-version-exit.patch
  * nc-1.84-udp_stop.patch
  * netcat-info.patch
  * netcat-openbsd-debian.patch
  * netcat-openbsd-examples.patch
  * netcat-openbsd-openbsd-compat.patch
  * no-strtonum.patch
  * pollhup.patch
  * quit-timer.patch
  * reuseaddr.patch
  * send-crlf.patch
  * silence-z.patch
  * socks-b64-prototype.patch
  * udp-scan-timeout.patch
  * verbose-message-to-stderr.patch
  * verbose-numeric-port.patch
- Switch to debian package to not waste resources on doing exactly
  the same.
- Switches URL for debian package
- Apply patches already prepared for debian package
  * port-to-linux-with-libsd.patch
  * compile-without-TLS-support.patch
  * connect-timeout.patch
  * get-sev-by-name.patch

OBS-URL: https://build.opensuse.org/request/show/510980
OBS-URL: https://build.opensuse.org/package/show/network:utilities/netcat-openbsd?expand=0&rev=16
This commit is contained in:
Vítězslav Čížek 2017-07-17 13:26:12 +00:00 committed by Git OBS Bridge
parent 866517e65e
commit c0756e8f2c
33 changed files with 2484 additions and 2897 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CMakeLists.txt
View File

@ -1,21 +0,0 @@
#
# Cmake Build script for netcat-openbsd
# Author : Cristian Rodríguez <crrodriguez@suse.de>
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
PROJECT(netcat-openbsd C)
SET(CMAKE_VERBOSE_MAKEFILE ON)
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -fvisibility=hidden -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -g -W -Wall")
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/openbsd-compat)
SET(NETCAT_SRCS netcat.c atomicio.c socks.c openbsd-compat/base64.c openbsd-compat/readpassphrase.c)
ADD_EXECUTABLE(nc ${NETCAT_SRCS})
INSTALL(PROGRAMS nc DESTINATION bin)
INSTALL(FILES nc.1 DESTINATION share/man/man1)

748
compile-without-TLS-support.patch Normal file
View File

@ -0,0 +1,748 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 09 Jun 2017 13:21:23 +0200
Subject: compile without TLS support
tls.h isn't available in libsd-dev, and -C is already taken for
CRLF line-ending in the Debian-specific patches.
---
Makefile | 2
nc.1 | 63 -----------------------
netcat.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 144 insertions(+), 87 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -2,8 +2,6 @@
PROG= nc
SRCS= netcat.c atomicio.c socks.c
-LDADD+= -ltls -lssl -lcrypto
-DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
LIBS= `pkg-config --libs libbsd` -lresolv
OBJS= $(SRCS:.c=.o)
--- a/nc.1
+++ b/nc.1
@@ -33,20 +33,14 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46cDdFhklNnrStUuvz
-.Op Fl C Ar certfile
-.Op Fl e Ar name
-.Op Fl H Ar hash
+.Op Fl 46DdFhklNnrStUuvz
.Op Fl I Ar length
.Op Fl i Ar interval
-.Op Fl K Ar keyfile
.Op Fl M Ar ttl
.Op Fl m Ar minttl
.Op Fl O Ar length
-.Op Fl o Ar staplefile
.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
-.Op Fl R Ar CAfile
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -101,20 +95,10 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
-.It Fl C Ar certfile
-Specifies the filename from which the public key part of the TLS
-certificate is loaded, in PEM format.
-May only be used with TLS.
-.It Fl c
-If using a TCP socket to connect or listen, use TLS.
-Illegal if not using TCP sockets.
.It Fl D
Enable debugging on the socket.
.It Fl d
Do not attempt to read from stdin.
-.It Fl e Ar name
-Specify the name that must be present in the peer certificate when using TLS.
-Illegal if not using TLS.
.It Fl F
Pass the first connected socket using
.Xr sendmsg 2
@@ -130,11 +114,6 @@ using the
.Xr ssh_config 5
.Cm ProxyUseFdpass
option).
-.It Fl H Ar hash
-Specifies the required hash string of the peer certificate when using TLS.
-The string format required is that used by
-.Xr tls_peer_cert_hash 3 .
-Illegal if not using TLS, and may not be used with -T noverify.
.It Fl h
Prints out
.Nm
@@ -144,10 +123,6 @@ Specifies the size of the TCP receive bu
.It Fl i Ar interval
Specifies a delay time interval between lines of text sent and received.
Also causes a delay time between connections to multiple ports.
-.It Fl K Ar keyfile
-Specifies the filename from which the private key
-is loaded in PEM format.
-May only be used with TLS.
.It Fl k
Forces
.Nm
@@ -188,12 +163,6 @@ Do not do any DNS or service lookups on
hostnames or ports.
.It Fl O Ar length
Specifies the size of the TCP send buffer.
-.It Fl o Ar staplefile
-Specifies the filename from which to load data to be stapled
-during the TLS handshake.
-The file is expected to contain an OCSP response from an OCSP server in
-DER format.
-May only be used with TLS and when a certificate is being used.
.It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted.
@@ -202,12 +171,6 @@ Proxy authentication is only supported f
Specifies the source port
.Nm
should use, subject to privilege restrictions and availability.
-.It Fl R Ar CAfile
-Specifies the filename from which the root CA bundle for certificate
-verification is loaded, in PEM format.
-Illegal if not using TLS.
-The default is
-.Pa /etc/ssl/cert.pem .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
instead of sequentially within a range or in the order that the system
@@ -224,24 +187,7 @@ It is an error to use this option in con
.Fl l
option.
.It Fl T Ar keyword
-Change IPv4 TOS value or TLS options.
-For TLS options
-.Ar keyword
-may be one of
-.Ar tlsall ;
-which allows the use of all supported TLS protocols and ciphers,
-.Ar noverify ;
-which disables certificate verification;
-.Ar noname ,
-which disables certificate name checking;
-.Ar clientcert ,
-which requires a client certificate on incoming connections; or
-.Ar muststaple ,
-which requires the peer to provide a valid stapled OCSP response
-with the handshake.
-It is illegal to specify TLS options if not using TLS.
-.Pp
-For IPv4 TOS value
+Change IPv4 TOS value.
.Ar keyword
may be one of
.Ar critical ,
@@ -483,11 +429,6 @@ the source port, with a timeout of 5 sec
.Pp
.Dl $ nc -p 31337 -w 5 host.example.com 42
.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation.
-.Pp
-.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
-.Pp
Open a UDP connection to port 53 of host.example.com:
.Pp
.Dl $ nc -u host.example.com 53
--- a/netcat.c
+++ b/netcat.c
@@ -99,7 +99,9 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
-#include <tls.h>
+#ifdef TLS
+# include <tls.h>
+#endif
#include <bsd/stdlib.h>
#include <bsd/string.h>
#include "atomicio.h"
@@ -112,13 +114,15 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
-#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#ifdef TLS
+# define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-#define TLS_ALL (1 << 1)
-#define TLS_NOVERIFY (1 << 2)
-#define TLS_NONAME (1 << 3)
-#define TLS_CCERT (1 << 4)
-#define TLS_MUSTSTAPLE (1 << 5)
+# define TLS_ALL (1 << 1)
+# define TLS_NOVERIFY (1 << 2)
+# define TLS_NONAME (1 << 3)
+# define TLS_CCERT (1 << 4)
+# define TLS_MUSTSTAPLE (1 << 5)
+#endif
/* Command Line Options */
int dflag; /* detached, no stdin */
@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti
int Tflag = -1; /* IP Type of Service */
int rtableid = -1;
+# if defined(TLS)
int usetls; /* use TLS */
char *Cflag; /* Public cert file */
char *Kflag; /* Private key file */
@@ -153,6 +158,7 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
+# endif
int timeout = -1;
int family = AF_UNSPEC;
@@ -165,10 +171,16 @@ void atelnet(int, unsigned char *, unsig
void build_ports(char *);
void help(void);
int local_listen(char *, char *, struct addrinfo);
+# if defined(TLS)
void readwrite(int, struct tls *);
+# else
+void readwrite(int);
+# endif
void fdpass(int nfd) __attribute__((noreturn));
int remote_connect(const char *, const char *, struct addrinfo);
+# if defined(TLS)
int timeout_tls(int, struct tls *, int (*)(struct tls *));
+# endif
int timeout_connect(int, const struct sockaddr *, socklen_t);
int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int, const char *);
@@ -178,14 +190,23 @@ int unix_connect(char *);
int unix_listen(char *);
void set_common_sockopts(int, int);
int map_tos(char *, int *);
+# if defined(TLS)
int map_tls(char *, int *);
+# endif
void report_connect(const struct sockaddr *, socklen_t, char *);
+# if defined(TLS)
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname);
+# endif
void usage(int);
+# if defined(TLS)
ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *);
ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *);
void tls_setup_client(struct tls *, int, char *);
struct tls *tls_setup_server(struct tls *, int, char *);
+# else
+ssize_t drainbuf(int, unsigned char *, size_t *);
+ssize_t fillbuf(int, unsigned char *, size_t *);
+# endif
int
main(int argc, char *argv[])
@@ -200,8 +221,10 @@ main(int argc, char *argv[])
const char *errstr;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
+# if defined(TLS)
struct tls_config *tls_cfg = NULL;
struct tls *tls_ctx = NULL;
+# endif
ret = 1;
socksv = 5;
@@ -212,7 +235,11 @@ main(int argc, char *argv[])
signal(SIGPIPE, SIG_IGN);
while ((ch = getopt(argc, argv,
+# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+# else
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+# endif
switch (ch) {
case '4':
family = AF_INET;
@@ -233,24 +260,30 @@ main(int argc, char *argv[])
else
errx(1, "unsupported proxy protocol");
break;
+# if defined(TLS)
case 'C':
Cflag = optarg;
break;
case 'c':
usetls = 1;
break;
+# endif
case 'd':
dflag = 1;
break;
+# if defined(TLS)
case 'e':
tls_expectname = optarg;
break;
+# endif
case 'F':
Fflag = 1;
break;
+# if defined(TLS)
case 'H':
tls_expecthash = optarg;
break;
+# endif
case 'h':
help();
break;
@@ -259,9 +292,11 @@ main(int argc, char *argv[])
if (errstr)
errx(1, "interval %s: %s", errstr, optarg);
break;
+# if defined(TLS)
case 'K':
Kflag = optarg;
break;
+# endif
case 'k':
kflag = 1;
break;
@@ -290,10 +325,12 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
+# if defined(TLS)
case 'R':
tls_cachanged = 1;
Rflag = optarg;
break;
+# endif
case 'r':
rflag = 1;
break;
@@ -348,9 +385,11 @@ main(int argc, char *argv[])
errx(1, "TCP send window %s: %s",
errstr, optarg);
break;
+# if defined(TLS)
case 'o':
oflag = optarg;
break;
+# endif
case 'S':
# if defined(TCP_MD5SIG)
Sflag = 1;
@@ -363,8 +402,10 @@ main(int argc, char *argv[])
errno = 0;
if (map_tos(optarg, &Tflag))
break;
+# if defined(TLS)
if (map_tls(optarg, &TLSopt))
break;
+# endif
if (strlen(optarg) > 1 && optarg[0] == '0' &&
optarg[1] == 'x')
Tflag = (int)strtol(optarg, NULL, 16);
@@ -372,7 +413,11 @@ main(int argc, char *argv[])
Tflag = (int)strtonum(optarg, 0, 255,
&errstr);
if (Tflag < 0 || Tflag > 255 || errstr || errno)
+# if defined(TLS)
errx(1, "illegal tos/tls value %s", optarg);
+# else
+ errx(1, "illegal tos value %s", optarg);
+# endif
break;
default:
usage(1);
@@ -411,12 +456,15 @@ main(int argc, char *argv[])
if (!lflag && kflag)
errx(1, "must use -l with -k");
+# if defined(TLS)
if (uflag && usetls)
errx(1, "cannot use -c and -u");
if ((family == AF_UNIX) && usetls)
errx(1, "cannot use -c and -U");
+# endif
if ((family == AF_UNIX) && Fflag)
errx(1, "cannot use -F and -U");
+# if defined(TLS)
if (Fflag && usetls)
errx(1, "cannot use -c and -F");
if (TLSopt && !usetls)
@@ -433,6 +481,7 @@ main(int argc, char *argv[])
errx(1, "you must specify -c to use -H");
if (tls_expectname && !usetls)
errx(1, "you must specify -c to use -e");
+# endif
/* Get name of temporary socket for unix datagram client */
if ((family == AF_UNIX) && uflag && !lflag) {
@@ -499,6 +548,7 @@ main(int argc, char *argv[])
proxyhints.ai_flags |= AI_NUMERICHOST;
}
+# if defined(TLS)
if (usetls) {
if (Pflag) {
if (pledge("stdio inet dns tty rpath", NULL) == -1)
@@ -544,8 +594,11 @@ main(int argc, char *argv[])
} else if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge");
}
+# endif
if (lflag) {
+# if defined(TLS)
struct tls *tls_cctx = NULL;
+# endif
int connfd;
ret = 0;
@@ -556,6 +609,7 @@ main(int argc, char *argv[])
s = unix_listen(host);
}
+# if defined(TLS)
if (usetls) {
tls_config_verify_client_optional(tls_cfg);
if ((tls_ctx = tls_server()) == NULL)
@@ -564,6 +618,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
+# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
if (family != AF_UNIX)
@@ -575,7 +630,11 @@ main(int argc, char *argv[])
* receive datagrams from multiple socket pairs.
*/
if (uflag && kflag)
+# if defined(TLS)
readwrite(s, NULL);
+# else
+ readwrite(s);
+# endif
/*
* For UDP and not -k, we will use recvfrom() initially
* to wait for a caller, then use the regular functions
@@ -600,7 +659,11 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&z, len, NULL);
+# if defined(TLS)
readwrite(s, NULL);
+# else
+ readwrite(s);
+# endif
} else {
len = sizeof(cliaddr);
connfd = accept4(s, (struct sockaddr *)&cliaddr,
@@ -612,6 +675,7 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&cliaddr, len,
family == AF_UNIX ? host : NULL);
+# if defined(TLS)
if ((usetls) &&
(tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
readwrite(connfd, tls_cctx);
@@ -622,6 +686,9 @@ main(int argc, char *argv[])
tls_free(tls_cctx);
tls_cctx = NULL;
}
+# else
+ readwrite(connfd);
+# endif
close(connfd);
}
if (family != AF_UNIX)
@@ -639,7 +706,11 @@ main(int argc, char *argv[])
if ((s = unix_connect(host)) > 0) {
if (!zflag)
+# if defined(TLS)
readwrite(s, NULL);
+# else
+ readwrite(s);
+# endif
close(s);
} else
ret = 1;
@@ -659,6 +730,7 @@ main(int argc, char *argv[])
if (s != -1)
close(s);
+# if defined(TLS)
if (usetls) {
if ((tls_ctx = tls_client()) == NULL)
errx(1, "tls client creation failed");
@@ -666,6 +738,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
+# endif
if (xflag)
s = socks_connect(host, portlist[i], hints,
proxy, proxyport, proxyhints, socksv,
@@ -703,6 +776,7 @@ main(int argc, char *argv[])
}
if (Fflag)
fdpass(s);
+# if defined(TLS)
else {
if (usetls)
tls_setup_client(tls_ctx, s, host);
@@ -714,13 +788,19 @@ main(int argc, char *argv[])
tls_ctx = NULL;
}
}
+# else
+ else if (!zflag)
+ readwrite(s);
+# endif
}
}
if (s != -1)
close(s);
+# if defined(TLS)
tls_config_free(tls_cfg);
+# endif
exit(ret);
}
@@ -759,6 +839,7 @@ unix_bind(char *path, int flags)
return (s);
}
+# if defined(TLS)
int
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
{
@@ -840,6 +921,7 @@ tls_setup_server(struct tls *tls_ctx, in
}
return NULL;
}
+# endif
/*
* unix_connect()
@@ -1052,7 +1134,11 @@ local_listen(char *host, char *port, str
* Loop that polls on the network file descriptor and stdin.
*/
void
+# if defined(TLS)
readwrite(int net_fd, struct tls *tls_ctx)
+# else
+readwrite(int net_fd)
+# endif
{
struct pollfd pfd[4];
int stdin_fd = STDIN_FILENO;
@@ -1152,12 +1238,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from stdin */
if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
+# if defined(TLS)
&stdinbufpos, NULL);
if (ret == TLS_WANT_POLLIN)
pfd[POLL_STDIN].events = POLLIN;
else if (ret == TLS_WANT_POLLOUT)
pfd[POLL_STDIN].events = POLLOUT;
- else if (ret == 0 || ret == -1)
+ else
+# else
+ &stdinbufpos);
+# endif
+ if (ret == 0 || ret == -1)
pfd[POLL_STDIN].fd = -1;
/* read something - poll net out */
if (stdinbufpos > 0)
@@ -1169,12 +1260,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to network */
if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
+# if defined(TLS)
&stdinbufpos, tls_ctx);
if (ret == TLS_WANT_POLLIN)
pfd[POLL_NETOUT].events = POLLIN;
else if (ret == TLS_WANT_POLLOUT)
pfd[POLL_NETOUT].events = POLLOUT;
- else if (ret == -1)
+ else
+# else
+ &stdinbufpos);
+# endif
+ if (ret == -1)
pfd[POLL_NETOUT].fd = -1;
/* buffer empty - remove self from polling */
if (stdinbufpos == 0)
@@ -1186,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from network */
if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
+# if defined(TLS)
&netinbufpos, tls_ctx);
if (ret == TLS_WANT_POLLIN)
pfd[POLL_NETIN].events = POLLIN;
else if (ret == TLS_WANT_POLLOUT)
pfd[POLL_NETIN].events = POLLOUT;
- else if (ret == -1)
+ else
+# else
+ &netinbufpos);
+# endif
+ if (ret == -1)
pfd[POLL_NETIN].fd = -1;
/* eof on net in - remove from pfd */
if (ret == 0) {
@@ -1212,12 +1313,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to stdout */
if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
+# if defined(TLS)
&netinbufpos, NULL);
if (ret == TLS_WANT_POLLIN)
pfd[POLL_STDOUT].events = POLLIN;
else if (ret == TLS_WANT_POLLOUT)
pfd[POLL_STDOUT].events = POLLOUT;
- else if (ret == -1)
+ else
+# else
+ &netinbufpos);
+# endif
+ if (ret == -1)
pfd[POLL_STDOUT].fd = -1;
/* buffer empty - remove self from polling */
if (netinbufpos == 0)
@@ -1241,19 +1347,29 @@ readwrite(int net_fd, struct tls *tls_ct
}
ssize_t
+# if defined(TLS)
drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
+# else
+drainbuf(int fd, unsigned char *buf, size_t *bufpos)
+# endif
{
ssize_t n;
ssize_t adjust;
+# if defined(TLS)
if (tls)
n = tls_write(tls, buf, *bufpos);
else {
+# endif
n = write(fd, buf, *bufpos);
/* don't treat EAGAIN, EINTR as error */
if (n == -1 && (errno == EAGAIN || errno == EINTR))
+# if defined(TLS)
n = TLS_WANT_POLLOUT;
}
+# else
+ n = -2;
+# endif
if (n <= 0)
return n;
/* adjust buffer */
@@ -1265,19 +1381,29 @@ drainbuf(int fd, unsigned char *buf, siz
}
ssize_t
+# if defined(TLS)
fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
+# else
+fillbuf(int fd, unsigned char *buf, size_t *bufpos)
+# endif
{
size_t num = BUFSIZE - *bufpos;
ssize_t n;
+# if defined(TLS)
if (tls)
n = tls_read(tls, buf + *bufpos, num);
else {
+# endif
n = read(fd, buf + *bufpos, num);
/* don't treat EAGAIN, EINTR as error */
if (n == -1 && (errno == EAGAIN || errno == EINTR))
+# if defined(TLS)
n = TLS_WANT_POLLIN;
}
+# else
+ n = -2;
+# endif
if (n <= 0)
return n;
*bufpos += n;
@@ -1581,6 +1707,7 @@ map_tos(char *s, int *val)
return (0);
}
+# if defined(TLS)
int
map_tls(char *s, int *val)
{
@@ -1662,6 +1789,7 @@ report_tls(struct tls * tls_ctx, char *
}
}
+# endif
void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
@@ -1704,17 +1832,12 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
- \t-C certfile Public key file\n\
- \t-c Use TLS\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
- \t-e name\t Required name in peer certificate\n\
\t-F Pass socket fd\n\
- \t-H hash\t Hash string of peer certificate\n\
\t-h This help text\n\
\t-I length TCP receive buffer length\n\
\t-i interval Delay interval for lines sent, ports scanned\n\
- \t-K keyfile Private key file\n\
\t-k Keep inbound sockets open for multiple connects\n\
\t-l Listen mode, for inbound connects\n\
\t-M ttl Outgoing TTL / Hop Limit\n\
@@ -1722,14 +1845,12 @@ help(void)
\t-N Shutdown the network socket after EOF on stdin\n\
\t-n Suppress name/port resolutions\n\
\t-O length TCP send buffer length\n\
- \t-o staplefile Staple file\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
- \t-R CAfile CA bundle\n\
\t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\
\t-s source Local source address\n\
- \t-T keyword TOS value or TLS options\n\
+ \t-T keyword TOS value\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n\
@@ -1747,11 +1868,8 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
- "[-H hash] [-I length]\n"
- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
- "\t [-o staplefile] [-P proxy_username] [-p source_port] "
- "[-R CAfile]\n"
+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");

90
connect-timeout.patch
View File

@ -1,10 +1,24 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:27.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:30.000000000 -0500
@@ -65,6 +65,10 @@
#define PORT_MAX 65535
#define PORT_MAX_LEN 6
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 14:43:56 +0800
Subject: connect timeout
---
netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 76 insertions(+), 2 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -89,6 +89,7 @@
#include <err.h>
#include <errno.h>
+#include <fcntl.h>
#include <limits.h>
#include <netdb.h>
#include <poll.h>
@@ -124,6 +125,10 @@
# define TLS_MUSTSTAPLE (1 << 5)
#endif
+#define CONNECTION_SUCCESS 0
+#define CONNECTION_FAILED 1
@ -12,53 +26,50 @@ Index: netcat-openbsd-1.89/netcat.c
+
/* Command Line Options */
int dflag; /* detached, no stdin */
int iflag; /* Interval Flag */
@@ -104,6 +108,9 @@
int parse_iptos(char *);
void usage(int);
int Fflag; /* fdpass sock to stdout */
@@ -208,6 +213,9 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
+ socklen_t salen, int ctimeout);
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
+ socklen_t salen, int ctimeout);
+
int
main(int argc, char *argv[])
{
@@ -508,13 +515,15 @@
}
@@ -1022,11 +1030,14 @@ remote_connect(const char *host, const c
set_common_sockopts(s);
-
- if (connect(s, res0->ai_addr, res0->ai_addrlen) == 0)
+ if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
set_common_sockopts(s, res->ai_family);
- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
break;
- else if (vflag)
+ else if (vflag && error == CONNECTION_FAILED)
- if (vflag)
+ if (vflag && error == CONNECTION_FAILED)
warn("connect to %s port %s (%s) failed", host, port,
uflag ? "udp" : "tcp");
-
+ else if (vflag && error == CONNECTION_TIMEOUT)
+ warn("connect to %s port %s (%s) timed out", host, port,
+ uflag ? "udp" : "tcp");
+
+ else if (vflag && error == CONNECTION_TIMEOUT)
+ warn("connect to %s port %s (%s) timed out", host, port,
+ uflag ? "udp" : "tcp");
save_errno = errno;
close(s);
s = -1;
} while ((res0 = res0->ai_next) != NULL);
@@ -524,6 +533,74 @@
return (s);
@@ -1067,6 +1078,69 @@ timeout_connect(int s, const struct sock
return (ret);
}
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
+ socklen_t salen, int ctimeout)
+{
+ int err;
+ struct timeval tv, *tvp = NULL;
+ fd_set connect_fdset;
+ socklen_t len;
+ int orig_flags;
+ int orig_flags;
+
+ orig_flags = fcntl(fd, F_GETFL, 0);
+ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) {
+ warn("can't set O_NONBLOCK - timeout not avaliable");
+ warn("can't set O_NONBLOCK - timeout not available");
+ if (connect(fd, sa, salen) == 0)
+ return CONNECTION_SUCCESS;
+ else
@ -74,7 +85,6 @@ Index: netcat-openbsd-1.89/netcat.c
+
+ /* attempt the connection */
+ err = connect(fd, sa, salen);
+
+ if (err != 0 && errno == EINPROGRESS) {
+ /* connection is proceeding
+ * it is complete (or failed) when select returns */
@ -85,25 +95,22 @@ Index: netcat-openbsd-1.89/netcat.c
+
+ /* call select */
+ do {
+ err = select(fd + 1, NULL, &connect_fdset,
+ err = select(fd + 1, NULL, &connect_fdset,
+ NULL, tvp);
+ } while (err < 0 && errno == EINTR);
+
+ /* select error */
+ if (err < 0)
+ errx(1,"select error: %s", strerror(errno));
+
+ /* we have reached a timeout */
+ if (err == 0)
+ if (err == 0)
+ return CONNECTION_TIMEOUT;
+
+ /* select returned successfully, but we must test socket
+ /* select returned successfully, but we must test socket
+ * error for result */
+ len = sizeof(err);
+ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0)
+ errx(1, "getsockopt error: %s", strerror(errno));
+
+ /* setup errno according to the result returned by
+ /* setup errno according to the result returned by
+ * getsockopt */
+ if (err != 0)
+ errno = err;
@ -113,7 +120,6 @@ Index: netcat-openbsd-1.89/netcat.c
+ fcntl(fd, F_SETFL, orig_flags);
+ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS;
+}
+
+
/*
* local_listen()

240
dccp-support.patch Normal file
View File

@ -0,0 +1,240 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 15:56:51 +0800
Subject: dccp support
---
nc.1 | 4 ++
netcat.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 82 insertions(+), 15 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvz
+.Op Fl 46CDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -286,6 +286,8 @@ for SOCKS, 3128 for HTTPS).
An IPv6 address can be specified unambiguously by enclosing
.Ar proxy_address
in square brackets.
+.It Fl Z
+DCCP mode.
.It Fl z
Specifies that
.Nm
--- a/netcat.c
+++ b/netcat.c
@@ -147,6 +147,7 @@ int rflag; /* Random ports flag */
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
int uflag; /* UDP - Default to TCP */
+int dccpflag; /* DCCP - Default to TCP */
int vflag; /* Verbosity */
int xflag; /* Socks proxy */
int zflag; /* Port Scan Flag */
@@ -219,6 +220,7 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
+char *proto_name(int uflag, int dccpflag);
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@@ -252,9 +254,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# endif
switch (ch) {
case '4':
@@ -370,6 +372,13 @@ main(int argc, char *argv[])
case 'u':
uflag = 1;
break;
+ case 'Z':
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ dccpflag = 1;
+# else
+ errx(1, "no DCCP support available");
+# endif
+ break;
case 'V':
# if defined(RT_TABLEID_MAX)
rtableid = (int)strtonum(optarg, 0,
@@ -461,6 +470,12 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
+ if (uflag)
+ errx(1, "cannot use -u and -U");
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
+# endif
host = argv[0];
uport = NULL;
} else if (!argv[0] && lflag) {
@@ -527,8 +542,20 @@ main(int argc, char *argv[])
if (family != AF_UNIX) {
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family;
- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ if (uflag) {
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_protocol = IPPROTO_UDP;
+ }
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ else if (dccpflag) {
+ hints.ai_socktype = SOCK_DCCP;
+ hints.ai_protocol = IPPROTO_DCCP;
+ }
+# endif
+ else {
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+ }
if (nflag)
hints.ai_flags |= AI_NUMERICHOST;
}
@@ -536,7 +563,10 @@ main(int argc, char *argv[])
if (xflag) {
if (uflag)
errx(1, "no proxy support for UDP mode");
-
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "no proxy support for DCCP mode");
+# endif
if (lflag)
errx(1, "no proxy support for listen");
@@ -798,19 +828,20 @@ main(int argc, char *argv[])
}
}
+ char *proto = proto_name(uflag, dccpflag);
/* Don't look up port if -n. */
if (nflag)
sv = NULL;
else {
sv = getservbyport(
ntohs(atoi(portlist[i])),
- uflag ? "udp" : "tcp");
+ proto);
}
fprintf(stderr,
"Connection to %s %s port [%s/%s] "
"succeeded!\n", host, portlist[i],
- uflag ? "udp" : "tcp",
+ proto,
sv ? sv->s_name : "*");
}
if (Fflag)
@@ -1017,6 +1048,24 @@ unix_listen(char *path)
return (s);
}
+char *proto_name(int uflag, int dccpflag) {
+
+ char *proto = NULL;
+ if (uflag) {
+ proto = "udp";
+ }
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ else if (dccpflag) {
+ proto = "dccp";
+ }
+# endif
+ else {
+ proto = "tcp";
+ }
+
+ return proto;
+}
+
/*
* remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local
@@ -1047,8 +1096,21 @@ remote_connect(const char *host, const c
# endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ if (uflag) {
+ ahints.ai_socktype = SOCK_DGRAM;
+ ahints.ai_protocol = IPPROTO_UDP;
+
+ }
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ else if (dccpflag) {
+ hints.ai_socktype = SOCK_DCCP;
+ hints.ai_protocol = IPPROTO_DCCP;
+ }
+# endif
+ else {
+ ahints.ai_socktype = SOCK_STREAM;
+ ahints.ai_protocol = IPPROTO_TCP;
+ }
ahints.ai_flags = AI_PASSIVE;
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -1060,15 +1122,16 @@ remote_connect(const char *host, const c
}
set_common_sockopts(s, res->ai_family);
+ char *proto = proto_name(uflag, dccpflag);
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
break;
if (vflag && error == CONNECTION_FAILED)
warn("connect to %s port %s (%s) failed", host, port,
- uflag ? "udp" : "tcp");
- else if (vflag && error == CONNECTION_TIMEOUT)
+ proto);
+ else if (vflag && error == CONNECTION_TIMEOUT)
warn("connect to %s port %s (%s) timed out", host, port,
- uflag ? "udp" : "tcp");
+ proto);
save_errno = errno;
close(s);
@@ -1654,7 +1717,8 @@ build_ports(char *p)
int hi, lo, cp;
int x = 0;
- sv = getservbyname(p, uflag ? "udp" : "tcp");
+ char *proto = proto_name(uflag, dccpflag);
+ sv = getservbyname(p, proto);
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
@@ -1991,6 +2055,7 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
+ \t-Z DCCP mode\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -2000,7 +2065,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"

191
dccp.patch
View File

@ -1,191 +0,0 @@
Index: netcat-openbsd-oneiric/netcat.c
===================================================================
--- netcat-openbsd-oneiric.orig/netcat.c 2011-06-10 22:29:16.371916860 +0300
+++ netcat-openbsd-oneiric/netcat.c 2011-06-10 22:29:16.371916860 +0300
@@ -88,6 +88,7 @@
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
int uflag; /* UDP - Default to TCP */
+int dccpflag; /* DCCP - Default to TCP */
int vflag; /* Verbosity */
int xflag; /* Socks proxy */
int zflag; /* Port Scan Flag */
@@ -113,6 +114,7 @@
void set_common_sockopts(int);
int parse_iptos(char *);
void usage(int);
+char *proto_name(int uflag, int dccpflag);
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@@ -140,7 +142,7 @@
sv = NULL;
while ((ch = getopt(argc, argv,
- "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x:zC")) != -1) {
+ "46Ddhi:jklnP:p:q:rSs:tT:UuZvw:X:x:zC")) != -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -205,6 +207,9 @@
case 'u':
uflag = 1;
break;
+ case 'Z':
+ dccpflag = 1;
+ break;
case 'v':
vflag = 1;
break;
@@ -247,6 +252,9 @@
if (argv[0] && !argv[1] && family == AF_UNIX) {
if (uflag)
errx(1, "cannot use -u and -U");
+ if (dccpflag)
+ errx(1, "cannot use -C and -U");
+
host = argv[0];
uport = NULL;
} else if (argv[0] && !argv[1]) {
@@ -273,8 +281,18 @@
if (family != AF_UNIX) {
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family;
- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ if (uflag) {
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_protocol = IPPROTO_UDP;
+ }
+ else if (dccpflag) {
+ hints.ai_socktype = SOCK_DCCP;
+ hints.ai_protocol = IPPROTO_DCCP;
+ }
+ else {
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+ }
if (nflag)
hints.ai_flags |= AI_NUMERICHOST;
}
@@ -283,6 +301,9 @@
if (uflag)
errx(1, "no proxy support for UDP mode");
+ if (dccpflag)
+ errx(1, "no proxy support for DCCP mode");
+
if (lflag)
errx(1, "no proxy support for listen");
@@ -348,17 +369,19 @@
}
if(vflag) {
+ char *proto = proto_name(uflag, dccpflag);
+
/* Don't look up port if -n. */
if (nflag)
sv = NULL;
else
sv = getservbyport(ntohs(atoi(uport)),
- uflag ? "udp" : "tcp");
+ proto);
fprintf(stderr, "Connection from %s port %s [%s/%s] accepted\n",
inet_ntoa(((struct sockaddr_in *)(&cliaddr))->sin_addr),
uport,
- uflag ? "udp" : "tcp",
+ proto,
sv ? sv->s_name : "*");
}
@@ -503,6 +526,22 @@
return (s);
}
+char *proto_name(uflag, dccpflag) {
+
+ char *proto = NULL;
+ if (uflag) {
+ proto = "udp";
+ }
+ else if (dccpflag) {
+ proto = "dccp";
+ }
+ else {
+ proto = "tcp";
+ }
+
+ return proto;
+}
+
/*
* remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local
@@ -529,8 +568,19 @@
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res0->ai_family;
- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ if (uflag) {
+ ahints.ai_socktype = SOCK_DGRAM;
+ ahints.ai_protocol = IPPROTO_UDP;
+
+ }
+ else if (dccpflag) {
+ ahints.ai_socktype = SOCK_DCCP;
+ ahints.ai_protocol = IPPROTO_DCCP;
+ }
+ else {
+ ahints.ai_socktype = SOCK_STREAM;
+ ahints.ai_protocol = IPPROTO_TCP;
+ }
ahints.ai_flags = AI_PASSIVE;
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -542,14 +592,19 @@
}
set_common_sockopts(s);
- if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
+ char *proto = proto_name(uflag, dccpflag);
+
+ if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout)) == CONNECTION_SUCCESS) {
break;
- else if (vflag && error == CONNECTION_FAILED)
+ }
+ else if (vflag && error == CONNECTION_FAILED) {
warn("connect to %s port %s (%s) failed", host, port,
- uflag ? "udp" : "tcp");
- else if (vflag && error == CONNECTION_TIMEOUT)
+ proto);
+ }
+ else if (vflag && error == CONNECTION_TIMEOUT) {
warn("connect to %s port %s (%s) timed out", host, port,
- uflag ? "udp" : "tcp");
+ proto);
+ }
close(s);
s = -1;
@@ -817,8 +872,8 @@
char *n, *endp;
int hi, lo, cp;
int x = 0;
-
- sv = getservbyname(p, uflag ? "udp" : "tcp");
+ char *proto = proto_name(uflag, dccpflag);
+ sv = getservbyname(p, proto);
if (sv) {
portlist[0] = calloc(1, PORT_MAX_LEN);
if (portlist[0] == NULL)
@@ -979,6 +1034,7 @@
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n\
+ \t-Z DCCP mode\n\
\t-v Verbose\n\
\t-w secs\t Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\

157
gcc-warnings.patch
View File

@ -1,157 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 20:39:46.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 20:42:35.000000000 -0500
@@ -127,7 +127,7 @@
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
- char *proxy;
+ char *proxy = NULL;
const char *proxyhost = "", *proxyport = NULL;
struct addrinfo proxyhints;
@@ -800,14 +800,12 @@
obuf[1] = DONT;
if ((*p == DO) || (*p == DONT))
obuf[1] = WONT;
- if (obuf) {
- p++;
- obuf[2] = *p;
- obuf[3] = '\0';
- if (atomicio(vwrite, nfd, obuf, 3) != 3)
- warn("Write Error!");
- obuf[0] = '\0';
- }
+ p++;
+ obuf[2] = *p;
+ obuf[3] = '\0';
+ if (atomicio(vwrite, nfd, obuf, 3) != 3)
+ warn("Write Error!");
+ obuf[0] = '\0';
}
}
Index: netcat-openbsd-1.89/socks.c
===================================================================
--- netcat-openbsd-1.89.orig/socks.c 2008-01-22 20:36:26.000000000 -0500
+++ netcat-openbsd-1.89/socks.c 2008-01-22 20:39:46.000000000 -0500
@@ -169,11 +169,11 @@
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
- err(1, "write failed (%d/3)", cnt);
+ err(1, "write failed (%d/3)", (int)cnt);
cnt = atomicio(read, proxyfd, buf, 2);
if (cnt != 2)
- err(1, "read failed (%d/3)", cnt);
+ err(1, "read failed (%d/3)", (int)cnt);
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
@@ -222,11 +222,11 @@
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
- err(1, "write failed (%d/%d)", cnt, wlen);
+ err(1, "write failed (%d/%d)", (int)cnt, (int)wlen);
cnt = atomicio(read, proxyfd, buf, 10);
if (cnt != 10)
- err(1, "read failed (%d/10)", cnt);
+ err(1, "read failed (%d/10)", (int)cnt);
if (buf[1] != 0)
errx(1, "connection failed, SOCKS error %d", buf[1]);
} else if (socksv == 4) {
@@ -244,11 +244,11 @@
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
- err(1, "write failed (%d/%d)", cnt, wlen);
+ err(1, "write failed (%d/%d)", (int)cnt, (int)wlen);
cnt = atomicio(read, proxyfd, buf, 8);
if (cnt != 8)
- err(1, "read failed (%d/8)", cnt);
+ err(1, "read failed (%d/8)", (int)cnt);
if (buf[1] != 90)
errx(1, "connection failed, SOCKS error %d", buf[1]);
} else if (socksv == -1) {
@@ -260,39 +260,39 @@
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
- r = snprintf(buf, sizeof(buf),
+ r = snprintf((char*)buf, sizeof(buf),
"CONNECT [%s]:%d HTTP/1.0\r\n",
host, ntohs(serverport));
} else {
- r = snprintf(buf, sizeof(buf),
+ r = snprintf((char*)buf, sizeof(buf),
"CONNECT %s:%d HTTP/1.0\r\n",
host, ntohs(serverport));
}
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "hostname too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
cnt = atomicio(vwrite, proxyfd, buf, r);
if (cnt != r)
- err(1, "write failed (%d/%d)", cnt, r);
+ err(1, "write failed (%d/%d)", (int)cnt, (int)r);
if (authretry > 1) {
char resp[1024];
proxypass = getproxypass(proxyuser, proxyhost);
- r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp,
sizeof(resp)) == -1)
errx(1, "Proxy username/password too long");
- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
+ r = snprintf((char*)buf, sizeof((char*)buf), "Proxy-Authorization: "
"Basic %s\r\n", resp);
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "Proxy auth response too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%d/%d)", cnt, r);
+ err(1, "write failed (%d/%d)", (int)cnt, r);
}
/* Terminate headers */
@@ -300,22 +300,22 @@
err(1, "write failed (2/%d)", r);
/* Read status reply */
- proxy_read_line(proxyfd, buf, sizeof(buf));
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
if (proxyuser != NULL &&
- strncmp(buf, "HTTP/1.0 407 ", 12) == 0) {
+ strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) {
if (authretry > 1) {
fprintf(stderr, "Proxy authentication "
"failed\n");
}
close(proxyfd);
goto again;
- } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 &&
- strncmp(buf, "HTTP/1.1 200 ", 12) != 0)
+ } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 &&
+ strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0)
errx(1, "Proxy error: \"%s\"", buf);
/* Headers continue until we hit an empty line */
for (r = 0; r < HTTP_MAXHDRS; r++) {
- proxy_read_line(proxyfd, buf, sizeof(buf));
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
if (*buf == '\0')
break;
}

28
get-sev-by-name.patch Normal file
View File

@ -0,0 +1,28 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 14:45:08 +0800
Subject: get sev by name
---
netcat.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/netcat.c
+++ b/netcat.c
@@ -1603,11 +1603,16 @@ strtoport(char *portstr, int udp)
void
build_ports(char *p)
{
+ struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
- if ((n = strchr(p, '-')) != NULL) {
+ sv = getservbyname(p, uflag ? "udp" : "tcp");
+ if (sv) {
+ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
+ err(1, "asprintf");
+ } else if ((n = strchr(p, '-')) != NULL) {
*n = '\0';
n++;

24
getservbyname.patch
View File

@ -1,24 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 20:39:46.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 20:43:36.000000000 -0500
@@ -819,11 +819,18 @@
void
build_ports(char *p)
{
+ struct servent *sv;
char *n, *endp;
int hi, lo, cp;
int x = 0;
- if ((n = strchr(p, '-')) != NULL) {
+ sv = getservbyname(p, uflag ? "udp" : "tcp");
+ if (sv) {
+ portlist[0] = calloc(1, PORT_MAX_LEN);
+ if (portlist[0] == NULL)
+ err(1, NULL);
+ snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port));
+ } else if ((n = strchr(p, '-')) != NULL) {
if (lflag)
errx(1, "Cannot use -l with multiple ports!");

76
glib-strlcpy.patch
View File

@ -1,76 +0,0 @@
--- netcat-openbsd-1.89.orig/netcat.c
+++ netcat-openbsd-1.89/netcat.c
@@ -55,6 +55,8 @@
#include <limits.h>
#include "atomicio.h"
+#define strlcpy(d,s,n) snprintf((d),(n),"%s",(s))
+
#ifndef SUN_LEN
#define SUN_LEN(su) \
(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
@@ -549,11 +551,11 @@ local_listen(char *host, char *port, str
if ((s = socket(res0->ai_family, res0->ai_socktype,
res0->ai_protocol)) < 0)
continue;
-
+ #ifdef SO_REUSEPORT
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
err(1, NULL);
-
+ #endif
set_common_sockopts(s);
if (bind(s, (struct sockaddr *)res0->ai_addr,
@@ -719,7 +721,8 @@ build_ports(char *p)
char *c;
for (x = 0; x <= (hi - lo); x++) {
- y = (arc4random() & 0xFFFF) % (hi - lo);
+ /* use random instead of arc4random */
+ y = (random() & 0xFFFF) % (hi - lo);
c = portlist[x];
portlist[x] = portlist[y];
portlist[y] = c;
@@ -761,21 +764,25 @@ set_common_sockopts(int s)
{
int x = 1;
+#ifdef TCP_MD5SIG
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+#endif
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+#ifdef SO_JUMBO
if (jflag) {
if (setsockopt(s, SOL_SOCKET, SO_JUMBO,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+#endif
if (Tflag != -1) {
if (setsockopt(s, IPPROTO_IP, IP_TOS,
&Tflag, sizeof(Tflag)) == -1)
@@ -816,9 +823,11 @@ help(void)
\t-n Suppress name/port resolutions\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
- \t-r Randomize remote ports\n\
- \t-S Enable the TCP MD5 signature option\n\
- \t-s addr\t Local source address\n\
+ \t-r Randomize remote ports\n "
+#ifdef TCP_MD5SIG
+" \t-S Enable the TCP MD5 signature option\n"
+#endif
+" \t-s addr\t Local source address\n\
\t-T ToS\t Set IP Type of Service\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\

21
help-version-exit.patch
View File

@ -1,21 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-25 13:14:34.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-25 13:15:49.000000000 -0500
@@ -937,6 +937,7 @@
void
help(void)
{
+ fprintf(stderr, "OpenBSD netcat (SUSE Linux)\n");
usage(0);
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
@@ -966,7 +967,7 @@
\t-x addr[:port]\tSpecify proxy address and port\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1);
+ exit(0);
}
void

382
misc-failures-and-features.patch Normal file
View File

@ -0,0 +1,382 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: misc failures and features
---
Makefile | 3 +-
nc.1 | 76 +++++++++++++++++++++++++++++++++++++++++++++++++---
netcat.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-------------------
3 files changed, 138 insertions(+), 32 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,8 @@
PROG= nc
SRCS= netcat.c atomicio.c socks.c
-LIBS= `pkg-config --libs libbsd` -lresolv
+PKG_CONFIG ?= pkg-config
+LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv
OBJS= $(SRCS:.c=.o)
CFLAGS= -g -O2
LDFLAGS= -Wl,--no-add-needed
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -96,6 +96,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending.
.It Fl D
@@ -352,6 +354,54 @@ and which side is being used as a
The connection may be terminated using an
.Dv EOF
.Pq Sq ^D .
+.Pp
+There is no
+.Fl c
+or
+.Fl e
+option in this netcat, but you still can execute a command after connection
+being established by redirecting file descriptors. Be cautious here because
+opening a port and let anyone connected execute arbitrary command on your
+site is DANGEROUS. If you really need to do this, here is an example:
+.Pp
+On
+.Sq server
+side:
+.Pp
+.Dl $ rm -f /tmp/f; mkfifo /tmp/f
+.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f
+.Pp
+On
+.Sq client
+side:
+.Pp
+.Dl $ nc host.example.com 1234
+.Dl $ (shell prompt from host.example.com)
+.Pp
+By doing this, you create a fifo at /tmp/f and make nc listen at port 1234
+of address 127.0.0.1 on
+.Sq server
+side, when a
+.Sq client
+establishes a connection successfully to that port, /bin/sh gets executed
+on
+.Sq server
+side and the shell prompt is given to
+.Sq client
+side.
+.Pp
+When connection is terminated,
+.Nm
+quits as well. Use
+.Fl k
+if you want it keep listening, but if the command quits this option won't
+restart it or keep
+.Nm
+running. Also don't forget to remove the file descriptor once you don't need
+it anymore:
+.Pp
+.Dl $ rm -f /tmp/f
+.Pp
.Sh DATA TRANSFER
The example in the previous section can be expanded to build a
basic data transfer model.
@@ -411,15 +461,30 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order.
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com 80 20 22
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+.Ed
+.Pp
+The ports are scanned by the order you given.
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
@@ -484,6 +549,9 @@ Original implementation by *Hobbit*
.br
Rewritten with IPv6 support by
.An Eric Jackson Aq Mt ericj@monkey.org .
+.br
+Modified for Debian port by Aron Xu
+.Aq aron@debian.org .
.Sh CAVEATS
UDP port scans using the
.Fl uz
--- a/netcat.c
+++ b/netcat.c
@@ -98,6 +98,7 @@
#include <netdb.h>
#include <poll.h>
#include <signal.h>
+#include <stddef.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -136,6 +137,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -186,7 +188,7 @@ int ttl = -1;
int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
-void build_ports(char *);
+void build_ports(char **);
void help(void);
int local_listen(char *, char *, struct addrinfo);
# if defined(TLS)
@@ -236,11 +238,14 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
- struct sockaddr_storage cliaddr;
+ union {
+ struct sockaddr_storage storage;
+ struct sockaddr_un forunix;
+ } cliaddr;
char *proxy, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
@@ -260,9 +265,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# endif
switch (ch) {
case '4':
@@ -271,6 +276,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -479,32 +491,39 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
- if (uflag)
- errx(1, "cannot use -u and -U");
# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
if (dccpflag)
errx(1, "cannot use -Z and -U");
# endif
host = argv[0];
uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- if (pflag)
- uport=pflag;
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = argv[0];
+ } else if (argv[0] && !argv[1] && lflag) {
+ if (pflag) {
+ uport = &pflag;
+ host = argv[0];
+ } else {
+ uport = argv;
+ host = NULL;
+ }
+ } else if (!argv[0] && lflag && pflag) {
+ uport = &pflag;
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
+ if (lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ /* This still does not work well because of getopt mess
+ errx(1, "cannot use -p and -l"); */
+ uport = &pflag;
+ }
if (!lflag && kflag)
errx(1, "must use -l with -k");
# if defined(TLS)
@@ -674,7 +693,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -683,7 +702,8 @@ main(int argc, char *argv[])
local = ":::";
else
local = "0.0.0.0";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ if (vflag && (family != AF_UNIX))
+ fprintf(stderr, "Listening on [%s] (family %d, port %s)\n",
host ?: local,
family,
*uport);
@@ -898,6 +918,8 @@ unix_bind(char *path, int flags)
0)) < 0)
return (-1);
+ unlink(path);
+
memset(&s_un, 0, sizeof(struct sockaddr_un));
s_un.sun_family = AF_UNIX;
@@ -1015,8 +1037,10 @@ unix_connect(char *path)
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0)
return (-1);
} else {
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) {
+ errx(1,"create unix socket failed");
return (-1);
+ }
}
memset(&s_un, 0, sizeof(struct sockaddr_un));
@@ -1026,10 +1050,12 @@ unix_connect(char *path)
sizeof(s_un.sun_path)) {
close(s);
errno = ENAMETOOLONG;
+ warn("unix connect abandoned");
return (-1);
}
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) {
save_errno = errno;
+ warn("unix connect failed");
close(s);
errno = save_errno;
return (-1);
@@ -1718,25 +1744,26 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
+ sv = getservbyname(*p, proto);
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
+ } else if ((n = strchr(*p, '-')) != NULL) {
*n = '\0';
n++;
/* Make sure the ports are in order: lowest->highest. */
hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
+ lo = strtoport(*p, uflag);
if (lo > hi) {
cp = hi;
hi = lo;
@@ -1764,7 +1791,7 @@ build_ports(char *p)
} else {
char *tmp;
- hi = strtoport(p, uflag);
+ hi = strtoport(*p, uflag);
if (asprintf(&tmp, "%d", hi) != -1)
portlist[0] = tmp;
else
@@ -1802,6 +1829,15 @@ set_common_sockopts(int s, const struct
int x = 1;
int af = sa->sa_family;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {
struct tcp_md5sig sig;
@@ -2042,6 +2078,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\

14
nc-1.84-udp_stop.patch
View File

@ -1,14 +0,0 @@
Index: netcat-1.84/netcat.c
===================================================================
--- netcat-1.84.orig/netcat.c 2008-01-15 10:10:22.373351813 +0100
+++ netcat-1.84/netcat.c 2008-01-15 10:10:24.840730278 +0100
@@ -799,6 +799,9 @@
hi = lo;
lo = cp;
}
+ else if (pfd[0].revents & POLLERR)
+ if (write(nfd, "", 1) == -1)
+ warn("Write error");
/* Load ports sequentially. */
for (cp = lo; cp <= hi; cp++) {

12
netcat-info.patch
View File

@ -1,12 +0,0 @@
diff -Naurp netcat-openbsd-1.89.orig//netcat.c netcat-openbsd-1.89/netcat.c
--- netcat-openbsd-1.89.orig//netcat.c 2011-01-04 13:54:23.707910134 -0500
+++ netcat-openbsd-1.89/netcat.c 2011-01-04 14:12:50.499950473 -0500
@@ -995,6 +995,8 @@ help(void)
void
usage(int ret)
{
+ fprintf(stderr, "This is nc from the netcat-openbsd package. An alternative nc is available\n");
+ fprintf(stderr, "in the netcat-traditional package.\n");
fprintf(stderr, "usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]\n");
fprintf(stderr, "\t [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]\n");
fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n");

3
netcat-openbsd-1.89.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e167abd95aae72a8abaa6f230dce663e1cdb284c40cbf043ef725fa1cea4ebb
size 12980

423
netcat-openbsd-debian.patch
View File

@ -1,423 +0,0 @@
--- netcat-openbsd-1.89.orig/debian/rules
+++ netcat-openbsd-1.89/debian/rules
@@ -0,0 +1,64 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+
+DEB_CFLAGS = -g -Wall
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+DEB_CFLAGS += -O0
+else
+DEB_CFLAGS += -O2
+endif
+ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+INSTALL_PROG = install -m 0755
+else
+INSTALL_PROG = install -s -m 0755
+endif
+DEB_VER = $(shell dpkg-parsechangelog | sed -n 's/^Version: //p')
+
+patch: patch-stamp
+patch-stamp:
+ QUILT_PATCHES=debian/patches quilt push -a || test $$? = 2
+ touch patch-stamp
+
+unpatch:
+ QUILT_PATCHES=debian/patches quilt pop -a -R || test $$? = 2
+ rm -rf .pc patch-stamp
+
+build: build-stamp
+build-stamp: patch-stamp
+
+ $(MAKE) CFLAGS='$(DEB_CFLAGS) -DDEBIAN_VERSION=\"$(DEB_VER)\"'
+ touch build-stamp
+
+clean: unpatch
+ dh_testdir
+ dh_clean patch-stamp build-stamp
+ $(MAKE) clean
+
+install:
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ $(INSTALL_PROG) nc $(CURDIR)/debian/netcat-openbsd/bin/nc.openbsd
+ cp nc.1 $(CURDIR)/debian/netcat-openbsd/usr/share/man/man1/nc_openbsd.1
+
+binary-indep: build install
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples debian/examples/*
+ dh_link
+ dh_strip
+ dh_compress -Xexamples
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
--- netcat-openbsd-1.89.orig/debian/netcat-openbsd.prerm
+++ netcat-openbsd-1.89/debian/netcat-openbsd.prerm
@@ -0,0 +1,7 @@
+#!/bin/sh -e
+
+if [ "$1" = "remove" ]; then
+ update-alternatives --remove nc /bin/nc.openbsd
+fi
+
+#DEBHELPER#
--- netcat-openbsd-1.89.orig/debian/netcat-openbsd.postinst
+++ netcat-openbsd-1.89/debian/netcat-openbsd.postinst
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+if [ "$1" = "configure" ]; then
+ update-alternatives \
+ --install /bin/nc nc /bin/nc.openbsd 50 \
+ --slave /bin/netcat netcat /bin/nc.openbsd \
+ --slave /usr/share/man/man1/nc.1.gz nc.1.gz \
+ /usr/share/man/man1/nc_openbsd.1.gz \
+ --slave /usr/share/man/man1/netcat.1.gz netcat.1.gz \
+ /usr/share/man/man1/nc_openbsd.1.gz
+fi
+
+#DEBHELPER#
--- netcat-openbsd-1.89.orig/debian/netcat-openbsd.dirs
+++ netcat-openbsd-1.89/debian/netcat-openbsd.dirs
@@ -0,0 +1,2 @@
+bin
+usr/share/man/man1
--- netcat-openbsd-1.89.orig/debian/netcat-openbsd.README.Debian
+++ netcat-openbsd-1.89/debian/netcat-openbsd.README.Debian
@@ -0,0 +1,41 @@
+OpenBSD netcat for Debian
+-------------------------
+
+This package has been rebased on OpenBSD's implementation of netcat. The
+code has been massively cleaned up, and important functionality has been
+added.
+
+ -- Soren Hansen <soren@ubuntu.com> Tue, 15 Jan 2008 10:38:34 +0100
+
+The OpenBSD implementation has been split from netcat-traditional for
+two reasons (not counting sentimental value):
+
+ 1. Netcat should be part of the base system; OpenBSD netcat uses
+ strlcpy. While there is already a perfectly good implementation of
+ strlcpy in Debian, it is part of glib, which is not included in base.
+ 2. Packages should not be replaced under users' feet; a transitional
+ package will be provided for lenny so that users can note the new
+ package and switch if they wish.
+
+You may install this package alongside netcat-traditional; they both
+use the alternatives system for nc(1) as well as the deprecated alias
+netcat(1). Other implementations of netcat with compatible command line
+options are encouraged to also do so and provide the virtual package
+"netcat".
+
+The following features from netcat-traditional will not be added to this
+package:
+
+ * The -e and -c options (This should be done by redirecting the
+ appropriate file descriptors, not within netcat. How to do so should
+ be better documented.)
+ * Printing "connection refused" messages when -v is not specified
+ (because there is only one level of verbosity in this netcat, and
+ that message is primarily what the option is for.)
+
+Anything else that netcat-traditional does that this package doesn't
+is a bug. Wherever possible, command-line compatibility with the BSDs
+and Fedora is desired, but it should be easy to use netcat-openbsd as a
+"drop-in" replacement for netcat-traditional as well.
+
+ -- Decklin Foster <decklin@red-bean.com> Tue, 22 Jan 2008 18:50:08 -0500
--- netcat-openbsd-1.89.orig/debian/copyright
+++ netcat-openbsd-1.89/debian/copyright
@@ -0,0 +1,130 @@
+The netcat-openbsd Debian package was created by Soren Hansen
+<soren@ubuntu.com> and by Decklin Foster <decklin@red-bean.com>, based
+loosely on the original netcat package. The code itself was rewritten
+by the OpenBSD project, from the original implementation by Hobbit
+<hobbit@atstake.com>.
+
+Sources can be found at:
+
+ http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
+
+Copyright and license of netcat.c:
+
+ Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the author may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Copyright and license of atomicio.c:
+
+ Copyright (c) 2005 Anil Madhavapeddy. All rights served.
+ Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Copyright (c) 2005 Anil Madhavapeddy. All rights served.
+ Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
+
+Copyright of socks.c (license is identical to that of atomicio.c):
+
+ Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+ Copyright (c) 2004, 2005 Damien Miller. All rights reserved.
+
+Copyright and license of readpassphrase.c:
+
+ Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ Sponsored in part by the Defense Advanced Research Projects
+ Agency (DARPA) and Air Force Research Laboratory, Air Force
+ Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+Copyright and license of base64.c:
+
+ Copyright (c) 1996 by Internet Software Consortium.
+
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+
+ THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ SOFTWARE.
+
+ Portions Copyright (c) 1995 by International Business Machines, Inc.
+
+ International Business Machines, Inc. (hereinafter called IBM) grants
+ permission under its copyrights to use, copy, modify, and distribute this
+ Software with or without fee, provided that the above copyright notice and
+ all paragraphs of this notice appear in all copies, and that the name of IBM
+ not be used in connection with the marketing of any product incorporating
+ the Software or modifications thereof, without specific, written prior
+ permission.
+
+ To the extent it has a right to do so, IBM grants an immunity from suit
+ under its patents, if any, for the use, sale or manufacture of products to
+ the extent that such products are used for performing Domain Name System
+ dynamic updates in TCP/IP networks by means of the Software. No immunity is
+ granted for any product per se or for any other function of any product.
+
+ THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
--- netcat-openbsd-1.89.orig/debian/control
+++ netcat-openbsd-1.89/debian/control
@@ -0,0 +1,25 @@
+Source: netcat-openbsd
+Section: net
+Priority: optional
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Decklin Foster <decklin@red-bean.com>
+Standards-Version: 3.7.3
+Build-Depends: quilt, debhelper (>= 4.0.0), libglib2.0-dev
+
+Package: netcat-openbsd
+Architecture: any
+Depends: ${shlibs:Depends}
+Provides: netcat
+Conflicts: netcat (<< 1.10-35)
+Replaces: netcat (<< 1.10-35)
+Description: TCP/IP swiss army knife
+ A simple Unix utility which reads and writes data across network
+ connections using TCP or UDP protocol. It is designed to be a reliable
+ "back-end" tool that can be used directly or easily driven by other
+ programs and scripts. At the same time it is a feature-rich network
+ debugging and exploration tool, since it can create almost any kind of
+ connection you would need and has several interesting built-in
+ capabilities.
+ .
+ This package contains the OpenBSD rewrite of netcat, including support
+ for IPv6, proxies, and Unix sockets.
--- netcat-openbsd-1.89.orig/debian/compat
+++ netcat-openbsd-1.89/debian/compat
@@ -0,0 +1 @@
+4
--- netcat-openbsd-1.89.orig/debian/changelog
+++ netcat-openbsd-1.89/debian/changelog
@@ -0,0 +1,113 @@
+netcat-openbsd (1.89-4ubuntu1) oneiric; urgency=low
+
+ * Merge from Debian unstable (LP: #803856). Remaining changes:
+ - debian/patches/dccp.patch: Added support for dccp
+ - debian/patches/netcat-info.patch: Add info about netcat-traditional
+ if you are looking for an option when it is not available.
+ (LP: #590925)
+ - debian/patches/verbose-message-to-stderr.patch: Log "Connection to ..."
+ messages to stderr (LP: #519210)
+ - Modify Maintainer value to match the DebianMaintainerField
+ specification.
+ - Fix build failure with --as-needed.
+
+ -- Adam Gandelman <adamg@canonical.com> Fri, 01 Jul 2011 23:34:38 +0200
+
+netcat-openbsd (1.89-4) unstable; urgency=low
+
+ * Quit immediately after EOF if -q is not given (i.e. make the default
+ equivalent to -q 0). This is the standard upstream behavior and what
+ other Linux distributions use. It is different from netcat-traditional,
+ but compatibility with other versions of OpenBSD netcat is more
+ important. (Closes: #502188)
+
+ -- Decklin Foster <decklin@red-bean.com> Sun, 18 Apr 2010 20:05:08 -0400
+
+netcat-openbsd (1.89-3ubuntu6) oneiric; urgency=low
+
+ * debian/patches/dccp.patch: Added support for dccp
+
+ -- Michael Gendelman <genged@gmail.com> Sat, 11 Jun 2011 01:09:57 +0300
+
+netcat-openbsd (1.89-3ubuntu5) natty; urgency=low
+
+ * debian/patches/quit-timer.patch: Re-enabled, but set default to 0 to match
+ current behavior.
+ * debian/patches/netcat-info.patch: Add info about netcat-traditional
+ if you are looking for an option when it is not available.
+ (LP: #590925)
+
+ -- Chuck Short <zulcss@ubuntu.com> Tue, 04 Jan 2011 14:31:12 -0500
+
+netcat-openbsd (1.89-3ubuntu4) natty; urgency=low
+
+ * debian/patches/quit-timer.patch: Drop quit-time.patch as per disccussion on
+ ubuntu-server. (LP: #590925)
+
+ -- Chuck Short <zulcss@ubuntu.com> Mon, 03 Jan 2011 10:08:24 -0500
+
+netcat-openbsd (1.89-3ubuntu3) natty; urgency=low
+
+ * Fix build failure with --as-needed.
+
+ -- Matthias Klose <doko@ubuntu.com> Fri, 19 Nov 2010 14:40:32 +0100
+
+netcat-openbsd (1.89-3ubuntu2) lucid; urgency=low
+
+ * Log "Connection to ..." messages to stderr (LP: #519210)
+
+ -- Stefan Haller <haliner@googlemail.com> Tue, 09 Feb 2010 10:42:03 +0100
+
+netcat-openbsd (1.89-3ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable.
+ * Reinsert quit-timer, but set default to 0 to match current behaviour.
+ (LP: #242350)
+
+ -- Soren Hansen <soren@ubuntu.com> Wed, 25 Jun 2008 18:47:47 +0200
+
+netcat-openbsd (1.89-3) unstable; urgency=low
+
+ * Silence -z flag, for compatibility with netcat-traditional (Closes:
+ #464564)
+ * Move stray line in socks.c to quilt patch series (Closes: #485160)
+ * Add missing documentation for -q option to man page.
+
+ -- Decklin Foster <decklin@red-bean.com> Thu, 19 Jun 2008 16:20:01 -0400
+
+netcat-openbsd (1.89-2ubuntu1) hardy; urgency=low
+
+ * Remove quit-timer.patch. It added a bad, bad default behaviour of keeping
+ connections open even though the client had closed the connection. (LP:
+ #201340)
+ * Modify Maintainer value to match the DebianMaintainerField
+ specification.
+
+ -- Soren Hansen <soren@ubuntu.com> Wed, 12 Mar 2008 11:49:28 +0100
+
+netcat-openbsd (1.89-2) unstable; urgency=low
+
+ * Replace references to "netcat-base" with "netcat-traditional" (future
+ name of the old netcat package).
+
+ -- Decklin Foster <decklin@red-bean.com> Wed, 30 Jan 2008 18:24:46 -0500
+
+netcat-openbsd (1.89-1) unstable; urgency=low
+
+ * Initial release. (Closes: #145798)
+ * Includes support for:
+ - IPv6 (Closes: #461317)
+ - Unix domain sockets (Closes: #348564)
+ - SOCKS (Closes: #142898)
+ * Conflict with netcat versions older than netcat-traditional, so that we
+ can use alternatives.
+ * Port some features over from netcat-traditional:
+ - Exit successfully when printing help text (-h), and include the Debian
+ revision.
+ - Add the -q (quit on standard input EOF) flag.
+ - Add support for specifying ports by name (/etc/services). Unlike the
+ old hack for this, nc will first try to find a named service, then fall
+ back to numeric parsing, so no escaping is needed.
+
+ -- Decklin Foster <decklin@red-bean.com> Mon, 21 Jan 2008 18:41:37 -0500
+

831
netcat-openbsd-examples.patch
View File

@ -1,831 +0,0 @@
--- netcat-openbsd-1.89.orig/debian/examples/websearch
+++ netcat-openbsd-1.89/debian/examples/websearch
@@ -0,0 +1,77 @@
+#! /bin/sh
+## Hit the major search engines. Hose the [large] output to a file!
+## autoconverts multiple arguments into the right format for given servers --
+## usually worda+wordb, with certain lame exceptions like dejanews.
+## Extracting and post-sorting the URLs is highly recommended...
+##
+## Altavista currently handled by a separate script; may merge at some point.
+##
+## _H* original 950824, updated 951218 and 960209
+
+test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
+PLUSARG="`echo $* | sed 's/ /+/g'`"
+PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
+IFILE=/tmp/.webq.$$
+
+# Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit.
+doquery () {
+ echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
+}
+
+# changed since original: now supplying port numbers and separator lines...
+
+echo "=== Yahoo ==="
+doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
+
+echo '' ; echo "=== Webcrawler ==="
+doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
+
+# the infoseek lamers want "registration" before they do a real search, but...
+echo '' ; echo "=== Infoseek ==="
+echo " is broken."
+# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
+# ... which doesn't work cuz their lame server wants the extra newlines, WITH
+# CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If
+# you want to play, the basic idea and query formats follow.
+# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
+# echo "" >> $IFILE
+# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
+
+# this is kinda flakey; might have to do twice??
+echo '' ; echo "=== Opentext ==="
+doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
+ search.opentext.com 80
+
+# looks like inktomi will only take hits=100, or defaults back to 30
+# we try to suppress all the stupid rating dots here, too
+echo '' ; echo "=== Inktomi ==="
+doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
+ sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
+
+#djnews lame shit limits hits to 120 and has nonstandard format
+echo '' ; echo "=== Dejanews ==="
+doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
+ smithers.dejanews.com 80
+
+# OLD lycos: used to work until they fucking BROKE it...
+# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
+# query5.lycos.cs.cmu.edu 80
+# NEW lycos: wants the User-agent field present in query or it returns nothing
+# 960206: webmaster@lycos duly bitched at
+# 960208: reply received; here's how we will now handle it:
+echo \
+"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
+ > $IFILE
+echo "User-agent: *FUCK OFF*" >> $IFILE
+echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
+echo '' >> $IFILE
+echo '' ; echo "=== Lycos ==="
+nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
+
+rm -f $IFILE
+exit 0
+
+# CURRENTLY BROKEN [?]
+# infoseek
+
+# some args need to be redone to ensure whatever "and" mode applies
--- netcat-openbsd-1.89.orig/debian/examples/webrelay
+++ netcat-openbsd-1.89/debian/examples/webrelay
@@ -0,0 +1,44 @@
+#! /bin/sh
+## web relay -- a degenerate version of webproxy, usable with browsers that
+## don't understand proxies. This just forwards connections to a given server.
+## No query logging, no access control [although you can add it to XNC for
+## your own run], and full-URL links will undoubtedly confuse the browser
+## if it can't reach the server directly. This was actually written before
+## the full proxy was, and it shows.
+## The arguments in this case are the destination server and optional port.
+## Please flame pinheads who use self-referential absolute links.
+
+# set these as you wish: proxy port...
+PORT=8000
+# any extra args to the listening "nc", for instance "-s inside-net-addr"
+XNC=''
+
+# functionality switch, which has to be done fast to start the next listener
+case "${1}${RDEST}" in
+ "")
+ echo needs hostname
+ exit 1
+ ;;
+esac
+
+case "${1}" in
+ "")
+# no args: fire off new relayer process NOW. Will hang around for 10 minutes
+ nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
+# and handle this request, which will simply fail if vars not set yet.
+ exec nc -w 15 $RDEST $RPORT
+ ;;
+esac
+
+# Fall here for setup; this can now be slower.
+RDEST="$1"
+RPORT="$2"
+test "$RPORT" || RPORT=80
+export RDEST RPORT
+
+# Launch the first relayer same as above, but let its error msgs show up
+# will hang around for a minute, and exit if no new connections arrive.
+nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
+echo \
+ "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
+exit 0
--- netcat-openbsd-1.89.orig/debian/examples/webproxy
+++ netcat-openbsd-1.89/debian/examples/webproxy
@@ -0,0 +1,141 @@
+#! /bin/sh
+## Web proxy, following the grand tradition of Web things being handled by
+## gross scripts. Uses netcat to listen on a high port [default 8000],
+## picks apart requests and sends them on to the right place. Point this
+## at the browser client machine you'll be coming from [to limit access to
+## only it], and point the browser's concept of an HTTP proxy to the
+## machine running this. Takes a single argument of the client that will
+## be using it, and rejects connections from elsewhere. LOGS the queries
+## to a configurable logfile, which can be an interesting read later on!
+## If the argument is "reset", the listener and logfile are cleaned up.
+##
+## This works surprisingly fast and well, for a shell script, although may
+## randomly fail when hammered by a browser that tries to open several
+## connections at once. Drop the "maximum connections" in your browser if
+## this is a problem.
+##
+## A more degenerate case of this, or preferably a small C program that
+## does the same thing under inetd, could handle a small site's worth of
+## proxy queries. Given the way browsers are evolving, proxies like this
+## can play an important role in protecting your own privacy.
+##
+## If you grabbed this in ASCII mode, search down for "eew" and make sure
+## the embedded-CR check is intact, or requests might hang.
+##
+## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
+## Dumbness here has a highly desirable side effect: it only sends the first
+## GET line, since that's all you really ever need to send, and suppresses
+## the other somewhat revealing trash that most browsers insist on sending.
+##
+## To use the proxy, export `http_proxy' in your environment, e.g.
+## `http_proxy=http://localhost:8000'.
+
+# set these as you wish: proxy port...
+PORT=8000
+# logfile spec: a real file or /dev/null if you don't care
+LFILE=${0}.log
+# optional: where to dump connect info, so you can see if anything went wrong
+# CFILE=${0}.conn
+# optional extra args to the listener "nc", for instance "-s inside-net-addr"
+# XNC=''
+
+# functionality switch has to be done fast, so the next listener can start
+# prelaunch check: if no current client and no args, bail.
+case "${1}${CLIENT}" in
+ "")
+ echo needs client hostname
+ exit 1
+ ;;
+esac
+
+case "${1}" in
+ "")
+# Make like inetd, and run the next relayer process NOW. All the redirection
+# is necessary so this shell has NO remaining channel open to the net.
+# This will hang around for 10 minutes, and exit if no new connections arrive.
+# Using -n for speed, avoiding any DNS/port lookups.
+ nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
+ 2> $CFILE &
+ ;;
+esac
+
+# no client yet and had an arg, this checking can be much slower now
+umask 077
+
+if test "$1" ; then
+# if magic arg, just clean up and then hit our own port to cause server exit
+ if test "$1" = "reset" ; then
+ rm -f $LFILE
+ test -f "$CFILE" && rm -f $CFILE
+ nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
+ exit 0
+ fi
+# find our ass with both hands
+ test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
+# correct launch: set up client access control, passed along thru environment.
+ CLIENT="$1"
+ export CLIENT
+ test "$CFILE" || CFILE=/dev/null
+ export CFILE
+ touch "$CFILE"
+# tell us what happened during the last run, if possible
+ if test -f "$CFILE" ; then
+ echo "Last connection results:"
+ cat $CFILE
+ fi
+
+# ping client machine and get its bare IP address
+ CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
+ test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
+
+# if this was an initial launch, be informative about it
+ echo "=== Launch: $CLIENT" >> $LFILE
+ echo "Proxy running -- will accept connections on $PORT from $CLIENT"
+ echo " Logging queries to $LFILE"
+ test -f "$CFILE" && echo " and connection fuckups to $CFILE"
+
+# and run the first listener, showing us output just for the first hit
+ nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
+ exit 0
+fi
+
+# Fall here to handle a page.
+# GET type://host.name:80/file/path HTTP/1.0
+# Additional: trash
+# More: trash
+# <newline>
+
+read x1 x2 x3 x4
+echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
+test "$x4" && echo "extra junk after request: $x4" && exit 0
+# nuke questionable characters and split up the request
+hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
+# echo massaged hurl: $hurl >> $LFILE
+hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
+hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
+test "$hp" = "$hh" && hp=80
+hf=`echo "$hurl" | sed -e "s+[^/]*++"`
+# echo total split: $hh : $hp : $hf >> $LFILE
+# suck in and log the entire request, because we're curious
+# Fails on multipart stuff like forms; oh well...
+if test "$x3" ; then
+ while read xx ; do
+ echo "${xx}" >> $LFILE
+ test "${xx}" || break
+# eew, buried returns, gross but necessary for DOS stupidity:
+ test "${xx}" = " " && break
+ done
+fi
+# check for non-GET *after* we log the query...
+test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
+# no, you can *not* phone home, you miserable piece of shit
+test "`echo $hh | fgrep -i netscap`" && \
+ echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
+# Do it. 30 sec net-wait time oughta be *plenty*...
+# Some braindead servers have forgotten how to handle the simple-query syntax.
+# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
+echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
+ echo "oops, can't get to $hh : $hp".
+echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
+exit 0
+
--- netcat-openbsd-1.89.orig/debian/examples/web
+++ netcat-openbsd-1.89/debian/examples/web
@@ -0,0 +1,148 @@
+#! /bin/sh
+## The web sucks. It is a mighty dismal kludge built out of a thousand
+## tiny dismal kludges all band-aided together, and now these bottom-line
+## clueless pinheads who never heard of "TCP handshake" want to run
+## *commerce* over the damn thing. Ye godz. Welcome to TV of the next
+## century -- six million channels of worthless shit to choose from, and
+## about as much security as today's cable industry!
+##
+## Having grown mightily tired of pain in the ass browsers, I decided
+## to build the minimalist client. It doesn't handle POST, just GETs, but
+## the majority of cgi forms handlers apparently ignore the method anyway.
+## A distinct advantage is that it *doesn't* pass on any other information
+## to the server, like Referer: or info about your local machine such as
+## Netscum tries to!
+##
+## Since the first version, this has become the *almost*-minimalist client,
+## but it saves a lot of typing now. And with netcat as its backend, it's
+## totally the balls. Don't have netcat? Get it here in /src/hacks!
+## _H* 950824, updated 951009 et seq.
+##
+## args: hostname [port]. You feed it the filename-parts of URLs.
+## In the loop, HOST, PORT, and SAVE do the right things; a null line
+## gets the previous spec again [useful for initial timeouts]; EOF to exit.
+## Relative URLs behave like a "cd" to wherever the last slash appears, or
+## just use the last component with the saved preceding "directory" part.
+## "\" clears the "filename" part and asks for just the "directory", and
+## ".." goes up one "directory" level while retaining the "filename" part.
+## Play around; you'll get used to it.
+
+if test "$1" = "" ; then
+ echo Needs hostname arg.
+ exit 1
+fi
+umask 022
+
+# optional PATH fixup
+# PATH=${HOME}:${PATH} ; export PATH
+
+test "${PAGER}" || PAGER=more
+BACKEND="nc -v -w 15"
+TMPAGE=/tmp/web$$
+host="$1"
+port="80"
+if test "$2" != "" ; then
+ port="$2"
+fi
+
+spec="/"
+specD="/"
+specF=''
+saving=''
+
+# be vaguely smart about temp file usage. Use your own homedir if you're
+# paranoid about someone symlink-racing your shell script, jeez.
+rm -f ${TMPAGE}
+test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
+
+# get loopy. Yes, I know "echo -n" aint portable. Everything echoed would
+# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
+while echo -n "${specD}${specF} " && read spec ; do
+ case $spec in
+ HOST)
+ echo -n 'New host: '
+ read host
+ continue
+ ;;
+ PORT)
+ echo -n 'New port: '
+ read port
+ continue
+ ;;
+ SAVE)
+ echo -n 'Save file: '
+ read saving
+# if we've already got a page, save it
+ test "${saving}" && test -f ${TMPAGE} &&
+ echo "=== ${host}:${specD}${specF} ===" >> $saving &&
+ cat ${TMPAGE} >> $saving && echo '' >> $saving
+ continue
+ ;;
+# changing the logic a bit here. Keep a state-concept of "current dir"
+# and "current file". Dir is /foo/bar/ ; file is "baz" or null.
+# leading slash: create whole new state.
+ /*)
+ specF=`echo "${spec}" | sed 's|.*/||'`
+ specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
+ spec="${specD}${specF}"
+ ;;
+# embedded slash: adding to the path. "file" part can be blank, too
+ */*)
+ specF=`echo "${spec}" | sed 's|.*/||'`
+ specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
+ ;;
+# dotdot: jump "up" one level and just reprompt [confirms what it did...]
+ ..)
+ specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
+ continue
+ ;;
+# blank line: do nothing, which will re-get the current one
+ '')
+ ;;
+# hack-quoted blank line: "\" means just zero out "file" part
+ '\')
+ specF=''
+ ;;
+# sigh
+ '?')
+ echo Help yourself. Read the script fer krissake.
+ continue
+ ;;
+# anything else is taken as a "file" part
+ *)
+ specF=${spec}
+ ;;
+ esac
+
+# now put it together and stuff it down a connection. Some lame non-unix
+# http servers assume they'll never get simple-query format, and wait till
+# an extra newline arrives. If you're up against one of these, change
+# below to (echo GET "$spec" ; echo '') | $BACKEND ...
+ spec="${specD}${specF}"
+ echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
+ ${PAGER} ${TMPAGE}
+
+# save in a format that still shows the URLs we hit after a de-html run
+ if test "${saving}" ; then
+ echo "=== ${host}:${spec} ===" >> $saving
+ cat ${TMPAGE} >> $saving
+ echo '' >> $saving
+ fi
+done
+rm -f ${TMPAGE}
+exit 0
+
+#######
+# Encoding notes, finally from RFC 1738:
+# %XX -- hex-encode of special chars
+# allowed alphas in a URL: $_-.+!*'(),
+# relative names *not* described, but obviously used all over the place
+# transport://user:pass@host:port/path/name?query-string
+# wais: port 210, //host:port/database?search or /database/type/file?
+# cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz
+# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
+# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
+#######
+# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
+# multi-word args for most cases: foo+bar
+# See 'websearch' for concise results of this research...
--- netcat-openbsd-1.89.orig/debian/examples/probe
+++ netcat-openbsd-1.89/debian/examples/probe
@@ -0,0 +1,50 @@
+#! /bin/sh
+## launch a whole buncha shit at yon victim in no particular order; capture
+## stderr+stdout in one place. Run as root for rservice and low -p to work.
+## Fairly thorough example of using netcat to collect a lot of host info.
+## Will set off every intrusion alarm in existence on a paranoid machine!
+
+# where .d files are kept; "." if nothing else
+DDIR=../data
+# address of some well-connected router that groks LSRR
+GATE=192.157.69.11
+
+# might conceivably wanna change this for different run styles
+UCMD='nc -v -w 8'
+
+test ! "$1" && echo Needs victim arg && exit 1
+
+echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1
+echo '0' | $UCMD "$1" 79 2>&1
+# if LSRR was passed thru, should get refusal here:
+$UCMD -z -r -g $GATE "$1" 6473 2>&1
+$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1
+# -s `hostname` may be wrong for some multihomed machines
+echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1
+echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1
+rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1
+echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1
+# newline after any telnet trash
+echo ''
+echo PASV | $UCMD -r "$1" 21 2>&1
+echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1
+# sometimes contains useful directory info:
+echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1
+# now the big red lights go on
+rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1
+rservice root root | $UCMD -r "$1" exec 2>&1
+echo 'BEGIN big udp -- everything may look "open" if packet-filtered'
+data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1
+# no wait-time, uses RTT hack
+nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1
+nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1
+echo 'END big udp'
+$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1
+# Use our identd-sniffer!
+iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1
+# this gets pretty intrusive, but what the fuck. Probe for portmap first
+if nc -w 5 -z -u "$1" 111 ; then
+ showmount -e "$1" 2>&1
+ rpcinfo -p "$1" 2>&1
+fi
+exit 0
--- netcat-openbsd-1.89.orig/debian/examples/ncp
+++ netcat-openbsd-1.89/debian/examples/ncp
@@ -0,0 +1,46 @@
+#! /bin/sh
+## Like "rcp" but uses netcat on a high port.
+## do "ncp targetfile" on the RECEIVING machine
+## then do "ncp sourcefile receivinghost" on the SENDING machine
+## if invoked as "nzp" instead, compresses transit data.
+
+## pick your own personal favorite port, which will be used on both ends.
+## You should probably change this for your own uses.
+MYPORT=23456
+
+## if "nc" isn't systemwide or in your PATH, add the right place
+# PATH=${HOME}:${PATH} ; export PATH
+
+test "$3" && echo "too many args" && exit 1
+test ! "$1" && echo "no args?" && exit 1
+me=`echo $0 | sed 's+.*/++'`
+test "$me" = "nzp" && echo '[compressed mode]'
+
+# if second arg, it's a host to send an [extant] file to.
+if test "$2" ; then
+ test ! -f "$1" && echo "can't find $1" && exit 1
+ if test "$me" = "nzp" ; then
+ compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0
+ else
+ nc -v -w 2 $2 $MYPORT < "$1" && exit 0
+ fi
+ echo "transfer FAILED!"
+ exit 1
+fi
+
+# fall here for receiver. Ask before trashing existing files
+if test -f "$1" ; then
+ echo -n "Overwrite $1? "
+ read aa
+ test ! "$aa" = "y" && echo "[punted!]" && exit 1
+fi
+# 30 seconds oughta be pleeeeenty of time, but change if you want.
+if test "$me" = "nzp" ; then
+ nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0
+else
+ nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0
+fi
+echo "transfer FAILED!"
+# clean up, since even if the transfer failed, $1 is already trashed
+rm -f "$1"
+exit 1
--- netcat-openbsd-1.89.orig/debian/examples/iscan
+++ netcat-openbsd-1.89/debian/examples/iscan
@@ -0,0 +1,35 @@
+#! /bin/sh
+## duplicate DaveG's ident-scan thingie using netcat. Oooh, he'll be pissed.
+## args: target port [port port port ...]
+## hose stdout *and* stderr together.
+##
+## advantages: runs slower than ident-scan, giving remote inetd less cause
+## for alarm, and only hits the few known daemon ports you specify.
+## disadvantages: requires numeric-only port args, the output sleazitude,
+## and won't work for r-services when coming from high source ports.
+
+case "${2}" in
+ "" ) echo needs HOST and at least one PORT ; exit 1 ;;
+esac
+
+# ping 'em once and see if they *are* running identd
+nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; }
+
+# generate a randomish base port
+RP=`expr $$ % 999 + 31337`
+
+TRG="$1"
+shift
+
+while test "$1" ; do
+ nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null &
+ PROC=$!
+ sleep 3
+ echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1
+ sleep 2
+# does this look like a lamer script or what...
+ kill -HUP $PROC
+ RP=`expr ${RP} + 1`
+ shift
+done
+
--- netcat-openbsd-1.89.orig/debian/examples/irc
+++ netcat-openbsd-1.89/debian/examples/irc
@@ -0,0 +1,79 @@
+#! /bin/sh
+## Shit-simple script to supply the "privmsg <recipient>" of IRC typein, and
+## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port".
+## Note that this mechanism makes the script easy to debug without being live,
+## since it just echoes everything bound for the server.
+## if you want autologin-type stuff, construct some appropriate files and
+## shovel them in using the "<" mechanism.
+
+# magic arg: if "tick", do keepalive process instead of main loop
+if test "$1" = "tick" ; then
+# ignore most signals; the parent will nuke the kid
+# doesn't stop ^Z, of course.
+ trap '' 1 2 3 13 14 15 16
+ while true ; do
+ sleep 60
+ echo "PONG !"
+ done
+fi
+
+# top level: fire ourselves off as the keepalive process, and keep track of it
+sh $0 tick &
+ircpp=$!
+echo "[Keepalive: $ircpp]" >&2
+# catch our own batch of signals: hup int quit pipe alrm term urg
+trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16
+sleep 2
+
+sender=''
+savecmd=''
+
+# the big honkin' loop...
+while read xx yy ; do
+ case "${xx}" in
+# blank line: do nothing
+ "")
+ continue
+ ;;
+# new channel or recipient; if bare ">", we're back to raw literal mode.
+ ">")
+ if test "${yy}" ; then
+ sender="privmsg ${yy} :"
+ else
+ sender=''
+ fi
+ continue
+ ;;
+# send crud from a file, one line per second. Can you say "skr1pt kidz"??
+# *Note: uses current "recipient" if set.
+ "<")
+ if test -f "${yy}" ; then
+ ( while read zz ; do
+ sleep 1
+ echo "${sender}${zz}"
+ done ) < "$yy"
+ echo "[done]" >&2
+ else
+ echo "[File $yy not found]" >&2
+ fi
+ continue
+ ;;
+# do and save a single command, for quick repeat
+ "/")
+ if test "${yy}" ; then
+ savecmd="${yy}"
+ fi
+ echo "${savecmd}"
+ ;;
+# default case goes to recipient, just like always
+ *)
+ echo "${sender}${xx} ${yy}"
+ continue
+ ;;
+ esac
+done
+
+# parting shot, if you want it
+echo "quit :Bye all!"
+kill -9 $ircpp
+exit 0
--- netcat-openbsd-1.89.orig/debian/examples/dist.sh
+++ netcat-openbsd-1.89/debian/examples/dist.sh
@@ -0,0 +1,23 @@
+#! /bin/sh
+## This is a quick example listen-exec server, which was used for a while to
+## distribute netcat prereleases. It illustrates use of netcat both as a
+## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly
+## functional server that restarts its own listener and does full connection
+## logging. In a half-screen of shell script!!
+
+PORT=31337
+
+sleep 1
+SRC=`tail -1 dist.log`
+echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
+echo ";;; Hi, ${SRC}..."
+echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded."
+echo ";;; Unless you are capturing this somehow, it won't do you much good."
+echo ";;; Ready?? Here it comes! Have phun ..."
+sleep 8
+cat dist.file
+sleep 1
+./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 &
+sleep 1
+echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
+exit 0
--- netcat-openbsd-1.89.orig/debian/examples/bsh
+++ netcat-openbsd-1.89/debian/examples/bsh
@@ -0,0 +1,29 @@
+#! /bin/sh
+## a little wrapper to "password" and re-launch a shell-listener.
+## Arg is taken as the port to listen on. Define "NC" to point wherever.
+
+NC=nc
+
+case "$1" in
+ ?* )
+ LPN="$1"
+ export LPN
+ sleep 1
+ echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
+ echo "launched on port $LPN"
+ exit 0
+ ;;
+esac
+
+# here we play inetd
+echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
+
+while read qq ; do
+case "$qq" in
+# here's yer password
+ gimme )
+ cd /
+ exec csh -i
+ ;;
+esac
+done
--- netcat-openbsd-1.89.orig/debian/examples/alta
+++ netcat-openbsd-1.89/debian/examples/alta
@@ -0,0 +1,33 @@
+#! /bin/sh
+## special handler for altavista, since they only hand out chunks of 10 at
+## a time. Tries to isolate out results without the leading/trailing trash.
+## multiword arguments are foo+bar, as usual.
+## Second optional arg switches the "what" field, to e.g. "news"
+
+test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1
+WHAT="web"
+test "${2}" && WHAT="${2}"
+
+# convert multiple args
+PLUSARG="`echo $* | sed 's/ /+/g'`"
+
+# Plug in arg. only doing simple-q for now; pg=aq for advanced-query
+# embedded quotes define phrases; otherwise it goes wild on multi-words
+QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\""
+
+# ping 'em once, to get the routing warm
+nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null
+echo "=== Altavista ==="
+
+for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \
+ 190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do
+ echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \
+ egrep '^<a href="http://'
+done
+
+exit 0
+
+# old filter stuff
+ sed -e '/Documents .* matching .* query /,/query?.*stq=.* Document/p' \
+ -e d
+
--- netcat-openbsd-1.89.orig/debian/examples/README
+++ netcat-openbsd-1.89/debian/examples/README
@@ -0,0 +1,5 @@
+A collection of example scripts that use netcat as a backend, each
+documented by its own internal comments.
+
+I'll be the first to admit that some of these are seriously *sick*,
+but they do work and are quite useful to me on a daily basis.
--- netcat-openbsd-1.89.orig/debian/examples/contrib/ncmeter
+++ netcat-openbsd-1.89/debian/examples/contrib/ncmeter
@@ -0,0 +1,82 @@
+#! /bin/bash
+
+# script to measure the speed of netcat.
+# start with one argument for usage information
+#
+# Tools that are used by this script are:
+# nc, bc, wc, sed, awk
+#
+# Author: Karsten Priegnitz (koem@petoria.de)
+
+NCPORT=23457
+WAIT=1
+
+# determine the programme's name
+me=`echo $0 | sed 's+.*/++'`
+
+# check number of arguments provided
+if [ $# -ne 0 -a $# -ne 2 ]; then
+ echo "Usage:"
+ echo
+ echo " On the transmitter side:"
+ echo " $me <receivers ip-address> <amount of data>"
+ echo
+ echo " The <amount of data> is to be given in byte but you"
+ echo " also can supply M or K for MegaByte and KiloByte."
+ echo " Example: $me 10.1.1.3 20M"
+ echo
+ echo " On the receiver side:"
+ echo " $me"
+ echo
+ echo " Start $me on the receiver side before starting it"
+ echo " on the transmitter side. Stop the receiver by pressing"
+ echo " and holding Ctrl-C."
+ exit 1
+fi
+
+# are we the receiver?
+if [ $# -eq 0 ]; then
+ # yes, we are
+ while true; do
+ echo "waiting to receive data... (quit: press and hold Ctrl-C)"
+
+ # wait for data and count bytes
+ AMOUNT=`nc -v -w 120 -l -p $NCPORT | wc -c | awk '{print $1}'`
+
+ # display amount of data received
+ echo $AMOUNT byte of data received
+ echo
+
+ # sleep, so that the loop can be
+ # interrupted by pressing Ctrl-C
+ sleep 1
+ done
+fi
+
+# we are the sender
+echo "sending data..."
+
+# calculate the amount of data to be sent
+AMOUNT=`echo $2|sed s/[mM]/\*1048576/g | sed s/[kK]/\*1024/g | bc`
+
+# send data and measure the time spent
+TEMP=/tmp/$me.tx
+( time -p dd if=/dev/zero bs=$AMOUNT count=1 2>/dev/null | nc -v -w $WAIT $1 $NCPORT ) 2>"$TEMP" || cat "$TEMP"
+
+# read the time needed
+REAL=`grep "^real" "$TEMP" | awk '{print $2}'`
+rm "$TEMP"
+# subtract the wait times
+DOUBLEWAIT=$(($WAIT * 2))
+NEEDED=`echo $REAL - $DOUBLEWAIT|bc`
+
+# calculate and print speed
+BPS=`echo "scale=3;$AMOUNT / $NEEDED"|bc`
+KBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1024"|bc`
+MBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1048576"|bc`
+
+echo "time needed: ${NEEDED}s"
+echo "byte per second: $BPS"
+echo "KByte per second: $KBPS"
+echo "MByte per second: $MBPS"
+

594
netcat-openbsd-openbsd-compat.patch
View File

@ -1,594 +0,0 @@
---
Makefile | 19 ++
openbsd-compat/base64.c | 308 ++++++++++++++++++++++++++++++++++++++++
openbsd-compat/readpassphrase.c | 196 +++++++++++++++++++++++++
openbsd-compat/readpassphrase.h | 40 +++++
4 files changed, 561 insertions(+), 2 deletions(-)
Index: netcat-openbsd-1.89/Makefile
===================================================================
--- netcat-openbsd-1.89.orig/Makefile 2001-09-02 20:45:41.000000000 +0200
+++ netcat-openbsd-1.89/Makefile 2013-09-02 21:13:31.342412018 +0200
@@ -1,6 +1,21 @@
# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $
PROG= nc
-SRCS= netcat.c atomicio.c socks.c
+SRCS= netcat.c atomicio.c socks.c \
+ openbsd-compat/base64.c openbsd-compat/readpassphrase.c
-.include <bsd.prog.mk>
+CC = gcc
+override CFLAGS += `pkg-config --cflags glib-2.0`
+INC = -Iopenbsd-compat
+LIBS = `pkg-config --libs glib-2.0`
+OBJS = $(SRCS:.c=.o)
+
+all: nc
+nc: $(OBJS)
+ $(CC) $(OBJS) $(LIBS) -o nc
+
+$(OBJS): %.o: %.c
+ $(CC) $(CFLAGS) $(INC) -c $< -o $@
+
+clean:
+ rm -f $(OBJS) nc
Index: netcat-openbsd-1.89/openbsd-compat/base64.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ netcat-openbsd-1.89/openbsd-compat/base64.c 2013-09-02 21:13:31.342412018 +0200
@@ -0,0 +1,308 @@
+/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software. No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+
+#include <ctype.h>
+#include <resolv.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+static const char Base64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char Pad64 = '=';
+
+/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+ The following encoding technique is taken from RFC 1521 by Borenstein
+ and Freed. It is reproduced here in a slightly edited form for
+ convenience.
+
+ A 65-character subset of US-ASCII is used, enabling 6 bits to be
+ represented per printable character. (The extra 65th character, "=",
+ is used to signify a special processing function.)
+
+ The encoding process represents 24-bit groups of input bits as output
+ strings of 4 encoded characters. Proceeding from left to right, a
+ 24-bit input group is formed by concatenating 3 8-bit input groups.
+ These 24 bits are then treated as 4 concatenated 6-bit groups, each
+ of which is translated into a single digit in the base64 alphabet.
+
+ Each 6-bit group is used as an index into an array of 64 printable
+ characters. The character referenced by the index is placed in the
+ output string.
+
+ Table 1: The Base64 Alphabet
+
+ Value Encoding Value Encoding Value Encoding Value Encoding
+ 0 A 17 R 34 i 51 z
+ 1 B 18 S 35 j 52 0
+ 2 C 19 T 36 k 53 1
+ 3 D 20 U 37 l 54 2
+ 4 E 21 V 38 m 55 3
+ 5 F 22 W 39 n 56 4
+ 6 G 23 X 40 o 57 5
+ 7 H 24 Y 41 p 58 6
+ 8 I 25 Z 42 q 59 7
+ 9 J 26 a 43 r 60 8
+ 10 K 27 b 44 s 61 9
+ 11 L 28 c 45 t 62 +
+ 12 M 29 d 46 u 63 /
+ 13 N 30 e 47 v
+ 14 O 31 f 48 w (pad) =
+ 15 P 32 g 49 x
+ 16 Q 33 h 50 y
+
+ Special processing is performed if fewer than 24 bits are available
+ at the end of the data being encoded. A full encoding quantum is
+ always completed at the end of a quantity. When fewer than 24 input
+ bits are available in an input group, zero bits are added (on the
+ right) to form an integral number of 6-bit groups. Padding at the
+ end of the data is performed using the '=' character.
+
+ Since all base64 input is an integral number of octets, only the
+ -------------------------------------------------
+ following cases can arise:
+
+ (1) the final quantum of encoding input is an integral
+ multiple of 24 bits; here, the final unit of encoded
+ output will be an integral multiple of 4 characters
+ with no "=" padding,
+ (2) the final quantum of encoding input is exactly 8 bits;
+ here, the final unit of encoded output will be two
+ characters followed by two "=" padding characters, or
+ (3) the final quantum of encoding input is exactly 16 bits;
+ here, the final unit of encoded output will be three
+ characters followed by one "=" padding character.
+ */
+
+int
+b64_ntop(src, srclength, target, targsize)
+ u_char const *src;
+ size_t srclength;
+ char *target;
+ size_t targsize;
+{
+ size_t datalength = 0;
+ u_char input[3];
+ u_char output[4];
+ int i;
+
+ while (2 < srclength) {
+ input[0] = *src++;
+ input[1] = *src++;
+ input[2] = *src++;
+ srclength -= 3;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+ output[3] = input[2] & 0x3f;
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Base64[output[3]];
+ }
+
+ /* Now we worry about padding. */
+ if (0 != srclength) {
+ /* Get what's left. */
+ input[0] = input[1] = input[2] = '\0';
+ for (i = 0; i < srclength; i++)
+ input[i] = *src++;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ if (srclength == 1)
+ target[datalength++] = Pad64;
+ else
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Pad64;
+ }
+ if (datalength >= targsize)
+ return (-1);
+ target[datalength] = '\0'; /* Returned value doesn't count \0. */
+ return (datalength);
+}
+
+/* skips all whitespace anywhere.
+ converts characters, four at a time, starting at (or after)
+ src from base - 64 numbers into three 8 bit bytes in the target area.
+ it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+int
+b64_pton(src, target, targsize)
+ char const *src;
+ u_char *target;
+ size_t targsize;
+{
+ int tarindex, state, ch;
+ char *pos;
+
+ state = 0;
+ tarindex = 0;
+
+ while ((ch = *src++) != '\0') {
+ if (isspace(ch)) /* Skip whitespace anywhere. */
+ continue;
+
+ if (ch == Pad64)
+ break;
+
+ pos = strchr(Base64, ch);
+ if (pos == 0) /* A non-base64 character. */
+ return (-1);
+
+ switch (state) {
+ case 0:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] = (pos - Base64) << 2;
+ }
+ state = 1;
+ break;
+ case 1:
+ if (target) {
+ if (tarindex + 1 >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 4;
+ target[tarindex+1] = ((pos - Base64) & 0x0f)
+ << 4 ;
+ }
+ tarindex++;
+ state = 2;
+ break;
+ case 2:
+ if (target) {
+ if (tarindex + 1 >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 2;
+ target[tarindex+1] = ((pos - Base64) & 0x03)
+ << 6;
+ }
+ tarindex++;
+ state = 3;
+ break;
+ case 3:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64);
+ }
+ tarindex++;
+ state = 0;
+ break;
+ }
+ }
+
+ /*
+ * We are done decoding Base-64 chars. Let's see if we ended
+ * on a byte boundary, and/or with erroneous trailing characters.
+ */
+
+ if (ch == Pad64) { /* We got a pad char. */
+ ch = *src++; /* Skip it, get next. */
+ switch (state) {
+ case 0: /* Invalid = in first position */
+ case 1: /* Invalid = in second position */
+ return (-1);
+
+ case 2: /* Valid, means one byte of info */
+ /* Skip any number of spaces. */
+ for (; ch != '\0'; ch = *src++)
+ if (!isspace(ch))
+ break;
+ /* Make sure there is another trailing = sign. */
+ if (ch != Pad64)
+ return (-1);
+ ch = *src++; /* Skip the = */
+ /* Fall through to "single trailing =" case. */
+ /* FALLTHROUGH */
+
+ case 3: /* Valid, means two bytes of info */
+ /*
+ * We know this char is an =. Is there anything but
+ * whitespace after it?
+ */
+ for (; ch != '\0'; ch = *src++)
+ if (!isspace(ch))
+ return (-1);
+
+ /*
+ * Now make sure for cases 2 and 3 that the "extra"
+ * bits that slopped past the last full byte were
+ * zeros. If we don't check them, they become a
+ * subliminal channel.
+ */
+ if (target && target[tarindex] != 0)
+ return (-1);
+ }
+ } else {
+ /*
+ * We ended by seeing the end of the string. Make sure we
+ * have no partial bytes lying around.
+ */
+ if (state != 0)
+ return (-1);
+ }
+
+ return (tarindex);
+}
Index: netcat-openbsd-1.89/openbsd-compat/readpassphrase.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ netcat-openbsd-1.89/openbsd-compat/readpassphrase.c 2013-09-02 21:32:31.689851771 +0200
@@ -0,0 +1,196 @@
+/* $OpenBSD: readpassphrase.c,v 1.21 2008/01/17 16:27:07 millert Exp $ */
+
+/*
+ * Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <limits.h>
+#include <readpassphrase.h>
+
+#ifdef TCSASOFT
+# define _T_FLUSH (TCSAFLUSH|TCSASOFT)
+#else
+# define _T_FLUSH (TCSAFLUSH)
+#endif
+
+static volatile sig_atomic_t signo;
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+ ssize_t nr;
+ int input, output, save_errno;
+ char ch, *p, *end;
+ struct termios term, oterm;
+ struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+ struct sigaction savetstp, savettin, savettou, savepipe;
+
+ /* I suppose we could alloc on demand in this case (XXX). */
+ if (bufsiz == 0) {
+ errno = EINVAL;
+ return(NULL);
+ }
+
+restart:
+ signo = 0;
+ nr = -1;
+ save_errno = 0;
+ /*
+ * Read and write to /dev/tty if available. If not, read from
+ * stdin and write to stderr unless a tty is required.
+ */
+ if ((flags & RPP_STDIN) ||
+ (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+ if (flags & RPP_REQUIRE_TTY) {
+ errno = ENOTTY;
+ return(NULL);
+ }
+ input = STDIN_FILENO;
+ output = STDERR_FILENO;
+ }
+
+ /*
+ * Catch signals that would otherwise cause the user to end
+ * up with echo turned off in the shell. Don't worry about
+ * things like SIGXCPU and SIGVTALRM for now.
+ */
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0; /* don't restart system calls */
+ sa.sa_handler = handler;
+ (void)sigaction(SIGALRM, &sa, &savealrm);
+ (void)sigaction(SIGHUP, &sa, &savehup);
+ (void)sigaction(SIGINT, &sa, &saveint);
+ (void)sigaction(SIGPIPE, &sa, &savepipe);
+ (void)sigaction(SIGQUIT, &sa, &savequit);
+ (void)sigaction(SIGTERM, &sa, &saveterm);
+ (void)sigaction(SIGTSTP, &sa, &savetstp);
+ (void)sigaction(SIGTTIN, &sa, &savettin);
+ (void)sigaction(SIGTTOU, &sa, &savettou);
+
+ /* Turn off echo if possible. */
+ if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+ memcpy(&term, &oterm, sizeof(term));
+ if (!(flags & RPP_ECHO_ON))
+ term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+ if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+ term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+ (void)tcsetattr(input, _T_FLUSH, &term);
+ } else {
+ memset(&term, 0, sizeof(term));
+ term.c_lflag |= ECHO;
+ memset(&oterm, 0, sizeof(oterm));
+ oterm.c_lflag |= ECHO;
+ }
+
+ /* No I/O if we are already backgrounded. */
+ if (signo != SIGTTOU && signo != SIGTTIN) {
+ if (!(flags & RPP_STDIN))
+ (void)write(output, prompt, strlen(prompt));
+ end = buf + bufsiz - 1;
+ p = buf;
+ while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+ if (p < end) {
+ if ((flags & RPP_SEVENBIT))
+ ch &= 0x7f;
+ if (isalpha(ch)) {
+ if ((flags & RPP_FORCELOWER))
+ ch = (char)tolower(ch);
+ if ((flags & RPP_FORCEUPPER))
+ ch = (char)toupper(ch);
+ }
+ *p++ = ch;
+ }
+ }
+ *p = '\0';
+ save_errno = errno;
+ if (!(term.c_lflag & ECHO))
+ (void)write(output, "\n", 1);
+ }
+
+ /* Restore old terminal settings and signals. */
+ if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+ while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
+ errno == EINTR)
+ continue;
+ }
+ (void)sigaction(SIGALRM, &savealrm, NULL);
+ (void)sigaction(SIGHUP, &savehup, NULL);
+ (void)sigaction(SIGINT, &saveint, NULL);
+ (void)sigaction(SIGQUIT, &savequit, NULL);
+ (void)sigaction(SIGPIPE, &savepipe, NULL);
+ (void)sigaction(SIGTERM, &saveterm, NULL);
+ (void)sigaction(SIGTSTP, &savetstp, NULL);
+ (void)sigaction(SIGTTIN, &savettin, NULL);
+ (void)sigaction(SIGTTOU, &savettou, NULL);
+ if (input != STDIN_FILENO)
+ (void)close(input);
+
+ /*
+ * If we were interrupted by a signal, resend it to ourselves
+ * now that we have restored the signal handlers.
+ */
+ if (signo) {
+ kill(getpid(), signo);
+ switch (signo) {
+ case SIGTSTP:
+ case SIGTTIN:
+ case SIGTTOU:
+ goto restart;
+ }
+ }
+
+ if (save_errno)
+ errno = save_errno;
+ return(nr == -1 ? NULL : buf);
+}
+
+#ifndef _PASSWORD_LEN
+# ifdef PASS_MAX
+# define _PASSWORD_LEN PASS_MAX
+# else
+# define _PASSWORD_LEN 8192
+# endif
+#endif
+
+char *
+getpass(const char *prompt)
+{
+ static char buf[_PASSWORD_LEN + 1];
+
+ return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+}
+
+static void handler(int s)
+{
+
+ signo = s;
+}
Index: netcat-openbsd-1.89/openbsd-compat/readpassphrase.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ netcat-openbsd-1.89/openbsd-compat/readpassphrase.h 2013-09-02 21:13:31.343411994 +0200
@@ -0,0 +1,40 @@
+/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _READPASSPHRASE_H_
+#define _READPASSPHRASE_H_
+
+#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
+#define RPP_ECHO_ON 0x01 /* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
+#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
+#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
+#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
+#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
+
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+char * readpassphrase(const char *, char *, size_t, int);
+__END_DECLS
+
+#endif /* !_READPASSPHRASE_H_ */

43
netcat-openbsd.changes
View File

@ -1,3 +1,46 @@
-------------------------------------------------------------------
Mon Jul 17 13:11:34 UTC 2017 - tchvatal@suse.com
- Drop all patches that were never upstreamed:
* connect-timeout.patch
* dccp.patch
* gcc-warnings.patch
* getservbyname.patch
* glib-strlcpy.patch
* help-version-exit.patch
* nc-1.84-udp_stop.patch
* netcat-info.patch
* netcat-openbsd-debian.patch
* netcat-openbsd-examples.patch
* netcat-openbsd-openbsd-compat.patch
* no-strtonum.patch
* pollhup.patch
* quit-timer.patch
* reuseaddr.patch
* send-crlf.patch
* silence-z.patch
* socks-b64-prototype.patch
* udp-scan-timeout.patch
* verbose-message-to-stderr.patch
* verbose-numeric-port.patch
- Switch to debian package to not waste resources on doing exactly
the same.
- Switches URL for debian package
- Apply patches already prepared for debian package
* port-to-linux-with-libsd.patch
* compile-without-TLS-support.patch
* connect-timeout.patch
* get-sev-by-name.patch
* send-crlf.patch
* quit-timer.patch
* udp-scan-timeout.patch
* verbose-numeric-port.patch
* dccp-support.patch
* serialized-handling-multiple-clients.patch
* set-TCP-MD5SIG-correctly-for-client-connections.patch
* misc-failures-and-features.patch
- Do not use hand provided CMakeLists.txt but rely on upstream makefile
-------------------------------------------------------------------
Fri Jan 17 23:36:07 UTC 2014 - crrodriguez@opensuse.org

106
netcat-openbsd.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package netcat-openbsd
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,42 +16,29 @@
#
Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Name: netcat-openbsd
Version: 1.89
Version: 1.178
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cmake
PreReq: update-alternatives
Summary: TCP/IP swiss army knife
License: BSD-3-Clause
Group: Productivity/Networking/Other
Source: %{name}-%{version}.tar.bz2
Source1: CMakeLists.txt
Patch0: netcat-openbsd-openbsd-compat.patch
Patch1: socks-b64-prototype.patch
Patch2: silence-z.patch
Patch3: glib-strlcpy.patch
Patch4: no-strtonum.patch
Patch5: pollhup.patch
Patch6: reuseaddr.patch
Patch7: connect-timeout.patch
Patch8: udp-scan-timeout.patch
Patch9: verbose-numeric-port.patch
Patch10: send-crlf.patch
Patch11: help-version-exit.patch
Patch12: quit-timer.patch
Patch13: getservbyname.patch
Patch14: gcc-warnings.patch
Patch15: verbose-message-to-stderr.patch
Patch16: netcat-info.patch
Patch17: dccp.patch
#These are patches, but as they aren't applied list them as source
Source2: nc-1.84-udp_stop.patch
Source3: netcat-openbsd-debian.patch
Source4: netcat-openbsd-examples.patch
Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-2.debian.tar.xz
Patch0: port-to-linux-with-libsd.patch
Patch1: compile-without-TLS-support.patch
Patch2: connect-timeout.patch
Patch3: get-sev-by-name.patch
Patch4: send-crlf.patch
Patch5: quit-timer.patch
Patch6: udp-scan-timeout.patch
Patch7: verbose-numeric-port.patch
Patch8: dccp-support.patch
Patch9: serialized-handling-multiple-clients.patch
Patch10: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch11: misc-failures-and-features.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libbsd)
Provides: nc6 = %{version}
Provides: netcat = %{version}
Obsoletes: nc6 <= 1.0
@ -71,59 +58,22 @@ for IPv6, proxies, and Unix sockets.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
cp %{S:1} .
%autopatch -p1
%build
export CFLAGS="%{optflags}"
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} .
make %{?jobs:-j%{jobs}}
make %{?_smp_mflags} \
CFLAGS="%{optflags}"
%install
make DESTDIR=%{buildroot} install
mkdir -p %{buildroot}/etc/alternatives
touch %{buildroot}/etc/alternatives/netcat \
%{buildroot}/etc/alternatives/netcat.1.gz
install -D -m0755 nc %{buildroot}%{_bindir}/nc
install -D -m0644 nc.1 %{buildroot}/%{_mandir}/man1/nc.1
ln -s -f %{_bindir}/nc %{buildroot}/%{_bindir}/netcat
ln -s -f nc.1.gz %{buildroot}/%{_mandir}/man1/netcat.1.gz
%clean
ln -s -f nc.1%{ext_man} %{buildroot}/%{_mandir}/man1/netcat.1%{ext_man}
%files
%defattr(-,root,root)
%{_bindir}/nc
%ghost %{_bindir}/netcat
%{_mandir}/man1/nc.1.gz
%ghost %{_mandir}/man1/netcat.1.gz
%ghost /etc/alternatives/netcat
%ghost /etc/alternatives/netcat.1.gz
%post
/usr/sbin/update-alternatives --install \
%{_bindir}/netcat netcat %{_bindir}/nc 10 \
--slave %{_mandir}/man1/netcat.1.gz netcat.1.gz %{_mandir}/man1/nc.1.gz
%preun
if [ "$1" = 0 ] ; then
/usr/sbin/update-alternatives --remove \
netcat %{_bindir}/nc
fi
%{_bindir}/netcat
%{_mandir}/man1/nc.1%{ext_man}
%{_mandir}/man1/netcat.1%{ext_man}
%changelog

3
netcat-openbsd_1.178.orig.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:918330a41ee8ea938144ab1c59fa27533654ebff983bfb5255f730a3d9b06239
size 21630

107
no-strtonum.patch
View File

@ -1,107 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:17.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:18.000000000 -0500
@@ -67,7 +67,7 @@
/* Command Line Options */
int dflag; /* detached, no stdin */
-unsigned int iflag; /* Interval Flag */
+int iflag; /* Interval Flag */
int jflag; /* use jumbo frames if we can */
int kflag; /* More than one connect */
int lflag; /* Bind to local port */
@@ -108,13 +108,13 @@
main(int argc, char *argv[])
{
int ch, s, ret, socksv;
- char *host, *uport;
+ char *host, *uport, *endp;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
char *proxy;
- const char *errstr, *proxyhost = "", *proxyport = NULL;
+ const char *proxyhost = "", *proxyport = NULL;
struct addrinfo proxyhints;
ret = 1;
@@ -122,6 +122,7 @@
socksv = 5;
host = NULL;
uport = NULL;
+ endp = NULL;
sv = NULL;
while ((ch = getopt(argc, argv,
@@ -153,9 +154,9 @@
help();
break;
case 'i':
- iflag = strtonum(optarg, 0, UINT_MAX, &errstr);
- if (errstr)
- errx(1, "interval %s: %s", errstr, optarg);
+ iflag = (int)strtoul(optarg, &endp, 10);
+ if (iflag < 0 || *endp != '\0')
+ errx(1, "interval cannot be negative");
break;
case 'j':
jflag = 1;
@@ -191,9 +192,11 @@
vflag = 1;
break;
case 'w':
- timeout = strtonum(optarg, 0, INT_MAX / 1000, &errstr);
- if (errstr)
- errx(1, "timeout %s: %s", errstr, optarg);
+ timeout = (int)strtoul(optarg, &endp, 10);
+ if (timeout < 0 || *endp != '\0')
+ errx(1, "timeout cannot be negative");
+ if (timeout >= (INT_MAX / 1000))
+ errx(1, "timeout too large");
timeout *= 1000;
break;
case 'x':
@@ -680,8 +683,7 @@
void
build_ports(char *p)
{
- const char *errstr;
- char *n;
+ char *n, *endp;
int hi, lo, cp;
int x = 0;
@@ -693,12 +695,12 @@
n++;
/* Make sure the ports are in order: lowest->highest. */
- hi = strtonum(n, 1, PORT_MAX, &errstr);
- if (errstr)
- errx(1, "port number %s: %s", errstr, n);
- lo = strtonum(p, 1, PORT_MAX, &errstr);
- if (errstr)
- errx(1, "port number %s: %s", errstr, p);
+ hi = (int)strtoul(n, &endp, 10);
+ if (hi <= 0 || hi > PORT_MAX || *endp != '\0')
+ errx(1, "port range not valid");
+ lo = (int)strtoul(p, &endp, 10);
+ if (lo <= 0 || lo > PORT_MAX || *endp != '\0')
+ errx(1, "port range not valid");
if (lo > hi) {
cp = hi;
@@ -729,9 +731,9 @@
}
}
} else {
- hi = strtonum(p, 1, PORT_MAX, &errstr);
- if (errstr)
- errx(1, "port number %s: %s", errstr, p);
+ hi = (int)strtoul(p, &endp, 10);
+ if (hi <= 0 || hi > PORT_MAX || *endp != '\0')
+ errx(1, "port range not valid");
portlist[0] = calloc(1, PORT_MAX_LEN);
if (portlist[0] == NULL)
err(1, NULL);

50
pollhup.patch
View File

@ -1,50 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:18.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:25.000000000 -0500
@@ -618,9 +618,7 @@
if ((n = read(nfd, buf, plen)) < 0)
return;
else if (n == 0) {
- shutdown(nfd, SHUT_RD);
- pfd[0].fd = -1;
- pfd[0].events = 0;
+ goto shutdown_rd;
} else {
if (tflag)
atelnet(nfd, buf, n);
@@ -628,18 +626,30 @@
return;
}
}
+ else if (pfd[0].revents & POLLHUP) {
+ shutdown_rd:
+ shutdown(nfd, SHUT_RD);
+ pfd[0].fd = -1;
+ pfd[0].events = 0;
+ }
- if (!dflag && pfd[1].revents & POLLIN) {
+ if (!dflag) {
+ if(pfd[1].revents & POLLIN) {
if ((n = read(wfd, buf, plen)) < 0)
return;
else if (n == 0) {
- shutdown(nfd, SHUT_WR);
- pfd[1].fd = -1;
- pfd[1].events = 0;
+ goto shutdown_wr;
} else {
if (atomicio(vwrite, nfd, buf, n) != n)
return;
}
+ }
+ else if (pfd[1].revents & POLLHUP) {
+ shutdown_wr:
+ shutdown(nfd, SHUT_WR);
+ pfd[1].fd = -1;
+ pfd[1].events = 0;
+ }
}
}
}

454
port-to-linux-with-libsd.patch Normal file
View File

@ -0,0 +1,454 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 15:59:31 +0800
Subject: port to linux with libsd
---
Makefile | 15 +++++++-
nc.1 | 4 --
netcat.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++----------------
socks.c | 46 ++++++++++++------------
4 files changed, 127 insertions(+), 56 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c
LDADD+= -ltls -lssl -lcrypto
DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
-.include <bsd.prog.mk>
+LIBS= `pkg-config --libs libbsd` -lresolv
+OBJS= $(SRCS:.c=.o)
+CFLAGS= -g -O2
+LDFLAGS= -Wl,--no-add-needed
+
+all: nc
+nc: $(OBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o nc
+
+$(OBJS): %.o: %.c
+ $(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+ rm -f $(OBJS) nc
--- a/nc.1
+++ b/nc.1
@@ -202,9 +202,6 @@ Proxy authentication is only supported f
Specifies the source port
.Nm
should use, subject to privilege restrictions and availability.
-It is an error to use this option in conjunction with the
-.Fl l
-option.
.It Fl R Ar CAfile
Specifies the filename from which the root CA bundle for certificate
verification is loaded, in PEM format.
@@ -249,6 +246,7 @@ For IPv4 TOS value
may be one of
.Ar critical ,
.Ar inetcontrol ,
+.Ar lowcost ,
.Ar lowdelay ,
.Ar netcontrol ,
.Ar throughput ,
--- a/netcat.c
+++ b/netcat.c
@@ -32,6 +32,8 @@
* *Hobbit* <hobbit@avian.org>.
*/
+#define _GNU_SOURCE
+
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
@@ -41,6 +43,49 @@
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <arpa/telnet.h>
+#ifdef __linux__
+# include <linux/in6.h>
+#endif
+
+#ifndef IPTOS_LOWDELAY
+# define IPTOS_LOWDELAY 0x10
+# define IPTOS_THROUGHPUT 0x08
+# define IPTOS_RELIABILITY 0x04
+# define IPTOS_LOWCOST 0x02
+# define IPTOS_MINCOST IPTOS_LOWCOST
+#endif /* IPTOS_LOWDELAY */
+
+# ifndef IPTOS_DSCP_AF11
+# define IPTOS_DSCP_AF11 0x28
+# define IPTOS_DSCP_AF12 0x30
+# define IPTOS_DSCP_AF13 0x38
+# define IPTOS_DSCP_AF21 0x48
+# define IPTOS_DSCP_AF22 0x50
+# define IPTOS_DSCP_AF23 0x58
+# define IPTOS_DSCP_AF31 0x68
+# define IPTOS_DSCP_AF32 0x70
+# define IPTOS_DSCP_AF33 0x78
+# define IPTOS_DSCP_AF41 0x88
+# define IPTOS_DSCP_AF42 0x90
+# define IPTOS_DSCP_AF43 0x98
+# define IPTOS_DSCP_EF 0xb8
+#endif /* IPTOS_DSCP_AF11 */
+
+#ifndef IPTOS_DSCP_CS0
+# define IPTOS_DSCP_CS0 0x00
+# define IPTOS_DSCP_CS1 0x20
+# define IPTOS_DSCP_CS2 0x40
+# define IPTOS_DSCP_CS3 0x60
+# define IPTOS_DSCP_CS4 0x80
+# define IPTOS_DSCP_CS5 0xa0
+# define IPTOS_DSCP_CS6 0xc0
+# define IPTOS_DSCP_CS7 0xe0
+#endif /* IPTOS_DSCP_CS0 */
+
+#ifndef IPTOS_DSCP_EF
+# define IPTOS_DSCP_EF 0xb8
+#endif /* IPTOS_DSCP_EF */
+
#include <err.h>
#include <errno.h>
@@ -55,6 +100,8 @@
#include <time.h>
#include <unistd.h>
#include <tls.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
#include "atomicio.h"
#define PORT_MAX 65535
@@ -260,10 +307,14 @@ main(int argc, char *argv[])
uflag = 1;
break;
case 'V':
+# if defined(RT_TABLEID_MAX)
rtableid = (int)strtonum(optarg, 0,
RT_TABLEID_MAX, &errstr);
if (errstr)
errx(1, "rtable %s: %s", errstr, optarg);
+# else
+ errx(1, "no alternate routing table support available");
+# endif
break;
case 'v':
vflag = 1;
@@ -301,7 +352,11 @@ main(int argc, char *argv[])
oflag = optarg;
break;
case 'S':
+# if defined(TCP_MD5SIG)
Sflag = 1;
+# else
+ errx(1, "no TCP MD5 signature support available");
+# endif
break;
case 'T':
errstr = NULL;
@@ -326,32 +381,23 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
+# if defined(RT_TABLEID_MAX)
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
-
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
+# endif
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
host = argv[0];
uport = NULL;
+ } else if (!argv[0] && lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ uport=pflag;
} else if (argv[0] && !argv[1]) {
if (!lflag)
usage(1);
@@ -363,12 +409,6 @@ main(int argc, char *argv[])
} else
usage(1);
- if (lflag && sflag)
- errx(1, "cannot use -s and -l");
- if (lflag && pflag)
- errx(1, "cannot use -p and -l");
- if (lflag && zflag)
- errx(1, "cannot use -z and -l");
if (!lflag && kflag)
errx(1, "must use -l with -k");
if (uflag && usetls)
@@ -401,8 +441,8 @@ main(int argc, char *argv[])
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE);
- if (mktemp(unix_dg_tmp_socket_buf) == NULL)
- err(1, "mktemp");
+ if (mkstemp(unix_dg_tmp_socket_buf) == -1)
+ err(1, "mkstemp");
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
@@ -880,8 +920,10 @@ remote_connect(const char *host, const c
if (sflag || pflag) {
struct addrinfo ahints, *ares;
+# if defined (SO_BINDANY)
/* try SO_BINDANY, but don't insist */
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+# endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -973,9 +1015,15 @@ local_listen(char *host, char *port, str
res->ai_protocol)) < 0)
continue;
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+ if (ret == -1)
+ err(1, NULL);
+
+# if defined(SO_REUSEPORT)
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
err(1, NULL);
+# endif
set_common_sockopts(s, res->ai_family);
@@ -1425,11 +1473,13 @@ set_common_sockopts(int s, int af)
{
int x = 1;
+# if defined(TCP_MD5SIG)
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+# endif
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1460,8 +1510,11 @@ set_common_sockopts(int s, int af)
IP_TTL, &ttl, sizeof(ttl)))
err(1, "set IP TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_UNICAST_HOPS)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
+#endif
err(1, "set IPv6 unicast hops");
}
@@ -1470,8 +1523,11 @@ set_common_sockopts(int s, int af)
IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_MINHOPCOUNT)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+#endif
err(1, "set IPv6 min hop count");
}
}
@@ -1507,6 +1563,7 @@ map_tos(char *s, int *val)
{ "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF },
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
+ { "lowcost", IPTOS_LOWCOST },
{ "lowdelay", IPTOS_LOWDELAY },
{ "netcontrol", IPTOS_PREC_NETCONTROL },
{ "reliability", IPTOS_RELIABILITY },
@@ -1640,6 +1697,9 @@ report_connect(const struct sockaddr *sa
void
help(void)
{
+# if defined(DEBIAN_VERSION)
+ fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n");
+# endif
usage(0);
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
@@ -1680,7 +1740,7 @@ help(void)
\t-x addr[:port]\tSpecify proxy address and port\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1);
+ exit(0);
}
void
--- a/socks.c
+++ b/socks.c
@@ -38,7 +38,7 @@
#include <string.h>
#include <unistd.h>
#include <resolv.h>
-#include <readpassphrase.h>
+#include <bsd/readpassphrase.h>
#include "atomicio.h"
#define SOCKS_PORT "1080"
@@ -219,11 +219,11 @@ socks_connect(const char *host, const ch
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
- err(1, "write failed (%zu/3)", cnt);
+ err(1, "write failed (%zu/3)", (size_t)cnt);
cnt = atomicio(read, proxyfd, buf, 2);
if (cnt != 2)
- err(1, "read failed (%zu/3)", cnt);
+ err(1, "read failed (%zu/3)", (size_t)cnt);
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
@@ -272,11 +272,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
- err(1, "write failed (%zu/%zu)", cnt, wlen);
+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen);
cnt = atomicio(read, proxyfd, buf, 4);
if (cnt != 4)
- err(1, "read failed (%zu/4)", cnt);
+ err(1, "read failed (%zu/4)", (size_t)cnt);
if (buf[1] != 0) {
errx(1, "connection failed, SOCKSv5 error: %s",
socks5_strerror(buf[1]));
@@ -285,12 +285,12 @@ socks_connect(const char *host, const ch
case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6)
- err(1, "read failed (%zu/6)", cnt);
+ err(1, "read failed (%zu/6)", (size_t)cnt);
break;
case SOCKS_IPV6:
cnt = atomicio(read, proxyfd, buf + 4, 18);
if (cnt != 18)
- err(1, "read failed (%zu/18)", cnt);
+ err(1, "read failed (%zu/18)", (size_t)cnt);
break;
default:
errx(1, "connection failed, unsupported address type");
@@ -310,11 +310,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
- err(1, "write failed (%zu/%zu)", cnt, wlen);
+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen);
cnt = atomicio(read, proxyfd, buf, 8);
if (cnt != 8)
- err(1, "read failed (%zu/8)", cnt);
+ err(1, "read failed (%zu/8)", (size_t)cnt);
if (buf[1] != 90) {
errx(1, "connection failed, SOCKSv4 error: %s",
socks4_strerror(buf[1]));
@@ -328,39 +328,39 @@ socks_connect(const char *host, const ch
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
- r = snprintf(buf, sizeof(buf),
+ r = snprintf((char*)buf, sizeof(buf),
"CONNECT [%s]:%d HTTP/1.0\r\n",
host, ntohs(serverport));
} else {
- r = snprintf(buf, sizeof(buf),
+ r = snprintf((char*)buf, sizeof(buf),
"CONNECT %s:%d HTTP/1.0\r\n",
host, ntohs(serverport));
}
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "hostname too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
cnt = atomicio(vwrite, proxyfd, buf, r);
if (cnt != r)
- err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
if (authretry > 1) {
char resp[1024];
proxypass = getproxypass(proxyuser, proxyhost);
- r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp,
sizeof(resp)) == -1)
errx(1, "Proxy username/password too long");
- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
+ r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: "
"Basic %s\r\n", resp);
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "Proxy auth response too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r);
}
/* Terminate headers */
@@ -368,22 +368,22 @@ socks_connect(const char *host, const ch
err(1, "write failed (%zu/2)", cnt);
/* Read status reply */
- proxy_read_line(proxyfd, buf, sizeof(buf));
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
if (proxyuser != NULL &&
- strncmp(buf, "HTTP/1.0 407 ", 12) == 0) {
+ strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) {
if (authretry > 1) {
fprintf(stderr, "Proxy authentication "
"failed\n");
}
close(proxyfd);
goto again;
- } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 &&
- strncmp(buf, "HTTP/1.1 200 ", 12) != 0)
+ } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 &&
+ strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0)
errx(1, "Proxy error: \"%s\"", buf);
/* Headers continue until we hit an empty line */
for (r = 0; r < HTTP_MAXHDRS; r++) {
- proxy_read_line(proxyfd, buf, sizeof(buf));
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
if (*buf == '\0')
break;
}

160
quit-timer.patch
View File

@ -1,74 +1,133 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2010-04-18 20:02:55.240980186 -0400
+++ netcat-openbsd-1.89/netcat.c 2010-04-18 20:04:41.987984568 -0400
@@ -47,6 +47,7 @@
#include <errno.h>
#include <netdb.h>
#include <poll.h>
+#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -82,6 +83,7 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 15:16:04 +0800
Subject: quit timer
---
nc.1 | 10 ++++++++++
netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 51 insertions(+), 9 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -41,6 +41,7 @@
.Op Fl O Ar length
.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
+.Op Fl q Ar seconds
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -173,6 +174,15 @@ Proxy authentication is only supported f
Specifies the source port
.Nm
should use, subject to privilege restrictions and availability.
+.It Fl q Ar seconds
+after EOF on stdin, wait the specified number of
+.Ar seconds
+and then quit. If
+.Ar seconds
+is negative, wait forever (default). Specifying a non-negative
+.Ar seconds
+implies
+.Fl N .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
instead of sequentially within a range or in the order that the system
--- a/netcat.c
+++ b/netcat.c
@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc
int nflag; /* Don't do name look up */
char *Pflag; /* Proxy username */
char *pflag; /* Localport flag */
+int qflag = -1; /* Quit after some secs */
+int qflag = -1; /* Quit after some secs */
int rflag; /* Random ports flag */
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
@@ -114,6 +116,7 @@
@@ -218,6 +219,8 @@ ssize_t fillbuf(int, unsigned char *, si
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
+static void quit();
+
int
main(int argc, char *argv[])
@@ -137,7 +140,7 @@
sv = NULL;
{
@@ -246,9 +249,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) {
+ "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x:zC")) != -1) {
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
# endif
switch (ch) {
case '4':
family = AF_INET;
@@ -187,6 +190,9 @@
@@ -339,6 +342,13 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
+ case 'q':
+ qflag = (int)strtoul(optarg, &endp, 10);
+ case 'q':
+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr);
+ if (errstr)
+ errx(1, "quit timer %s: %s", errstr, optarg);
+ if (qflag >= 0)
+ Nflag = 1;
+ break;
case 'r':
rflag = 1;
break;
@@ -756,7 +762,13 @@
}
else if (pfd[1].revents & POLLHUP) {
shutdown_wr:
- shutdown(nfd, SHUT_WR);
+ /* if user asked to die after a while, arrange for it */
+ if (qflag > 0) {
+ signal(SIGALRM, quit);
+ alarm(qflag);
+ } else {
+ shutdown(nfd, SHUT_WR);
+ }
pfd[1].fd = -1;
pfd[1].events = 0;
}
@@ -951,6 +963,7 @@
\t-n Suppress name/port resolutions\n\
# if defined(TLS)
case 'R':
tls_cachanged = 1;
@@ -1253,15 +1263,27 @@ readwrite(int net_fd)
while (1) {
/* both inputs are gone, buffers are empty, we are done */
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0)
- return;
+ stdinbufpos == 0 && netinbufpos == 0) {
+ if (qflag <= 0)
+ return;
+ goto delay_exit;
+ }
/* both outputs are gone, we can't continue */
- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1)
- return;
+ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) {
+ if (qflag <= 0)
+ return;
+ goto delay_exit;
+ }
/* listen and net in gone, queues empty, done */
if (lflag && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0)
- return;
+ stdinbufpos == 0 && netinbufpos == 0) {
+ if (qflag <= 0)
+ return;
+delay_exit:
+ close(net_fd);
+ signal(SIGALRM, quit);
+ alarm(qflag);
+ }
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1936,6 +1958,7 @@ help(void)
\t-O length TCP send buffer length\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
+ \t-q secs\t quit after EOF on stdin and delay of secs\n\
\t-r Randomize remote ports\n "
#ifdef TCP_MD5SIG
" \t-S Enable the TCP MD5 signature option\n"
@@ -979,3 +992,13 @@
\t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\
\t-s source Local source address\n\
@@ -1959,9 +1982,18 @@ usage(int ret)
fprintf(stderr,
"usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
- "\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");
if (ret)
exit(1);
}
@ -79,6 +138,5 @@ Index: netcat-openbsd-1.89/netcat.c
+ */
+static void quit()
+{
+ /* XXX: should explicitly close fds here */
+ exit(0);
+}

15
reuseaddr.patch
View File

@ -1,15 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:25.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:27.000000000 -0500
@@ -554,6 +554,10 @@
if ((s = socket(res0->ai_family, res0->ai_socktype,
res0->ai_protocol)) < 0)
continue;
+
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+ if (ret == -1)
+ err(1, NULL);
#ifdef SO_REUSEPORT
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)

274
send-crlf.patch
View File

@ -1,109 +1,187 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-06-19 16:49:57.000000000 -0400
+++ netcat-openbsd-1.89/netcat.c 2008-06-19 17:04:22.000000000 -0400
@@ -73,6 +73,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int Cflag = 0; /* CRLF line-ending */
int dflag; /* detached, no stdin */
int iflag; /* Interval Flag */
int jflag; /* use jumbo frames if we can */
@@ -136,7 +137,7 @@
sv = NULL;
while ((ch = getopt(argc, argv,
- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:z")) != -1) {
+ "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -226,6 +227,9 @@
case 'T':
Tflag = parse_iptos(optarg);
break;
+ case 'C':
+ Cflag = 1;
+ break;
default:
usage(1);
}
@@ -738,8 +742,16 @@
else if (n == 0) {
goto shutdown_wr;
} else {
- if (atomicio(vwrite, nfd, buf, n) != n)
- return;
+ if ((Cflag) && (buf[n-1]=='\n')) {
+ if (atomicio(vwrite, nfd, buf, n-1) != (n-1))
+ return;
+ if (atomicio(vwrite, nfd, "\r\n", 2) != 2)
+ return;
+ }
+ else {
+ if (atomicio(vwrite, nfd, buf, n) != n)
+ return;
+ }
}
}
else if (pfd[1].revents & POLLHUP) {
@@ -944,6 +956,7 @@
#endif
" \t-s addr\t Local source address\n\
\t-T ToS\t Set IP Type of Service\n\
+ \t-C Send CRLF as line-ending\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n\
@@ -959,7 +972,7 @@
void
usage(int ret)
{
- fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-P proxy_username] [-p source_port]\n");
+ fprintf(stderr, "usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]\n");
fprintf(stderr, "\t [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]\n");
fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n");
if (ret)
Index: netcat-openbsd-1.89/nc.1
===================================================================
--- netcat-openbsd-1.89.orig/nc.1 2008-06-19 16:49:39.000000000 -0400
+++ netcat-openbsd-1.89/nc.1 2008-06-19 16:54:36.000000000 -0400
@@ -34,7 +34,7 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 14:57:45 +0800
Subject: send crlf
---
nc.1 | 6 +++--
netcat.c | 72 +++++++++++++++++++++++++++++++++++----------------------------
2 files changed, 45 insertions(+), 33 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
.Bk -words
-.Op Fl 46DdhklnrStUuvz
+.Op Fl 46DdhklnrStUuvzC
-.Op Fl 46DdFhklNnrStUuvz
+.Op Fl 46CDdFhklNnrStUuvz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
@@ -140,6 +140,10 @@
It is an error to use this option in conjunction with the
.Fl l
option.
+.It Fl q
+after EOF on stdin, wait the specified number of seconds and then quit. If
+.Ar seconds
+is negative, wait forever.
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
instead of sequentially within a range or in the order that the system
@@ -159,6 +163,8 @@
.Dq reliability ,
or an 8-bit hexadecimal value preceded by
.Dq 0x .
+.It Fl C
+Send CRLF as line-ending
.It Fl t
Causes
.Op Fl M Ar ttl
@@ -95,6 +95,8 @@ to use IPv4 addresses only.
Forces
.Nm
@@ -317,7 +323,7 @@
to use IPv6 addresses only.
+.It Fl C
+Send CRLF as line-ending.
.It Fl D
Enable debugging on the socket.
.It Fl d
@@ -379,7 +381,7 @@ More complicated examples can be built u
of requests required by the server.
As another example, an email may be submitted to an SMTP server using:
.Bd -literal -offset indent
-$ nc localhost 25 \*(Lt\*(Lt EOF
+$ nc [-C] localhost 25 \*(Lt\*(Lt EOF
+$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF
HELO host.example.com
MAIL FROM:\*(Ltuser@host.example.com\*(Gt
RCPT TO:\*(Ltuser2@host.example.com\*(Gt
--- a/netcat.c
+++ b/netcat.c
@@ -163,6 +163,8 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
+# else
+int Cflag = 0; /* CRLF line-ending */
# endif
int timeout = -1;
@@ -209,7 +211,7 @@ ssize_t fillbuf(int, unsigned char *, si
void tls_setup_client(struct tls *, int, char *);
struct tls *tls_setup_server(struct tls *, int, char *);
# else
-ssize_t drainbuf(int, unsigned char *, size_t *);
+ssize_t drainbuf(int, unsigned char *, size_t *, int);
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@@ -246,7 +248,7 @@ main(int argc, char *argv[])
# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
# else
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
# endif
switch (ch) {
case '4':
@@ -275,6 +277,10 @@ main(int argc, char *argv[])
case 'c':
usetls = 1;
break;
+# else
+ case 'C':
+ Cflag = 1;
+ break;
# endif
case 'd':
dflag = 1;
@@ -1257,12 +1263,6 @@ readwrite(int net_fd)
stdinbufpos == 0 && netinbufpos == 0)
return;
- /* help says -i is for "wait between lines sent". We read and
- * write arbitrary amounts of data, and we don't want to start
- * scanning for newlines, so this is as good as it gets */
- if (iflag)
- sleep(iflag);
-
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1342,7 +1342,7 @@ readwrite(int net_fd)
pfd[POLL_NETOUT].events = POLLOUT;
else
# else
- &stdinbufpos);
+ &stdinbufpos, (iflag || Cflag) ? 1 : 0);
# endif
if (ret == -1)
pfd[POLL_NETOUT].fd = -1;
@@ -1395,7 +1395,7 @@ readwrite(int net_fd)
pfd[POLL_STDOUT].events = POLLOUT;
else
# else
- &netinbufpos);
+ &netinbufpos, 0);
# endif
if (ret == -1)
pfd[POLL_STDOUT].fd = -1;
@@ -1421,31 +1421,40 @@ readwrite(int net_fd)
}
ssize_t
-# if defined(TLS)
-drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
-# else
-drainbuf(int fd, unsigned char *buf, size_t *bufpos)
-# endif
+drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline)
{
- ssize_t n;
+ ssize_t n, r;
ssize_t adjust;
+ unsigned char *lf = NULL;
-# if defined(TLS)
- if (tls)
- n = tls_write(tls, buf, *bufpos);
- else {
-# endif
- n = write(fd, buf, *bufpos);
- /* don't treat EAGAIN, EINTR as error */
- if (n == -1 && (errno == EAGAIN || errno == EINTR))
-# if defined(TLS)
- n = TLS_WANT_POLLOUT;
- }
-# else
- n = -2;
-# endif
+ if (oneline)
+ lf = memchr(buf, '\n', *bufpos);
+ if (lf == NULL) {
+ n = *bufpos;
+ oneline = 0;
+ }
+ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) {
+ n = lf - buf;
+ oneline = 2;
+ }
+ else
+ n = lf - buf + 1;
+ if (n > 0)
+ n = write(fd, buf, n);
+
+ /* don't treat EAGAIN, EINTR as error */
+ if (n == -1 && (errno == EAGAIN || errno == EINTR))
+ n = -2;
+ if (oneline == 2 && n >= 0)
+ n++;
if (n <= 0)
return n;
+
+ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2)
+ err(1, "write failed (%zu/2)", r);
+ if (oneline > 0 && iflag)
+ sleep(iflag);
+
/* adjust buffer */
adjust = *bufpos - n;
if (adjust > 0)
@@ -1911,6 +1920,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
\t-F Pass socket fd\n\
@@ -1947,7 +1957,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"

77
serialized-handling-multiple-clients.patch Normal file
View File

@ -0,0 +1,77 @@
From: Aron Xu <aron@debian.org>
Date: Tue, 14 Feb 2012 23:02:00 +0800
Subject: serialized handling multiple clients
---
netcat.c | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -664,7 +664,20 @@ main(int argc, char *argv[])
s = unix_bind(host, 0);
else
s = unix_listen(host);
- }
+ } else
+ s = local_listen(host, uport, hints);
+ if (s < 0)
+ err(1, NULL);
+
+ char* local;
+ if (family == AF_INET6)
+ local = ":::";
+ else
+ local = "0.0.0.0";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
# if defined(TLS)
if (usetls) {
@@ -678,22 +691,7 @@ main(int argc, char *argv[])
# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
- if (family != AF_UNIX)
- s = local_listen(host, uport, hints);
- if (s < 0)
- err(1, NULL);
-
- char* local;
- if (family == AF_INET6)
- local = "0.0.0.0";
- else if (family == AF_INET)
- local = ":::";
- else
- local = "unknown";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
- host ?: local,
- family,
- *uport);
+
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -760,15 +758,16 @@ main(int argc, char *argv[])
# endif
close(connfd);
}
- if (family != AF_UNIX)
+ if (kflag)
+ continue;
+ if (family != AF_UNIX) {
close(s);
+ }
else if (uflag) {
if (connect(s, NULL, 0) < 0)
err(1, "connect");
}
-
- if (!kflag)
- break;
+ break;
}
} else if (family == AF_UNIX) {
ret = 0;

95
set-TCP-MD5SIG-correctly-for-client-connections.patch Normal file
View File

@ -0,0 +1,95 @@
From: Thomas Habets <habets@google.com>
Date: Sat, 18 Feb 2017 21:07:22 +0000
Subject: Set TCP MD5SIG correctly for client connections
---
netcat.c | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -47,6 +47,9 @@
#ifdef __linux__
# include <linux/in6.h>
#endif
+#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+# include <bsd/readpassphrase.h>
+#endif
#ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10
@@ -172,6 +175,9 @@ char *tls_expecthash; /* required hash
int Cflag = 0; /* CRLF line-ending */
# endif
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
+# endif
int timeout = -1;
int family = AF_UNSPEC;
char *portlist[PORT_MAX+1];
@@ -200,7 +206,7 @@ int udptest(int);
int unix_bind(char *, int);
int unix_connect(char *);
int unix_listen(char *);
-void set_common_sockopts(int, int);
+void set_common_sockopts(int, const struct sockaddr *);
int map_tos(char *, int *);
# if defined(TLS)
int map_tls(char *, int *);
@@ -427,7 +433,10 @@ main(int argc, char *argv[])
break;
# endif
case 'S':
-# if defined(TCP_MD5SIG)
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+ if (readpassphrase("TCP MD5SIG password: ",
+ Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL)
+ errx(1, "Unable to read TCP MD5SIG password");
Sflag = 1;
# else
errx(1, "no TCP MD5 signature support available");
@@ -1120,7 +1129,7 @@ remote_connect(const char *host, const c
freeaddrinfo(ares);
}
- set_common_sockopts(s, res->ai_family);
+ set_common_sockopts(s, res->ai_addr);
char *proto = proto_name(uflag, dccpflag);
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
@@ -1274,7 +1283,7 @@ local_listen(char *host, char *port, str
err(1, NULL);
# endif
- set_common_sockopts(s, res->ai_family);
+ set_common_sockopts(s, res->ai_addr);
if (bind(s, (struct sockaddr *)res->ai_addr,
res->ai_addrlen) == 0)
@@ -1788,14 +1797,22 @@ udptest(int s)
}
void
-set_common_sockopts(int s, int af)
+set_common_sockopts(int s, const struct sockaddr* sa)
{
int x = 1;
+ int af = sa->sa_family;
-# if defined(TCP_MD5SIG)
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {
+ struct tcp_md5sig sig;
+ memset(&sig, 0, sizeof(sig));
+ memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage));
+ sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password)
+ ? TCP_MD5SIG_MAXKEYLEN
+ : strlen(Sflag_password);
+ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen);
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
- &x, sizeof(x)) == -1)
+ &sig, sizeof(sig)) == -1)
err(1, NULL);
}
# endif

13
silence-z.patch
View File

@ -1,13 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-06-19 16:33:52.000000000 -0400
+++ netcat-openbsd-1.89/netcat.c 2008-06-19 16:34:58.000000000 -0400
@@ -364,7 +364,7 @@
continue;
ret = 0;
- if (vflag || zflag) {
+ if (vflag) {
/* For UDP, make sure we are connected. */
if (uflag) {
if (udptest(s) == -1) {

13
socks-b64-prototype.patch
View File

@ -1,13 +0,0 @@
Index: netcat-openbsd-1.89/socks.c
===================================================================
--- netcat-openbsd-1.89.orig/socks.c 2008-06-19 16:30:45.000000000 -0400
+++ netcat-openbsd-1.89/socks.c 2008-06-19 16:30:36.000000000 -0400
@@ -53,6 +53,8 @@
#define SOCKS_DOMAIN 3
#define SOCKS_IPV6 4
+extern int b64_ntop(unsigned char const *, size_t, char *, size_t);
+
int remote_connect(const char *, const char *, struct addrinfo);
int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int,

26
udp-scan-timeout.patch
View File

@ -1,8 +1,14 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:30.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:34.000000000 -0500
@@ -69,6 +69,8 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 15:29:37 +0800
Subject: udp scan timeout
---
netcat.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -129,6 +129,8 @@
#define CONNECTION_FAILED 1
#define CONNECTION_TIMEOUT 2
@ -10,17 +16,17 @@ Index: netcat-openbsd-1.89/netcat.c
+
/* Command Line Options */
int dflag; /* detached, no stdin */
int iflag; /* Interval Flag */
@@ -376,7 +378,7 @@
int Fflag; /* fdpass sock to stdout */
@@ -774,7 +776,7 @@ main(int argc, char *argv[])
continue;
ret = 0;
- if (vflag) {
+ if (vflag && !uflag) {
- if (vflag || zflag) {
+ if (vflag) {
/* For UDP, make sure we are connected. */
if (uflag) {
if (udptest(s) == -1) {
@@ -841,15 +843,20 @@
@@ -1693,15 +1695,20 @@ build_ports(char *p)
int
udptest(int s)
{

17
verbose-message-to-stderr.patch
View File

@ -1,17 +0,0 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2010-02-09 10:29:21.000000000 +0100
+++ netcat-openbsd-1.89/netcat.c 2010-02-09 10:29:45.000000000 +0100
@@ -421,9 +421,9 @@ main(int argc, char *argv[])
uflag ? "udp" : "tcp");
}
- printf("Connection to %s %s port [%s/%s] succeeded!\n",
- host, portlist[i], uflag ? "udp" : "tcp",
- sv ? sv->s_name : "*");
+ fprintf(stderr, "Connection to %s %s port [%s/%s] "
+ "succeeded!\n", host, portlist[i],
+ uflag ? "udp" : "tcp", sv ? sv->s_name : "*");
}
if (!zflag)
readwrite(s);

73
verbose-numeric-port.patch
View File

@ -1,24 +1,47 @@
Index: netcat-openbsd-1.89/netcat.c
===================================================================
--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:34.000000000 -0500
+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:44.000000000 -0500
@@ -41,6 +41,7 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 15:38:15 +0800
Subject: verbose numeric port
---
netcat.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -43,6 +43,7 @@
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <arpa/telnet.h>
+#include <arpa/inet.h>
#include <err.h>
#include <errno.h>
@@ -317,16 +318,15 @@
if (uflag) {
int rv, plen;
char buf[8192];
- struct sockaddr_storage z;
#ifdef __linux__
# include <linux/in6.h>
#endif
@@ -651,6 +652,18 @@ main(int argc, char *argv[])
s = local_listen(host, uport, hints);
if (s < 0)
err(1, NULL);
+
+ char* local;
+ if (family == AF_INET6)
+ local = "0.0.0.0";
+ else if (family == AF_INET)
+ local = ":::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -671,14 +684,14 @@ main(int argc, char *argv[])
char buf[16384];
struct sockaddr_storage z;
- len = sizeof(z);
+ len = sizeof(cliaddr);
plen = jflag ? 8192 : 1024;
plen = 2048;
rv = recvfrom(s, buf, plen, MSG_PEEK,
- (struct sockaddr *)&z, &len);
+ (struct sockaddr *)&cliaddr, &len);
@ -30,25 +53,3 @@ Index: netcat-openbsd-1.89/netcat.c
if (rv < 0)
err(1, "connect");
@@ -337,6 +337,21 @@
&len);
}
+ if(vflag) {
+ /* Don't look up port if -n. */
+ if (nflag)
+ sv = NULL;
+ else
+ sv = getservbyport(ntohs(atoi(uport)),
+ uflag ? "udp" : "tcp");
+
+ fprintf(stderr, "Connection from %s port %s [%s/%s] accepted\n",
+ inet_ntoa(((struct sockaddr_in *)(&cliaddr))->sin_addr),
+ uport,
+ uflag ? "udp" : "tcp",
+ sv ? sv->s_name : "*");
+ }
+
readwrite(connfd);
close(connfd);
if (family != AF_UNIX)