--- netcat-openbsd-1.89.orig/Makefile +++ netcat-openbsd-1.89/Makefile @@ -1,6 +1,21 @@ # $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $ PROG= nc -SRCS= netcat.c atomicio.c socks.c +SRCS= netcat.c atomicio.c socks.c \ + openbsd-compat/base64.c openbsd-compat/readpassphrase.c -.include +CC = gcc +override CFLAGS += `pkg-config --cflags glib-2.0` +INC = -Iopenbsd-compat +LIBS = `pkg-config --libs glib-2.0` +OBJS = $(SRCS:.c=.o) + +all: nc +nc: $(OBJS) + $(CC) $(OBJS) -o nc $(LIBS) + +$(OBJS): %.o: %.c + $(CC) $(CFLAGS) $(INC) -c $< -o $@ + +clean: + rm -f $(OBJS) nc --- netcat-openbsd-1.89.orig/debian/rules +++ netcat-openbsd-1.89/debian/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 + +DEB_CFLAGS = -g -Wall +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) +DEB_CFLAGS += -O0 +else +DEB_CFLAGS += -O2 +endif +ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +INSTALL_PROG = install -m 0755 +else +INSTALL_PROG = install -s -m 0755 +endif +DEB_VER = $(shell dpkg-parsechangelog | sed -n 's/^Version: //p') + +patch: patch-stamp +patch-stamp: + QUILT_PATCHES=debian/patches quilt push -a || test $$? = 2 + touch patch-stamp + +unpatch: + QUILT_PATCHES=debian/patches quilt pop -a -R || test $$? = 2 + rm -rf .pc patch-stamp + +build: build-stamp +build-stamp: patch-stamp + + $(MAKE) CFLAGS='$(DEB_CFLAGS) -DDEBIAN_VERSION=\"$(DEB_VER)\"' + touch build-stamp + +clean: unpatch + dh_testdir + dh_clean patch-stamp build-stamp + $(MAKE) clean + +install: + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(INSTALL_PROG) nc $(CURDIR)/debian/netcat-openbsd/bin/nc.openbsd + cp nc.1 $(CURDIR)/debian/netcat-openbsd/usr/share/man/man1/nc_openbsd.1 + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples debian/examples/* + dh_link + dh_strip + dh_compress -Xexamples + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch --- netcat-openbsd-1.89.orig/debian/changelog +++ netcat-openbsd-1.89/debian/changelog @@ -0,0 +1,44 @@ +netcat-openbsd (1.89-4) unstable; urgency=low + + * Quit immediately after EOF if -q is not given (i.e. make the default + equivalent to -q 0). This is the standard upstream behavior and what + other Linux distributions use. It is different from netcat-traditional, + but compatibility with other versions of OpenBSD netcat is more + important. (Closes: #502188) + + -- Decklin Foster Sun, 18 Apr 2010 20:05:08 -0400 + +netcat-openbsd (1.89-3) unstable; urgency=low + + * Silence -z flag, for compatibility with netcat-traditional (Closes: + #464564) + * Move stray line in socks.c to quilt patch series (Closes: #485160) + * Add missing documentation for -q option to man page. + + -- Decklin Foster Thu, 19 Jun 2008 16:20:01 -0400 + +netcat-openbsd (1.89-2) unstable; urgency=low + + * Replace references to "netcat-base" with "netcat-traditional" (future + name of the old netcat package). + + -- Decklin Foster Wed, 30 Jan 2008 18:24:46 -0500 + +netcat-openbsd (1.89-1) unstable; urgency=low + + * Initial release. (Closes: #145798) + * Includes support for: + - IPv6 (Closes: #461317) + - Unix domain sockets (Closes: #348564) + - SOCKS (Closes: #142898) + * Conflict with netcat versions older than netcat-traditional, so that we + can use alternatives. + * Port some features over from netcat-traditional: + - Exit successfully when printing help text (-h), and include the Debian + revision. + - Add the -q (quit on standard input EOF) flag. + - Add support for specifying ports by name (/etc/services). Unlike the + old hack for this, nc will first try to find a named service, then fall + back to numeric parsing, so no escaping is needed. + + -- Decklin Foster Mon, 21 Jan 2008 18:41:37 -0500 --- netcat-openbsd-1.89.orig/debian/netcat-openbsd.prerm +++ netcat-openbsd-1.89/debian/netcat-openbsd.prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +if [ "$1" = "remove" ]; then + update-alternatives --remove nc /bin/nc.openbsd +fi + +#DEBHELPER# --- netcat-openbsd-1.89.orig/debian/copyright +++ netcat-openbsd-1.89/debian/copyright @@ -0,0 +1,130 @@ +The netcat-openbsd Debian package was created by Soren Hansen + and by Decklin Foster , based +loosely on the original netcat package. The code itself was rewritten +by the OpenBSD project, from the original implementation by Hobbit +. + +Sources can be found at: + + http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ + +Copyright and license of netcat.c: + + Copyright (c) 2001 Eric Jackson + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Copyright and license of atomicio.c: + + Copyright (c) 2005 Anil Madhavapeddy. All rights served. + Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Copyright (c) 2005 Anil Madhavapeddy. All rights served. + Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. + +Copyright of socks.c (license is identical to that of atomicio.c): + + Copyright (c) 1999 Niklas Hallqvist. All rights reserved. + Copyright (c) 2004, 2005 Damien Miller. All rights reserved. + +Copyright and license of readpassphrase.c: + + Copyright (c) 2000-2002, 2007 Todd C. Miller + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Sponsored in part by the Defense Advanced Research Projects + Agency (DARPA) and Air Force Research Laboratory, Air Force + Materiel Command, USAF, under agreement number F39502-99-1-0512. + +Copyright and license of base64.c: + + Copyright (c) 1996 by Internet Software Consortium. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + SOFTWARE. + + Portions Copyright (c) 1995 by International Business Machines, Inc. + + International Business Machines, Inc. (hereinafter called IBM) grants + permission under its copyrights to use, copy, modify, and distribute this + Software with or without fee, provided that the above copyright notice and + all paragraphs of this notice appear in all copies, and that the name of IBM + not be used in connection with the marketing of any product incorporating + the Software or modifications thereof, without specific, written prior + permission. + + To the extent it has a right to do so, IBM grants an immunity from suit + under its patents, if any, for the use, sale or manufacture of products to + the extent that such products are used for performing Domain Name System + dynamic updates in TCP/IP networks by means of the Software. No immunity is + granted for any product per se or for any other function of any product. + + THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. --- netcat-openbsd-1.89.orig/debian/compat +++ netcat-openbsd-1.89/debian/compat @@ -0,0 +1 @@ +4 --- netcat-openbsd-1.89.orig/debian/control +++ netcat-openbsd-1.89/debian/control @@ -0,0 +1,24 @@ +Source: netcat-openbsd +Section: net +Priority: optional +Maintainer: Decklin Foster +Standards-Version: 3.7.3 +Build-Depends: quilt, debhelper (>= 4.0.0), libglib2.0-dev + +Package: netcat-openbsd +Architecture: any +Depends: ${shlibs:Depends} +Provides: netcat +Conflicts: netcat (<< 1.10-35) +Replaces: netcat (<< 1.10-35) +Description: TCP/IP swiss army knife + A simple Unix utility which reads and writes data across network + connections using TCP or UDP protocol. It is designed to be a reliable + "back-end" tool that can be used directly or easily driven by other + programs and scripts. At the same time it is a feature-rich network + debugging and exploration tool, since it can create almost any kind of + connection you would need and has several interesting built-in + capabilities. + . + This package contains the OpenBSD rewrite of netcat, including support + for IPv6, proxies, and Unix sockets. --- netcat-openbsd-1.89.orig/debian/netcat-openbsd.README.Debian +++ netcat-openbsd-1.89/debian/netcat-openbsd.README.Debian @@ -0,0 +1,41 @@ +OpenBSD netcat for Debian +------------------------- + +This package has been rebased on OpenBSD's implementation of netcat. The +code has been massively cleaned up, and important functionality has been +added. + + -- Soren Hansen Tue, 15 Jan 2008 10:38:34 +0100 + +The OpenBSD implementation has been split from netcat-traditional for +two reasons (not counting sentimental value): + + 1. Netcat should be part of the base system; OpenBSD netcat uses + strlcpy. While there is already a perfectly good implementation of + strlcpy in Debian, it is part of glib, which is not included in base. + 2. Packages should not be replaced under users' feet; a transitional + package will be provided for lenny so that users can note the new + package and switch if they wish. + +You may install this package alongside netcat-traditional; they both +use the alternatives system for nc(1) as well as the deprecated alias +netcat(1). Other implementations of netcat with compatible command line +options are encouraged to also do so and provide the virtual package +"netcat". + +The following features from netcat-traditional will not be added to this +package: + + * The -e and -c options (This should be done by redirecting the + appropriate file descriptors, not within netcat. How to do so should + be better documented.) + * Printing "connection refused" messages when -v is not specified + (because there is only one level of verbosity in this netcat, and + that message is primarily what the option is for.) + +Anything else that netcat-traditional does that this package doesn't +is a bug. Wherever possible, command-line compatibility with the BSDs +and Fedora is desired, but it should be easy to use netcat-openbsd as a +"drop-in" replacement for netcat-traditional as well. + + -- Decklin Foster Tue, 22 Jan 2008 18:50:08 -0500 --- netcat-openbsd-1.89.orig/debian/netcat-openbsd.postinst +++ netcat-openbsd-1.89/debian/netcat-openbsd.postinst @@ -0,0 +1,13 @@ +#!/bin/sh -e + +if [ "$1" = "configure" ]; then + update-alternatives \ + --install /bin/nc nc /bin/nc.openbsd 50 \ + --slave /bin/netcat netcat /bin/nc.openbsd \ + --slave /usr/share/man/man1/nc.1.gz nc.1.gz \ + /usr/share/man/man1/nc_openbsd.1.gz \ + --slave /usr/share/man/man1/netcat.1.gz netcat.1.gz \ + /usr/share/man/man1/nc_openbsd.1.gz +fi + +#DEBHELPER# --- netcat-openbsd-1.89.orig/debian/netcat-openbsd.dirs +++ netcat-openbsd-1.89/debian/netcat-openbsd.dirs @@ -0,0 +1,2 @@ +bin +usr/share/man/man1 --- netcat-openbsd-1.89.orig/debian/examples/irc +++ netcat-openbsd-1.89/debian/examples/irc @@ -0,0 +1,79 @@ +#! /bin/sh +## Shit-simple script to supply the "privmsg " of IRC typein, and +## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port". +## Note that this mechanism makes the script easy to debug without being live, +## since it just echoes everything bound for the server. +## if you want autologin-type stuff, construct some appropriate files and +## shovel them in using the "<" mechanism. + +# magic arg: if "tick", do keepalive process instead of main loop +if test "$1" = "tick" ; then +# ignore most signals; the parent will nuke the kid +# doesn't stop ^Z, of course. + trap '' 1 2 3 13 14 15 16 + while true ; do + sleep 60 + echo "PONG !" + done +fi + +# top level: fire ourselves off as the keepalive process, and keep track of it +sh $0 tick & +ircpp=$! +echo "[Keepalive: $ircpp]" >&2 +# catch our own batch of signals: hup int quit pipe alrm term urg +trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16 +sleep 2 + +sender='' +savecmd='' + +# the big honkin' loop... +while read xx yy ; do + case "${xx}" in +# blank line: do nothing + "") + continue + ;; +# new channel or recipient; if bare ">", we're back to raw literal mode. + ">") + if test "${yy}" ; then + sender="privmsg ${yy} :" + else + sender='' + fi + continue + ;; +# send crud from a file, one line per second. Can you say "skr1pt kidz"?? +# *Note: uses current "recipient" if set. + "<") + if test -f "${yy}" ; then + ( while read zz ; do + sleep 1 + echo "${sender}${zz}" + done ) < "$yy" + echo "[done]" >&2 + else + echo "[File $yy not found]" >&2 + fi + continue + ;; +# do and save a single command, for quick repeat + "/") + if test "${yy}" ; then + savecmd="${yy}" + fi + echo "${savecmd}" + ;; +# default case goes to recipient, just like always + *) + echo "${sender}${xx} ${yy}" + continue + ;; + esac +done + +# parting shot, if you want it +echo "quit :Bye all!" +kill -9 $ircpp +exit 0 --- netcat-openbsd-1.89.orig/debian/examples/README +++ netcat-openbsd-1.89/debian/examples/README @@ -0,0 +1,5 @@ +A collection of example scripts that use netcat as a backend, each +documented by its own internal comments. + +I'll be the first to admit that some of these are seriously *sick*, +but they do work and are quite useful to me on a daily basis. --- netcat-openbsd-1.89.orig/debian/examples/web +++ netcat-openbsd-1.89/debian/examples/web @@ -0,0 +1,148 @@ +#! /bin/sh +## The web sucks. It is a mighty dismal kludge built out of a thousand +## tiny dismal kludges all band-aided together, and now these bottom-line +## clueless pinheads who never heard of "TCP handshake" want to run +## *commerce* over the damn thing. Ye godz. Welcome to TV of the next +## century -- six million channels of worthless shit to choose from, and +## about as much security as today's cable industry! +## +## Having grown mightily tired of pain in the ass browsers, I decided +## to build the minimalist client. It doesn't handle POST, just GETs, but +## the majority of cgi forms handlers apparently ignore the method anyway. +## A distinct advantage is that it *doesn't* pass on any other information +## to the server, like Referer: or info about your local machine such as +## Netscum tries to! +## +## Since the first version, this has become the *almost*-minimalist client, +## but it saves a lot of typing now. And with netcat as its backend, it's +## totally the balls. Don't have netcat? Get it here in /src/hacks! +## _H* 950824, updated 951009 et seq. +## +## args: hostname [port]. You feed it the filename-parts of URLs. +## In the loop, HOST, PORT, and SAVE do the right things; a null line +## gets the previous spec again [useful for initial timeouts]; EOF to exit. +## Relative URLs behave like a "cd" to wherever the last slash appears, or +## just use the last component with the saved preceding "directory" part. +## "\" clears the "filename" part and asks for just the "directory", and +## ".." goes up one "directory" level while retaining the "filename" part. +## Play around; you'll get used to it. + +if test "$1" = "" ; then + echo Needs hostname arg. + exit 1 +fi +umask 022 + +# optional PATH fixup +# PATH=${HOME}:${PATH} ; export PATH + +test "${PAGER}" || PAGER=more +BACKEND="nc -v -w 15" +TMPAGE=/tmp/web$$ +host="$1" +port="80" +if test "$2" != "" ; then + port="$2" +fi + +spec="/" +specD="/" +specF='' +saving='' + +# be vaguely smart about temp file usage. Use your own homedir if you're +# paranoid about someone symlink-racing your shell script, jeez. +rm -f ${TMPAGE} +test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1 + +# get loopy. Yes, I know "echo -n" aint portable. Everything echoed would +# need "\c" tacked onto the end in an SV universe, which you can fix yourself. +while echo -n "${specD}${specF} " && read spec ; do + case $spec in + HOST) + echo -n 'New host: ' + read host + continue + ;; + PORT) + echo -n 'New port: ' + read port + continue + ;; + SAVE) + echo -n 'Save file: ' + read saving +# if we've already got a page, save it + test "${saving}" && test -f ${TMPAGE} && + echo "=== ${host}:${specD}${specF} ===" >> $saving && + cat ${TMPAGE} >> $saving && echo '' >> $saving + continue + ;; +# changing the logic a bit here. Keep a state-concept of "current dir" +# and "current file". Dir is /foo/bar/ ; file is "baz" or null. +# leading slash: create whole new state. + /*) + specF=`echo "${spec}" | sed 's|.*/||'` + specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'` + spec="${specD}${specF}" + ;; +# embedded slash: adding to the path. "file" part can be blank, too + */*) + specF=`echo "${spec}" | sed 's|.*/||'` + specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'` + ;; +# dotdot: jump "up" one level and just reprompt [confirms what it did...] + ..) + specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'` + continue + ;; +# blank line: do nothing, which will re-get the current one + '') + ;; +# hack-quoted blank line: "\" means just zero out "file" part + '\') + specF='' + ;; +# sigh + '?') + echo Help yourself. Read the script fer krissake. + continue + ;; +# anything else is taken as a "file" part + *) + specF=${spec} + ;; + esac + +# now put it together and stuff it down a connection. Some lame non-unix +# http servers assume they'll never get simple-query format, and wait till +# an extra newline arrives. If you're up against one of these, change +# below to (echo GET "$spec" ; echo '') | $BACKEND ... + spec="${specD}${specF}" + echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE} + ${PAGER} ${TMPAGE} + +# save in a format that still shows the URLs we hit after a de-html run + if test "${saving}" ; then + echo "=== ${host}:${spec} ===" >> $saving + cat ${TMPAGE} >> $saving + echo '' >> $saving + fi +done +rm -f ${TMPAGE} +exit 0 + +####### +# Encoding notes, finally from RFC 1738: +# %XX -- hex-encode of special chars +# allowed alphas in a URL: $_-.+!*'(), +# relative names *not* described, but obviously used all over the place +# transport://user:pass@host:port/path/name?query-string +# wais: port 210, //host:port/database?search or /database/type/file? +# cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz +# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords! +# local access-ctl files: ncsa: .htaccess ; cern: .www_acl +####### +# SEARCH ENGINES: fortunately, all are GET forms or at least work that way... +# multi-word args for most cases: foo+bar +# See 'websearch' for concise results of this research... --- netcat-openbsd-1.89.orig/debian/examples/webrelay +++ netcat-openbsd-1.89/debian/examples/webrelay @@ -0,0 +1,44 @@ +#! /bin/sh +## web relay -- a degenerate version of webproxy, usable with browsers that +## don't understand proxies. This just forwards connections to a given server. +## No query logging, no access control [although you can add it to XNC for +## your own run], and full-URL links will undoubtedly confuse the browser +## if it can't reach the server directly. This was actually written before +## the full proxy was, and it shows. +## The arguments in this case are the destination server and optional port. +## Please flame pinheads who use self-referential absolute links. + +# set these as you wish: proxy port... +PORT=8000 +# any extra args to the listening "nc", for instance "-s inside-net-addr" +XNC='' + +# functionality switch, which has to be done fast to start the next listener +case "${1}${RDEST}" in + "") + echo needs hostname + exit 1 + ;; +esac + +case "${1}" in + "") +# no args: fire off new relayer process NOW. Will hang around for 10 minutes + nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 & +# and handle this request, which will simply fail if vars not set yet. + exec nc -w 15 $RDEST $RPORT + ;; +esac + +# Fall here for setup; this can now be slower. +RDEST="$1" +RPORT="$2" +test "$RPORT" || RPORT=80 +export RDEST RPORT + +# Launch the first relayer same as above, but let its error msgs show up +# will hang around for a minute, and exit if no new connections arrive. +nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null & +echo \ + "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT" +exit 0 --- netcat-openbsd-1.89.orig/debian/examples/ncp +++ netcat-openbsd-1.89/debian/examples/ncp @@ -0,0 +1,46 @@ +#! /bin/sh +## Like "rcp" but uses netcat on a high port. +## do "ncp targetfile" on the RECEIVING machine +## then do "ncp sourcefile receivinghost" on the SENDING machine +## if invoked as "nzp" instead, compresses transit data. + +## pick your own personal favorite port, which will be used on both ends. +## You should probably change this for your own uses. +MYPORT=23456 + +## if "nc" isn't systemwide or in your PATH, add the right place +# PATH=${HOME}:${PATH} ; export PATH + +test "$3" && echo "too many args" && exit 1 +test ! "$1" && echo "no args?" && exit 1 +me=`echo $0 | sed 's+.*/++'` +test "$me" = "nzp" && echo '[compressed mode]' + +# if second arg, it's a host to send an [extant] file to. +if test "$2" ; then + test ! -f "$1" && echo "can't find $1" && exit 1 + if test "$me" = "nzp" ; then + compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0 + else + nc -v -w 2 $2 $MYPORT < "$1" && exit 0 + fi + echo "transfer FAILED!" + exit 1 +fi + +# fall here for receiver. Ask before trashing existing files +if test -f "$1" ; then + echo -n "Overwrite $1? " + read aa + test ! "$aa" = "y" && echo "[punted!]" && exit 1 +fi +# 30 seconds oughta be pleeeeenty of time, but change if you want. +if test "$me" = "nzp" ; then + nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0 +else + nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0 +fi +echo "transfer FAILED!" +# clean up, since even if the transfer failed, $1 is already trashed +rm -f "$1" +exit 1 --- netcat-openbsd-1.89.orig/debian/examples/probe +++ netcat-openbsd-1.89/debian/examples/probe @@ -0,0 +1,50 @@ +#! /bin/sh +## launch a whole buncha shit at yon victim in no particular order; capture +## stderr+stdout in one place. Run as root for rservice and low -p to work. +## Fairly thorough example of using netcat to collect a lot of host info. +## Will set off every intrusion alarm in existence on a paranoid machine! + +# where .d files are kept; "." if nothing else +DDIR=../data +# address of some well-connected router that groks LSRR +GATE=192.157.69.11 + +# might conceivably wanna change this for different run styles +UCMD='nc -v -w 8' + +test ! "$1" && echo Needs victim arg && exit 1 + +echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1 +echo '0' | $UCMD "$1" 79 2>&1 +# if LSRR was passed thru, should get refusal here: +$UCMD -z -r -g $GATE "$1" 6473 2>&1 +$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1 +# -s `hostname` may be wrong for some multihomed machines +echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1 +echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1 +rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1 +echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1 +# newline after any telnet trash +echo '' +echo PASV | $UCMD -r "$1" 21 2>&1 +echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1 +# sometimes contains useful directory info: +echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1 +# now the big red lights go on +rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1 +rservice root root | $UCMD -r "$1" exec 2>&1 +echo 'BEGIN big udp -- everything may look "open" if packet-filtered' +data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1 +# no wait-time, uses RTT hack +nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1 +nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1 +echo 'END big udp' +$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1 +# Use our identd-sniffer! +iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1 +# this gets pretty intrusive, but what the fuck. Probe for portmap first +if nc -w 5 -z -u "$1" 111 ; then + showmount -e "$1" 2>&1 + rpcinfo -p "$1" 2>&1 +fi +exit 0 --- netcat-openbsd-1.89.orig/debian/examples/webproxy +++ netcat-openbsd-1.89/debian/examples/webproxy @@ -0,0 +1,141 @@ +#! /bin/sh +## Web proxy, following the grand tradition of Web things being handled by +## gross scripts. Uses netcat to listen on a high port [default 8000], +## picks apart requests and sends them on to the right place. Point this +## at the browser client machine you'll be coming from [to limit access to +## only it], and point the browser's concept of an HTTP proxy to the +## machine running this. Takes a single argument of the client that will +## be using it, and rejects connections from elsewhere. LOGS the queries +## to a configurable logfile, which can be an interesting read later on! +## If the argument is "reset", the listener and logfile are cleaned up. +## +## This works surprisingly fast and well, for a shell script, although may +## randomly fail when hammered by a browser that tries to open several +## connections at once. Drop the "maximum connections" in your browser if +## this is a problem. +## +## A more degenerate case of this, or preferably a small C program that +## does the same thing under inetd, could handle a small site's worth of +## proxy queries. Given the way browsers are evolving, proxies like this +## can play an important role in protecting your own privacy. +## +## If you grabbed this in ASCII mode, search down for "eew" and make sure +## the embedded-CR check is intact, or requests might hang. +## +## Doesn't handle POST forms. Who cares, if you're just watching HTTV? +## Dumbness here has a highly desirable side effect: it only sends the first +## GET line, since that's all you really ever need to send, and suppresses +## the other somewhat revealing trash that most browsers insist on sending. +## +## To use the proxy, export `http_proxy' in your environment, e.g. +## `http_proxy=http://localhost:8000'. + +# set these as you wish: proxy port... +PORT=8000 +# logfile spec: a real file or /dev/null if you don't care +LFILE=${0}.log +# optional: where to dump connect info, so you can see if anything went wrong +# CFILE=${0}.conn +# optional extra args to the listener "nc", for instance "-s inside-net-addr" +# XNC='' + +# functionality switch has to be done fast, so the next listener can start +# prelaunch check: if no current client and no args, bail. +case "${1}${CLIENT}" in + "") + echo needs client hostname + exit 1 + ;; +esac + +case "${1}" in + "") +# Make like inetd, and run the next relayer process NOW. All the redirection +# is necessary so this shell has NO remaining channel open to the net. +# This will hang around for 10 minutes, and exit if no new connections arrive. +# Using -n for speed, avoiding any DNS/port lookups. + nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \ + 2> $CFILE & + ;; +esac + +# no client yet and had an arg, this checking can be much slower now +umask 077 + +if test "$1" ; then +# if magic arg, just clean up and then hit our own port to cause server exit + if test "$1" = "reset" ; then + rm -f $LFILE + test -f "$CFILE" && rm -f $CFILE + nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1 + exit 0 + fi +# find our ass with both hands + test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1 +# correct launch: set up client access control, passed along thru environment. + CLIENT="$1" + export CLIENT + test "$CFILE" || CFILE=/dev/null + export CFILE + touch "$CFILE" +# tell us what happened during the last run, if possible + if test -f "$CFILE" ; then + echo "Last connection results:" + cat $CFILE + fi + +# ping client machine and get its bare IP address + CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'` + test ! "$CLIENT" && echo "Can't find address of $1" && exit 1 + +# if this was an initial launch, be informative about it + echo "=== Launch: $CLIENT" >> $LFILE + echo "Proxy running -- will accept connections on $PORT from $CLIENT" + echo " Logging queries to $LFILE" + test -f "$CFILE" && echo " and connection fuckups to $CFILE" + +# and run the first listener, showing us output just for the first hit + nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" & + exit 0 +fi + +# Fall here to handle a page. +# GET type://host.name:80/file/path HTTP/1.0 +# Additional: trash +# More: trash +# + +read x1 x2 x3 x4 +echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE +test "$x4" && echo "extra junk after request: $x4" && exit 0 +# nuke questionable characters and split up the request +hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'` +# echo massaged hurl: $hurl >> $LFILE +hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"` +hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"` +test "$hp" = "$hh" && hp=80 +hf=`echo "$hurl" | sed -e "s+[^/]*++"` +# echo total split: $hh : $hp : $hf >> $LFILE +# suck in and log the entire request, because we're curious +# Fails on multipart stuff like forms; oh well... +if test "$x3" ; then + while read xx ; do + echo "${xx}" >> $LFILE + test "${xx}" || break +# eew, buried returns, gross but necessary for DOS stupidity: + test "${xx}" = " " && break + done +fi +# check for non-GET *after* we log the query... +test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0 +# no, you can *not* phone home, you miserable piece of shit +test "`echo $hh | fgrep -i netscap`" && \ + echo "access to Netscam's servers DENIED." && exit 0 +# Do it. 30 sec net-wait time oughta be *plenty*... +# Some braindead servers have forgotten how to handle the simple-query syntax. +# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc... +echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \ + echo "oops, can't get to $hh : $hp". +echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE +exit 0 + --- netcat-openbsd-1.89.orig/debian/examples/alta +++ netcat-openbsd-1.89/debian/examples/alta @@ -0,0 +1,33 @@ +#! /bin/sh +## special handler for altavista, since they only hand out chunks of 10 at +## a time. Tries to isolate out results without the leading/trailing trash. +## multiword arguments are foo+bar, as usual. +## Second optional arg switches the "what" field, to e.g. "news" + +test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1 +WHAT="web" +test "${2}" && WHAT="${2}" + +# convert multiple args +PLUSARG="`echo $* | sed 's/ /+/g'`" + +# Plug in arg. only doing simple-q for now; pg=aq for advanced-query +# embedded quotes define phrases; otherwise it goes wild on multi-words +QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\"" + +# ping 'em once, to get the routing warm +nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null +echo "=== Altavista ===" + +for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \ + 190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do + echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \ + egrep '^ /dev/null & + PROC=$! + sleep 3 + echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1 + sleep 2 +# does this look like a lamer script or what... + kill -HUP $PROC + RP=`expr ${RP} + 1` + shift +done + --- netcat-openbsd-1.89.orig/debian/examples/websearch +++ netcat-openbsd-1.89/debian/examples/websearch @@ -0,0 +1,77 @@ +#! /bin/sh +## Hit the major search engines. Hose the [large] output to a file! +## autoconverts multiple arguments into the right format for given servers -- +## usually worda+wordb, with certain lame exceptions like dejanews. +## Extracting and post-sorting the URLs is highly recommended... +## +## Altavista currently handled by a separate script; may merge at some point. +## +## _H* original 950824, updated 951218 and 960209 + +test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1 +PLUSARG="`echo $* | sed 's/ /+/g'`" +PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`" +IFILE=/tmp/.webq.$$ + +# Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit. +doquery () { + echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3" +} + +# changed since original: now supplying port numbers and separator lines... + +echo "=== Yahoo ===" +doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80 + +echo '' ; echo "=== Webcrawler ===" +doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80 + +# the infoseek lamers want "registration" before they do a real search, but... +echo '' ; echo "=== Infoseek ===" +echo " is broken." +# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80 +# ... which doesn't work cuz their lame server wants the extra newlines, WITH +# CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If +# you want to play, the basic idea and query formats follow. +# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE +# echo "" >> $IFILE +# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE + +# this is kinda flakey; might have to do twice?? +echo '' ; echo "=== Opentext ===" +doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \ + search.opentext.com 80 + +# looks like inktomi will only take hits=100, or defaults back to 30 +# we try to suppress all the stupid rating dots here, too +echo '' ; echo "=== Inktomi ===" +doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \ + sed '/^$/d' + +#djnews lame shit limits hits to 120 and has nonstandard format +echo '' ; echo "=== Dejanews ===" +doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \ + smithers.dejanews.com 80 + +# OLD lycos: used to work until they fucking BROKE it... +# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \ +# query5.lycos.cs.cmu.edu 80 +# NEW lycos: wants the User-agent field present in query or it returns nothing +# 960206: webmaster@lycos duly bitched at +# 960208: reply received; here's how we will now handle it: +echo \ +"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \ + > $IFILE +echo "User-agent: *FUCK OFF*" >> $IFILE +echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE +echo '' >> $IFILE +echo '' ; echo "=== Lycos ===" +nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE + +rm -f $IFILE +exit 0 + +# CURRENTLY BROKEN [?] +# infoseek + +# some args need to be redone to ensure whatever "and" mode applies --- netcat-openbsd-1.89.orig/debian/examples/bsh +++ netcat-openbsd-1.89/debian/examples/bsh @@ -0,0 +1,29 @@ +#! /bin/sh +## a little wrapper to "password" and re-launch a shell-listener. +## Arg is taken as the port to listen on. Define "NC" to point wherever. + +NC=nc + +case "$1" in + ?* ) + LPN="$1" + export LPN + sleep 1 + echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 & + echo "launched on port $LPN" + exit 0 + ;; +esac + +# here we play inetd +echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 & + +while read qq ; do +case "$qq" in +# here's yer password + gimme ) + cd / + exec csh -i + ;; +esac +done --- netcat-openbsd-1.89.orig/debian/examples/dist.sh +++ netcat-openbsd-1.89/debian/examples/dist.sh @@ -0,0 +1,23 @@ +#! /bin/sh +## This is a quick example listen-exec server, which was used for a while to +## distribute netcat prereleases. It illustrates use of netcat both as a +## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly +## functional server that restarts its own listener and does full connection +## logging. In a half-screen of shell script!! + +PORT=31337 + +sleep 1 +SRC=`tail -1 dist.log` +echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1 +echo ";;; Hi, ${SRC}..." +echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded." +echo ";;; Unless you are capturing this somehow, it won't do you much good." +echo ";;; Ready?? Here it comes! Have phun ..." +sleep 8 +cat dist.file +sleep 1 +./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 & +sleep 1 +echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1 +exit 0 --- netcat-openbsd-1.89.orig/debian/examples/contrib/ncmeter +++ netcat-openbsd-1.89/debian/examples/contrib/ncmeter @@ -0,0 +1,82 @@ +#! /bin/bash + +# script to measure the speed of netcat. +# start with one argument for usage information +# +# Tools that are used by this script are: +# nc, bc, wc, sed, awk +# +# Author: Karsten Priegnitz (koem@petoria.de) + +NCPORT=23457 +WAIT=1 + +# determine the programme's name +me=`echo $0 | sed 's+.*/++'` + +# check number of arguments provided +if [ $# -ne 0 -a $# -ne 2 ]; then + echo "Usage:" + echo + echo " On the transmitter side:" + echo " $me " + echo + echo " The is to be given in byte but you" + echo " also can supply M or K for MegaByte and KiloByte." + echo " Example: $me 10.1.1.3 20M" + echo + echo " On the receiver side:" + echo " $me" + echo + echo " Start $me on the receiver side before starting it" + echo " on the transmitter side. Stop the receiver by pressing" + echo " and holding Ctrl-C." + exit 1 +fi + +# are we the receiver? +if [ $# -eq 0 ]; then + # yes, we are + while true; do + echo "waiting to receive data... (quit: press and hold Ctrl-C)" + + # wait for data and count bytes + AMOUNT=`nc -v -w 120 -l -p $NCPORT | wc -c | awk '{print $1}'` + + # display amount of data received + echo $AMOUNT byte of data received + echo + + # sleep, so that the loop can be + # interrupted by pressing Ctrl-C + sleep 1 + done +fi + +# we are the sender +echo "sending data..." + +# calculate the amount of data to be sent +AMOUNT=`echo $2|sed s/[mM]/\*1048576/g | sed s/[kK]/\*1024/g | bc` + +# send data and measure the time spent +TEMP=/tmp/$me.tx +( time -p dd if=/dev/zero bs=$AMOUNT count=1 2>/dev/null | nc -v -w $WAIT $1 $NCPORT ) 2>"$TEMP" || cat "$TEMP" + +# read the time needed +REAL=`grep "^real" "$TEMP" | awk '{print $2}'` +rm "$TEMP" +# subtract the wait times +DOUBLEWAIT=$(($WAIT * 2)) +NEEDED=`echo $REAL - $DOUBLEWAIT|bc` + +# calculate and print speed +BPS=`echo "scale=3;$AMOUNT / $NEEDED"|bc` +KBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1024"|bc` +MBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1048576"|bc` + +echo "time needed: ${NEEDED}s" +echo "byte per second: $BPS" +echo "KByte per second: $KBPS" +echo "MByte per second: $MBPS" + --- netcat-openbsd-1.89.orig/debian/patches/send-crlf.patch +++ netcat-openbsd-1.89/debian/patches/send-crlf.patch @@ -0,0 +1,109 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-06-19 16:49:57.000000000 -0400 ++++ netcat-openbsd-1.89/netcat.c 2008-06-19 17:04:22.000000000 -0400 +@@ -73,6 +73,7 @@ + #define UDP_SCAN_TIMEOUT 3 /* Seconds */ + + /* Command Line Options */ ++int Cflag = 0; /* CRLF line-ending */ + int dflag; /* detached, no stdin */ + int iflag; /* Interval Flag */ + int jflag; /* use jumbo frames if we can */ +@@ -136,7 +137,7 @@ + sv = NULL; + + while ((ch = getopt(argc, argv, +- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:z")) != -1) { ++ "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) { + switch (ch) { + case '4': + family = AF_INET; +@@ -226,6 +227,9 @@ + case 'T': + Tflag = parse_iptos(optarg); + break; ++ case 'C': ++ Cflag = 1; ++ break; + default: + usage(1); + } +@@ -738,8 +742,16 @@ + else if (n == 0) { + goto shutdown_wr; + } else { +- if (atomicio(vwrite, nfd, buf, n) != n) +- return; ++ if ((Cflag) && (buf[n-1]=='\n')) { ++ if (atomicio(vwrite, nfd, buf, n-1) != (n-1)) ++ return; ++ if (atomicio(vwrite, nfd, "\r\n", 2) != 2) ++ return; ++ } ++ else { ++ if (atomicio(vwrite, nfd, buf, n) != n) ++ return; ++ } + } + } + else if (pfd[1].revents & POLLHUP) { +@@ -944,6 +956,7 @@ + #endif + " \t-s addr\t Local source address\n\ + \t-T ToS\t Set IP Type of Service\n\ ++ \t-C Send CRLF as line-ending\n\ + \t-t Answer TELNET negotiation\n\ + \t-U Use UNIX domain socket\n\ + \t-u UDP mode\n\ +@@ -959,7 +972,7 @@ + void + usage(int ret) + { +- fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-P proxy_username] [-p source_port]\n"); ++ fprintf(stderr, "usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]\n"); + fprintf(stderr, "\t [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]\n"); + fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n"); + if (ret) +Index: netcat-openbsd-1.89/nc.1 +=================================================================== +--- netcat-openbsd-1.89.orig/nc.1 2008-06-19 16:49:39.000000000 -0400 ++++ netcat-openbsd-1.89/nc.1 2008-06-19 16:54:36.000000000 -0400 +@@ -34,7 +34,7 @@ + .Sh SYNOPSIS + .Nm nc + .Bk -words +-.Op Fl 46DdhklnrStUuvz ++.Op Fl 46DdhklnrStUuvzC + .Op Fl i Ar interval + .Op Fl P Ar proxy_username + .Op Fl p Ar source_port +@@ -140,6 +140,10 @@ + It is an error to use this option in conjunction with the + .Fl l + option. ++.It Fl q ++after EOF on stdin, wait the specified number of seconds and then quit. If ++.Ar seconds ++is negative, wait forever. + .It Fl r + Specifies that source and/or destination ports should be chosen randomly + instead of sequentially within a range or in the order that the system +@@ -159,6 +163,8 @@ + .Dq reliability , + or an 8-bit hexadecimal value preceded by + .Dq 0x . ++.It Fl C ++Send CRLF as line-ending + .It Fl t + Causes + .Nm +@@ -317,7 +323,7 @@ + of requests required by the server. + As another example, an email may be submitted to an SMTP server using: + .Bd -literal -offset indent +-$ nc localhost 25 \*(Lt\*(Lt EOF ++$ nc [-C] localhost 25 \*(Lt\*(Lt EOF + HELO host.example.com + MAIL FROM:\*(Ltuser@host.example.com\*(Gt + RCPT TO:\*(Ltuser2@host.example.com\*(Gt --- netcat-openbsd-1.89.orig/debian/patches/udp-scan-timeout.patch +++ netcat-openbsd-1.89/debian/patches/udp-scan-timeout.patch @@ -0,0 +1,50 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:30.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:34.000000000 -0500 +@@ -69,6 +69,8 @@ + #define CONNECTION_FAILED 1 + #define CONNECTION_TIMEOUT 2 + ++#define UDP_SCAN_TIMEOUT 3 /* Seconds */ ++ + /* Command Line Options */ + int dflag; /* detached, no stdin */ + int iflag; /* Interval Flag */ +@@ -376,7 +378,7 @@ + continue; + + ret = 0; +- if (vflag) { ++ if (vflag && !uflag) { + /* For UDP, make sure we are connected. */ + if (uflag) { + if (udptest(s) == -1) { +@@ -841,15 +843,20 @@ + int + udptest(int s) + { +- int i, ret; ++ int i, t; + +- for (i = 0; i <= 3; i++) { +- if (write(s, "X", 1) == 1) +- ret = 1; +- else +- ret = -1; ++ if ((write(s, "X", 1) != 1) || ++ ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))) ++ return -1; ++ ++ /* Give the remote host some time to reply. */ ++ for (i = 0, t = (timeout == -1) ? UDP_SCAN_TIMEOUT : (timeout / 1000); ++ i < t; i++) { ++ sleep(1); ++ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)) ++ return -1; + } +- return (ret); ++ return 1; + } + + void --- netcat-openbsd-1.89.orig/debian/patches/silence-z.patch +++ netcat-openbsd-1.89/debian/patches/silence-z.patch @@ -0,0 +1,13 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-06-19 16:33:52.000000000 -0400 ++++ netcat-openbsd-1.89/netcat.c 2008-06-19 16:34:58.000000000 -0400 +@@ -364,7 +364,7 @@ + continue; + + ret = 0; +- if (vflag || zflag) { ++ if (vflag) { + /* For UDP, make sure we are connected. */ + if (uflag) { + if (udptest(s) == -1) { --- netcat-openbsd-1.89.orig/debian/patches/reuseaddr.patch +++ netcat-openbsd-1.89/debian/patches/reuseaddr.patch @@ -0,0 +1,15 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:25.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:27.000000000 -0500 +@@ -554,6 +554,10 @@ + if ((s = socket(res0->ai_family, res0->ai_socktype, + res0->ai_protocol)) < 0) + continue; ++ ++ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); ++ if (ret == -1) ++ err(1, NULL); + #ifdef SO_REUSEPORT + ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); + if (ret == -1) --- netcat-openbsd-1.89.orig/debian/patches/gcc-warnings.patch +++ netcat-openbsd-1.89/debian/patches/gcc-warnings.patch @@ -0,0 +1,157 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 20:39:46.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 20:42:35.000000000 -0500 +@@ -127,7 +127,7 @@ + struct servent *sv; + socklen_t len; + struct sockaddr_storage cliaddr; +- char *proxy; ++ char *proxy = NULL; + const char *proxyhost = "", *proxyport = NULL; + struct addrinfo proxyhints; + +@@ -800,14 +800,12 @@ + obuf[1] = DONT; + if ((*p == DO) || (*p == DONT)) + obuf[1] = WONT; +- if (obuf) { +- p++; +- obuf[2] = *p; +- obuf[3] = '\0'; +- if (atomicio(vwrite, nfd, obuf, 3) != 3) +- warn("Write Error!"); +- obuf[0] = '\0'; +- } ++ p++; ++ obuf[2] = *p; ++ obuf[3] = '\0'; ++ if (atomicio(vwrite, nfd, obuf, 3) != 3) ++ warn("Write Error!"); ++ obuf[0] = '\0'; + } + } + +Index: netcat-openbsd-1.89/socks.c +=================================================================== +--- netcat-openbsd-1.89.orig/socks.c 2008-01-22 20:36:26.000000000 -0500 ++++ netcat-openbsd-1.89/socks.c 2008-01-22 20:39:46.000000000 -0500 +@@ -169,11 +169,11 @@ + buf[2] = SOCKS_NOAUTH; + cnt = atomicio(vwrite, proxyfd, buf, 3); + if (cnt != 3) +- err(1, "write failed (%d/3)", cnt); ++ err(1, "write failed (%d/3)", (int)cnt); + + cnt = atomicio(read, proxyfd, buf, 2); + if (cnt != 2) +- err(1, "read failed (%d/3)", cnt); ++ err(1, "read failed (%d/3)", (int)cnt); + + if (buf[1] == SOCKS_NOMETHOD) + errx(1, "authentication method negotiation failed"); +@@ -222,11 +222,11 @@ + + cnt = atomicio(vwrite, proxyfd, buf, wlen); + if (cnt != wlen) +- err(1, "write failed (%d/%d)", cnt, wlen); ++ err(1, "write failed (%d/%d)", (int)cnt, (int)wlen); + + cnt = atomicio(read, proxyfd, buf, 10); + if (cnt != 10) +- err(1, "read failed (%d/10)", cnt); ++ err(1, "read failed (%d/10)", (int)cnt); + if (buf[1] != 0) + errx(1, "connection failed, SOCKS error %d", buf[1]); + } else if (socksv == 4) { +@@ -244,11 +244,11 @@ + + cnt = atomicio(vwrite, proxyfd, buf, wlen); + if (cnt != wlen) +- err(1, "write failed (%d/%d)", cnt, wlen); ++ err(1, "write failed (%d/%d)", (int)cnt, (int)wlen); + + cnt = atomicio(read, proxyfd, buf, 8); + if (cnt != 8) +- err(1, "read failed (%d/8)", cnt); ++ err(1, "read failed (%d/8)", (int)cnt); + if (buf[1] != 90) + errx(1, "connection failed, SOCKS error %d", buf[1]); + } else if (socksv == -1) { +@@ -260,39 +260,39 @@ + + /* Try to be sane about numeric IPv6 addresses */ + if (strchr(host, ':') != NULL) { +- r = snprintf(buf, sizeof(buf), ++ r = snprintf((char*)buf, sizeof(buf), + "CONNECT [%s]:%d HTTP/1.0\r\n", + host, ntohs(serverport)); + } else { +- r = snprintf(buf, sizeof(buf), ++ r = snprintf((char*)buf, sizeof(buf), + "CONNECT %s:%d HTTP/1.0\r\n", + host, ntohs(serverport)); + } + if (r == -1 || (size_t)r >= sizeof(buf)) + errx(1, "hostname too long"); +- r = strlen(buf); ++ r = strlen((char*)buf); + + cnt = atomicio(vwrite, proxyfd, buf, r); + if (cnt != r) +- err(1, "write failed (%d/%d)", cnt, r); ++ err(1, "write failed (%d/%d)", (int)cnt, (int)r); + + if (authretry > 1) { + char resp[1024]; + + proxypass = getproxypass(proxyuser, proxyhost); +- r = snprintf(buf, sizeof(buf), "%s:%s", ++ r = snprintf((char*)buf, sizeof(buf), "%s:%s", + proxyuser, proxypass); + if (r == -1 || (size_t)r >= sizeof(buf) || +- b64_ntop(buf, strlen(buf), resp, ++ b64_ntop(buf, strlen((char*)buf), resp, + sizeof(resp)) == -1) + errx(1, "Proxy username/password too long"); +- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: " ++ r = snprintf((char*)buf, sizeof((char*)buf), "Proxy-Authorization: " + "Basic %s\r\n", resp); + if (r == -1 || (size_t)r >= sizeof(buf)) + errx(1, "Proxy auth response too long"); +- r = strlen(buf); ++ r = strlen((char*)buf); + if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) +- err(1, "write failed (%d/%d)", cnt, r); ++ err(1, "write failed (%d/%d)", (int)cnt, r); + } + + /* Terminate headers */ +@@ -300,22 +300,22 @@ + err(1, "write failed (2/%d)", r); + + /* Read status reply */ +- proxy_read_line(proxyfd, buf, sizeof(buf)); ++ proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); + if (proxyuser != NULL && +- strncmp(buf, "HTTP/1.0 407 ", 12) == 0) { ++ strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) { + if (authretry > 1) { + fprintf(stderr, "Proxy authentication " + "failed\n"); + } + close(proxyfd); + goto again; +- } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 && +- strncmp(buf, "HTTP/1.1 200 ", 12) != 0) ++ } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 && ++ strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0) + errx(1, "Proxy error: \"%s\"", buf); + + /* Headers continue until we hit an empty line */ + for (r = 0; r < HTTP_MAXHDRS; r++) { +- proxy_read_line(proxyfd, buf, sizeof(buf)); ++ proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); + if (*buf == '\0') + break; + } --- netcat-openbsd-1.89.orig/debian/patches/openbsd-compat.patch +++ netcat-openbsd-1.89/debian/patches/openbsd-compat.patch @@ -0,0 +1,54 @@ +Index: netcat-openbsd-1.89/openbsd-compat/readpassphrase.c +=================================================================== +--- netcat-openbsd-1.89.orig/openbsd-compat/readpassphrase.c 2008-01-22 18:21:56.000000000 -0500 ++++ netcat-openbsd-1.89/openbsd-compat/readpassphrase.c 2008-01-22 18:22:58.000000000 -0500 +@@ -31,6 +31,12 @@ + #include + #include + ++#ifdef TCSASOFT ++# define _T_FLUSH (TCSAFLUSH|TCSASOFT) ++#else ++# define _T_FLUSH (TCSAFLUSH) ++#endif ++ + static volatile sig_atomic_t signo; + + static void handler(int); +@@ -92,9 +98,11 @@ + memcpy(&term, &oterm, sizeof(term)); + if (!(flags & RPP_ECHO_ON)) + term.c_lflag &= ~(ECHO | ECHONL); ++#ifdef VSTATUS + if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) + term.c_cc[VSTATUS] = _POSIX_VDISABLE; +- (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); ++#endif ++ (void)tcsetattr(input, _T_FLUSH, &term); + } else { + memset(&term, 0, sizeof(term)); + term.c_lflag |= ECHO; +@@ -129,7 +137,7 @@ + + /* Restore old terminal settings and signals. */ + if (memcmp(&term, &oterm, sizeof(term)) != 0) { +- while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && ++ while (tcsetattr(input, _T_FLUSH, &oterm) == -1 && + errno == EINTR) + continue; + } +@@ -164,14 +172,6 @@ + return(nr == -1 ? NULL : buf); + } + +-char * +-getpass(const char *prompt) +-{ +- static char buf[_PASSWORD_LEN + 1]; +- +- return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF)); +-} +- + static void handler(int s) + { + --- netcat-openbsd-1.89.orig/debian/patches/socks-b64-prototype.patch +++ netcat-openbsd-1.89/debian/patches/socks-b64-prototype.patch @@ -0,0 +1,13 @@ +Index: netcat-openbsd-1.89/socks.c +=================================================================== +--- netcat-openbsd-1.89.orig/socks.c 2008-06-19 16:30:45.000000000 -0400 ++++ netcat-openbsd-1.89/socks.c 2008-06-19 16:30:36.000000000 -0400 +@@ -53,6 +53,8 @@ + #define SOCKS_DOMAIN 3 + #define SOCKS_IPV6 4 + ++extern int b64_ntop(unsigned char const *, size_t, char *, size_t); ++ + int remote_connect(const char *, const char *, struct addrinfo); + int socks_connect(const char *, const char *, struct addrinfo, + const char *, const char *, struct addrinfo, int, --- netcat-openbsd-1.89.orig/debian/patches/connect-timeout.patch +++ netcat-openbsd-1.89/debian/patches/connect-timeout.patch @@ -0,0 +1,120 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:27.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:30.000000000 -0500 +@@ -65,6 +65,10 @@ + #define PORT_MAX 65535 + #define PORT_MAX_LEN 6 + ++#define CONNECTION_SUCCESS 0 ++#define CONNECTION_FAILED 1 ++#define CONNECTION_TIMEOUT 2 ++ + /* Command Line Options */ + int dflag; /* detached, no stdin */ + int iflag; /* Interval Flag */ +@@ -104,6 +108,9 @@ + int parse_iptos(char *); + void usage(int); + ++static int connect_with_timeout(int fd, const struct sockaddr *sa, ++ socklen_t salen, int ctimeout); ++ + int + main(int argc, char *argv[]) + { +@@ -508,13 +515,15 @@ + } + + set_common_sockopts(s); +- +- if (connect(s, res0->ai_addr, res0->ai_addrlen) == 0) ++ if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout)) == CONNECTION_SUCCESS) + break; +- else if (vflag) ++ else if (vflag && error == CONNECTION_FAILED) + warn("connect to %s port %s (%s) failed", host, port, + uflag ? "udp" : "tcp"); +- ++ else if (vflag && error == CONNECTION_TIMEOUT) ++ warn("connect to %s port %s (%s) timed out", host, port, ++ uflag ? "udp" : "tcp"); ++ + close(s); + s = -1; + } while ((res0 = res0->ai_next) != NULL); +@@ -524,6 +533,74 @@ + return (s); + } + ++static int connect_with_timeout(int fd, const struct sockaddr *sa, ++ socklen_t salen, int ctimeout) ++{ ++ int err; ++ struct timeval tv, *tvp = NULL; ++ fd_set connect_fdset; ++ socklen_t len; ++ int orig_flags; ++ ++ orig_flags = fcntl(fd, F_GETFL, 0); ++ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) { ++ warn("can't set O_NONBLOCK - timeout not avaliable"); ++ if (connect(fd, sa, salen) == 0) ++ return CONNECTION_SUCCESS; ++ else ++ return CONNECTION_FAILED; ++ } ++ ++ /* set connect timeout */ ++ if (ctimeout > 0) { ++ tv.tv_sec = (time_t)ctimeout/1000; ++ tv.tv_usec = 0; ++ tvp = &tv; ++ } ++ ++ /* attempt the connection */ ++ err = connect(fd, sa, salen); ++ ++ if (err != 0 && errno == EINPROGRESS) { ++ /* connection is proceeding ++ * it is complete (or failed) when select returns */ ++ ++ /* initialize connect_fdset */ ++ FD_ZERO(&connect_fdset); ++ FD_SET(fd, &connect_fdset); ++ ++ /* call select */ ++ do { ++ err = select(fd + 1, NULL, &connect_fdset, ++ NULL, tvp); ++ } while (err < 0 && errno == EINTR); ++ ++ /* select error */ ++ if (err < 0) ++ errx(1,"select error: %s", strerror(errno)); ++ ++ /* we have reached a timeout */ ++ if (err == 0) ++ return CONNECTION_TIMEOUT; ++ ++ /* select returned successfully, but we must test socket ++ * error for result */ ++ len = sizeof(err); ++ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) ++ errx(1, "getsockopt error: %s", strerror(errno)); ++ ++ /* setup errno according to the result returned by ++ * getsockopt */ ++ if (err != 0) ++ errno = err; ++ } ++ ++ /* return aborted if an error occured, and valid otherwise */ ++ fcntl(fd, F_SETFL, orig_flags); ++ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS; ++} ++ ++ + /* + * local_listen() + * Returns a socket listening on a local port, binds to specified source --- netcat-openbsd-1.89.orig/debian/patches/quit-timer.patch +++ netcat-openbsd-1.89/debian/patches/quit-timer.patch @@ -0,0 +1,84 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2010-04-18 20:02:55.240980186 -0400 ++++ netcat-openbsd-1.89/netcat.c 2010-04-18 20:04:41.987984568 -0400 +@@ -47,6 +47,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,6 +83,7 @@ + int nflag; /* Don't do name look up */ + char *Pflag; /* Proxy username */ + char *pflag; /* Localport flag */ ++int qflag = -1; /* Quit after some secs */ + int rflag; /* Random ports flag */ + char *sflag; /* Source Address */ + int tflag; /* Telnet Emulation */ +@@ -114,6 +116,7 @@ + + static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout); ++static void quit(); + + int + main(int argc, char *argv[]) +@@ -137,7 +140,7 @@ + sv = NULL; + + while ((ch = getopt(argc, argv, +- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) { ++ "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x:zC")) != -1) { + switch (ch) { + case '4': + family = AF_INET; +@@ -187,6 +190,9 @@ + case 'p': + pflag = optarg; + break; ++ case 'q': ++ qflag = (int)strtoul(optarg, &endp, 10); ++ break; + case 'r': + rflag = 1; + break; +@@ -756,7 +762,13 @@ + } + else if (pfd[1].revents & POLLHUP) { + shutdown_wr: +- shutdown(nfd, SHUT_WR); ++ /* if user asked to die after a while, arrange for it */ ++ if (qflag > 0) { ++ signal(SIGALRM, quit); ++ alarm(qflag); ++ } else { ++ shutdown(nfd, SHUT_WR); ++ } + pfd[1].fd = -1; + pfd[1].events = 0; + } +@@ -951,6 +963,7 @@ + \t-n Suppress name/port resolutions\n\ + \t-P proxyuser\tUsername for proxy authentication\n\ + \t-p port\t Specify local port for remote connects\n\ ++ \t-q secs\t quit after EOF on stdin and delay of secs\n\ + \t-r Randomize remote ports\n " + #ifdef TCP_MD5SIG + " \t-S Enable the TCP MD5 signature option\n" +@@ -979,3 +992,13 @@ + if (ret) + exit(1); + } ++ ++/* ++ * quit() ++ * handler for a "-q" timeout (exit 0 instead of 1) ++ */ ++static void quit() ++{ ++ /* XXX: should explicitly close fds here */ ++ exit(0); ++} --- netcat-openbsd-1.89.orig/debian/patches/help-version-exit.patch +++ netcat-openbsd-1.89/debian/patches/help-version-exit.patch @@ -0,0 +1,21 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-25 13:14:34.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-25 13:15:49.000000000 -0500 +@@ -937,6 +937,7 @@ + void + help(void) + { ++ fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n"); + usage(0); + fprintf(stderr, "\tCommand Summary:\n\ + \t-4 Use IPv4\n\ +@@ -966,7 +967,7 @@ + \t-x addr[:port]\tSpecify proxy address and port\n\ + \t-z Zero-I/O mode [used for scanning]\n\ + Port numbers can be individual or ranges: lo-hi [inclusive]\n"); +- exit(1); ++ exit(0); + } + + void --- netcat-openbsd-1.89.orig/debian/patches/pollhup.patch +++ netcat-openbsd-1.89/debian/patches/pollhup.patch @@ -0,0 +1,50 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:18.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:25.000000000 -0500 +@@ -618,9 +618,7 @@ + if ((n = read(nfd, buf, plen)) < 0) + return; + else if (n == 0) { +- shutdown(nfd, SHUT_RD); +- pfd[0].fd = -1; +- pfd[0].events = 0; ++ goto shutdown_rd; + } else { + if (tflag) + atelnet(nfd, buf, n); +@@ -628,18 +626,30 @@ + return; + } + } ++ else if (pfd[0].revents & POLLHUP) { ++ shutdown_rd: ++ shutdown(nfd, SHUT_RD); ++ pfd[0].fd = -1; ++ pfd[0].events = 0; ++ } + +- if (!dflag && pfd[1].revents & POLLIN) { ++ if (!dflag) { ++ if(pfd[1].revents & POLLIN) { + if ((n = read(wfd, buf, plen)) < 0) + return; + else if (n == 0) { +- shutdown(nfd, SHUT_WR); +- pfd[1].fd = -1; +- pfd[1].events = 0; ++ goto shutdown_wr; + } else { + if (atomicio(vwrite, nfd, buf, n) != n) + return; + } ++ } ++ else if (pfd[1].revents & POLLHUP) { ++ shutdown_wr: ++ shutdown(nfd, SHUT_WR); ++ pfd[1].fd = -1; ++ pfd[1].events = 0; ++ } + } + } + } --- netcat-openbsd-1.89.orig/debian/patches/no-strtonum.patch +++ netcat-openbsd-1.89/debian/patches/no-strtonum.patch @@ -0,0 +1,107 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:17.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:18.000000000 -0500 +@@ -67,7 +67,7 @@ + + /* Command Line Options */ + int dflag; /* detached, no stdin */ +-unsigned int iflag; /* Interval Flag */ ++int iflag; /* Interval Flag */ + int jflag; /* use jumbo frames if we can */ + int kflag; /* More than one connect */ + int lflag; /* Bind to local port */ +@@ -108,13 +108,13 @@ + main(int argc, char *argv[]) + { + int ch, s, ret, socksv; +- char *host, *uport; ++ char *host, *uport, *endp; + struct addrinfo hints; + struct servent *sv; + socklen_t len; + struct sockaddr_storage cliaddr; + char *proxy; +- const char *errstr, *proxyhost = "", *proxyport = NULL; ++ const char *proxyhost = "", *proxyport = NULL; + struct addrinfo proxyhints; + + ret = 1; +@@ -122,6 +122,7 @@ + socksv = 5; + host = NULL; + uport = NULL; ++ endp = NULL; + sv = NULL; + + while ((ch = getopt(argc, argv, +@@ -153,9 +154,9 @@ + help(); + break; + case 'i': +- iflag = strtonum(optarg, 0, UINT_MAX, &errstr); +- if (errstr) +- errx(1, "interval %s: %s", errstr, optarg); ++ iflag = (int)strtoul(optarg, &endp, 10); ++ if (iflag < 0 || *endp != '\0') ++ errx(1, "interval cannot be negative"); + break; + case 'j': + jflag = 1; +@@ -191,9 +192,11 @@ + vflag = 1; + break; + case 'w': +- timeout = strtonum(optarg, 0, INT_MAX / 1000, &errstr); +- if (errstr) +- errx(1, "timeout %s: %s", errstr, optarg); ++ timeout = (int)strtoul(optarg, &endp, 10); ++ if (timeout < 0 || *endp != '\0') ++ errx(1, "timeout cannot be negative"); ++ if (timeout >= (INT_MAX / 1000)) ++ errx(1, "timeout too large"); + timeout *= 1000; + break; + case 'x': +@@ -680,8 +683,7 @@ + void + build_ports(char *p) + { +- const char *errstr; +- char *n; ++ char *n, *endp; + int hi, lo, cp; + int x = 0; + +@@ -693,12 +695,12 @@ + n++; + + /* Make sure the ports are in order: lowest->highest. */ +- hi = strtonum(n, 1, PORT_MAX, &errstr); +- if (errstr) +- errx(1, "port number %s: %s", errstr, n); +- lo = strtonum(p, 1, PORT_MAX, &errstr); +- if (errstr) +- errx(1, "port number %s: %s", errstr, p); ++ hi = (int)strtoul(n, &endp, 10); ++ if (hi <= 0 || hi > PORT_MAX || *endp != '\0') ++ errx(1, "port range not valid"); ++ lo = (int)strtoul(p, &endp, 10); ++ if (lo <= 0 || lo > PORT_MAX || *endp != '\0') ++ errx(1, "port range not valid"); + + if (lo > hi) { + cp = hi; +@@ -729,9 +731,9 @@ + } + } + } else { +- hi = strtonum(p, 1, PORT_MAX, &errstr); +- if (errstr) +- errx(1, "port number %s: %s", errstr, p); ++ hi = (int)strtoul(p, &endp, 10); ++ if (hi <= 0 || hi > PORT_MAX || *endp != '\0') ++ errx(1, "port range not valid"); + portlist[0] = calloc(1, PORT_MAX_LEN); + if (portlist[0] == NULL) + err(1, NULL); --- netcat-openbsd-1.89.orig/debian/patches/nc-1.84-udp_stop.patch +++ netcat-openbsd-1.89/debian/patches/nc-1.84-udp_stop.patch @@ -0,0 +1,14 @@ +Index: netcat-1.84/netcat.c +=================================================================== +--- netcat-1.84.orig/netcat.c 2008-01-15 10:10:22.373351813 +0100 ++++ netcat-1.84/netcat.c 2008-01-15 10:10:24.840730278 +0100 +@@ -799,6 +799,9 @@ + hi = lo; + lo = cp; + } ++ else if (pfd[0].revents & POLLERR) ++ if (write(nfd, "", 1) == -1) ++ warn("Write error"); + + /* Load ports sequentially. */ + for (cp = lo; cp <= hi; cp++) { --- netcat-openbsd-1.89.orig/debian/patches/glib-strlcpy.patch +++ netcat-openbsd-1.89/debian/patches/glib-strlcpy.patch @@ -0,0 +1,96 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2007-02-20 09:11:17.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-21 18:48:23.000000000 -0500 +@@ -55,6 +55,8 @@ + #include + #include "atomicio.h" + ++#include ++ + #ifndef SUN_LEN + #define SUN_LEN(su) \ + (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) +@@ -414,7 +416,7 @@ + memset(&sun, 0, sizeof(struct sockaddr_un)); + sun.sun_family = AF_UNIX; + +- if (strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= ++ if (g_strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= + sizeof(sun.sun_path)) { + close(s); + errno = ENAMETOOLONG; +@@ -445,7 +447,7 @@ + memset(&sun, 0, sizeof(struct sockaddr_un)); + sun.sun_family = AF_UNIX; + +- if (strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= ++ if (g_strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= + sizeof(sun.sun_path)) { + close(s); + errno = ENAMETOOLONG; +@@ -549,11 +551,11 @@ + if ((s = socket(res0->ai_family, res0->ai_socktype, + res0->ai_protocol)) < 0) + continue; +- ++ #ifdef SO_REUSEPORT + ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); + if (ret == -1) + err(1, NULL); +- ++ #endif + set_common_sockopts(s); + + if (bind(s, (struct sockaddr *)res0->ai_addr, +@@ -719,7 +721,8 @@ + char *c; + + for (x = 0; x <= (hi - lo); x++) { +- y = (arc4random() & 0xFFFF) % (hi - lo); ++ /* use random instead of arc4random */ ++ y = (random() & 0xFFFF) % (hi - lo); + c = portlist[x]; + portlist[x] = portlist[y]; + portlist[y] = c; +@@ -761,21 +764,25 @@ + { + int x = 1; + ++#ifdef TCP_MD5SIG + if (Sflag) { + if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, + &x, sizeof(x)) == -1) + err(1, NULL); + } ++#endif + if (Dflag) { + if (setsockopt(s, SOL_SOCKET, SO_DEBUG, + &x, sizeof(x)) == -1) + err(1, NULL); + } ++#ifdef SO_JUMBO + if (jflag) { + if (setsockopt(s, SOL_SOCKET, SO_JUMBO, + &x, sizeof(x)) == -1) + err(1, NULL); + } ++#endif + if (Tflag != -1) { + if (setsockopt(s, IPPROTO_IP, IP_TOS, + &Tflag, sizeof(Tflag)) == -1) +@@ -816,9 +823,11 @@ + \t-n Suppress name/port resolutions\n\ + \t-P proxyuser\tUsername for proxy authentication\n\ + \t-p port\t Specify local port for remote connects\n\ +- \t-r Randomize remote ports\n\ +- \t-S Enable the TCP MD5 signature option\n\ +- \t-s addr\t Local source address\n\ ++ \t-r Randomize remote ports\n " ++#ifdef TCP_MD5SIG ++" \t-S Enable the TCP MD5 signature option\n" ++#endif ++" \t-s addr\t Local source address\n\ + \t-T ToS\t Set IP Type of Service\n\ + \t-t Answer TELNET negotiation\n\ + \t-U Use UNIX domain socket\n\ --- netcat-openbsd-1.89.orig/debian/patches/verbose-numeric-port.patch +++ netcat-openbsd-1.89/debian/patches/verbose-numeric-port.patch @@ -0,0 +1,54 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:34.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:44.000000000 -0500 +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -317,16 +318,15 @@ + if (uflag) { + int rv, plen; + char buf[8192]; +- struct sockaddr_storage z; + +- len = sizeof(z); ++ len = sizeof(cliaddr); + plen = jflag ? 8192 : 1024; + rv = recvfrom(s, buf, plen, MSG_PEEK, +- (struct sockaddr *)&z, &len); ++ (struct sockaddr *)&cliaddr, &len); + if (rv < 0) + err(1, "recvfrom"); + +- rv = connect(s, (struct sockaddr *)&z, len); ++ rv = connect(s, (struct sockaddr *)&cliaddr, len); + if (rv < 0) + err(1, "connect"); + +@@ -337,6 +337,21 @@ + &len); + } + ++ if(vflag) { ++ /* Don't look up port if -n. */ ++ if (nflag) ++ sv = NULL; ++ else ++ sv = getservbyport(ntohs(atoi(uport)), ++ uflag ? "udp" : "tcp"); ++ ++ fprintf(stderr, "Connection from %s port %s [%s/%s] accepted\n", ++ inet_ntoa(((struct sockaddr_in *)(&cliaddr))->sin_addr), ++ uport, ++ uflag ? "udp" : "tcp", ++ sv ? sv->s_name : "*"); ++ } ++ + readwrite(connfd); + close(connfd); + if (family != AF_UNIX) --- netcat-openbsd-1.89.orig/debian/patches/series +++ netcat-openbsd-1.89/debian/patches/series @@ -0,0 +1,15 @@ +openbsd-compat.patch +socks-b64-prototype.patch +silence-z.patch +glib-strlcpy.patch +no-strtonum.patch +pollhup.patch +reuseaddr.patch +connect-timeout.patch +udp-scan-timeout.patch +verbose-numeric-port.patch +send-crlf.patch +help-version-exit.patch +quit-timer.patch +getservbyname.patch +gcc-warnings.patch --- netcat-openbsd-1.89.orig/debian/patches/getservbyname.patch +++ netcat-openbsd-1.89/debian/patches/getservbyname.patch @@ -0,0 +1,24 @@ +Index: netcat-openbsd-1.89/netcat.c +=================================================================== +--- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 20:39:46.000000000 -0500 ++++ netcat-openbsd-1.89/netcat.c 2008-01-22 20:43:36.000000000 -0500 +@@ -819,11 +819,18 @@ + void + build_ports(char *p) + { ++ struct servent *sv; + char *n, *endp; + int hi, lo, cp; + int x = 0; + +- if ((n = strchr(p, '-')) != NULL) { ++ sv = getservbyname(p, uflag ? "udp" : "tcp"); ++ if (sv) { ++ portlist[0] = calloc(1, PORT_MAX_LEN); ++ if (portlist[0] == NULL) ++ err(1, NULL); ++ snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port)); ++ } else if ((n = strchr(p, '-')) != NULL) { + if (lflag) + errx(1, "Cannot use -l with multiple ports!"); + --- netcat-openbsd-1.89.orig/openbsd-compat/readpassphrase.h +++ netcat-openbsd-1.89/openbsd-compat/readpassphrase.h @@ -0,0 +1,40 @@ +/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ + +/* + * Copyright (c) 2000, 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#ifndef _READPASSPHRASE_H_ +#define _READPASSPHRASE_H_ + +#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ +#define RPP_ECHO_ON 0x01 /* Leave echo on. */ +#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ +#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ +#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ +#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ +#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ + +#include + +__BEGIN_DECLS +char * readpassphrase(const char *, char *, size_t, int); +__END_DECLS + +#endif /* !_READPASSPHRASE_H_ */ --- netcat-openbsd-1.89.orig/openbsd-compat/base64.c +++ netcat-openbsd-1.89/openbsd-compat/base64.c @@ -0,0 +1,308 @@ +/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */ + +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +b64_ntop(src, srclength, target, targsize) + u_char const *src; + size_t srclength; + char *target; + size_t targsize; +{ + size_t datalength = 0; + u_char input[3]; + u_char output[4]; + int i; + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) + target[datalength++] = Pad64; + else + target[datalength++] = Base64[output[2]]; + target[datalength++] = Pad64; + } + if (datalength >= targsize) + return (-1); + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (datalength); +} + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +b64_pton(src, target, targsize) + char const *src; + u_char *target; + size_t targsize; +{ + int tarindex, state, ch; + char *pos; + + state = 0; + tarindex = 0; + + while ((ch = *src++) != '\0') { + if (isspace(ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} --- netcat-openbsd-1.89.orig/openbsd-compat/readpassphrase.c +++ netcat-openbsd-1.89/openbsd-compat/readpassphrase.c @@ -0,0 +1,179 @@ +/* $OpenBSD: readpassphrase.c,v 1.21 2008/01/17 16:27:07 millert Exp $ */ + +/* + * Copyright (c) 2000-2002, 2007 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static volatile sig_atomic_t signo; + +static void handler(int); + +char * +readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) +{ + ssize_t nr; + int input, output, save_errno; + char ch, *p, *end; + struct termios term, oterm; + struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; + struct sigaction savetstp, savettin, savettou, savepipe; + + /* I suppose we could alloc on demand in this case (XXX). */ + if (bufsiz == 0) { + errno = EINVAL; + return(NULL); + } + +restart: + signo = 0; + nr = -1; + save_errno = 0; + /* + * Read and write to /dev/tty if available. If not, read from + * stdin and write to stderr unless a tty is required. + */ + if ((flags & RPP_STDIN) || + (input = output = open(_PATH_TTY, O_RDWR)) == -1) { + if (flags & RPP_REQUIRE_TTY) { + errno = ENOTTY; + return(NULL); + } + input = STDIN_FILENO; + output = STDERR_FILENO; + } + + /* + * Catch signals that would otherwise cause the user to end + * up with echo turned off in the shell. Don't worry about + * things like SIGXCPU and SIGVTALRM for now. + */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; /* don't restart system calls */ + sa.sa_handler = handler; + (void)sigaction(SIGALRM, &sa, &savealrm); + (void)sigaction(SIGHUP, &sa, &savehup); + (void)sigaction(SIGINT, &sa, &saveint); + (void)sigaction(SIGPIPE, &sa, &savepipe); + (void)sigaction(SIGQUIT, &sa, &savequit); + (void)sigaction(SIGTERM, &sa, &saveterm); + (void)sigaction(SIGTSTP, &sa, &savetstp); + (void)sigaction(SIGTTIN, &sa, &savettin); + (void)sigaction(SIGTTOU, &sa, &savettou); + + /* Turn off echo if possible. */ + if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { + memcpy(&term, &oterm, sizeof(term)); + if (!(flags & RPP_ECHO_ON)) + term.c_lflag &= ~(ECHO | ECHONL); + if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) + term.c_cc[VSTATUS] = _POSIX_VDISABLE; + (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); + } else { + memset(&term, 0, sizeof(term)); + term.c_lflag |= ECHO; + memset(&oterm, 0, sizeof(oterm)); + oterm.c_lflag |= ECHO; + } + + /* No I/O if we are already backgrounded. */ + if (signo != SIGTTOU && signo != SIGTTIN) { + if (!(flags & RPP_STDIN)) + (void)write(output, prompt, strlen(prompt)); + end = buf + bufsiz - 1; + p = buf; + while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { + if (p < end) { + if ((flags & RPP_SEVENBIT)) + ch &= 0x7f; + if (isalpha(ch)) { + if ((flags & RPP_FORCELOWER)) + ch = (char)tolower(ch); + if ((flags & RPP_FORCEUPPER)) + ch = (char)toupper(ch); + } + *p++ = ch; + } + } + *p = '\0'; + save_errno = errno; + if (!(term.c_lflag & ECHO)) + (void)write(output, "\n", 1); + } + + /* Restore old terminal settings and signals. */ + if (memcmp(&term, &oterm, sizeof(term)) != 0) { + while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && + errno == EINTR) + continue; + } + (void)sigaction(SIGALRM, &savealrm, NULL); + (void)sigaction(SIGHUP, &savehup, NULL); + (void)sigaction(SIGINT, &saveint, NULL); + (void)sigaction(SIGQUIT, &savequit, NULL); + (void)sigaction(SIGPIPE, &savepipe, NULL); + (void)sigaction(SIGTERM, &saveterm, NULL); + (void)sigaction(SIGTSTP, &savetstp, NULL); + (void)sigaction(SIGTTIN, &savettin, NULL); + (void)sigaction(SIGTTOU, &savettou, NULL); + if (input != STDIN_FILENO) + (void)close(input); + + /* + * If we were interrupted by a signal, resend it to ourselves + * now that we have restored the signal handlers. + */ + if (signo) { + kill(getpid(), signo); + switch (signo) { + case SIGTSTP: + case SIGTTIN: + case SIGTTOU: + goto restart; + } + } + + if (save_errno) + errno = save_errno; + return(nr == -1 ? NULL : buf); +} + +char * +getpass(const char *prompt) +{ + static char buf[_PASSWORD_LEN + 1]; + + return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF)); +} + +static void handler(int s) +{ + + signo = s; +}