Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#747646: netcat-openbsd: UDP connections start with "XXXXX" junk
120 views
Skip to first unread message
Chris Davies
May 10, 2014, 2:00:02 PM5/10/14
to
Package: netcat-openbsd
Version: 1.105-7
Severity: normal
Hi,
Trying to diagnose an OpenVPN issue I started throwing UDP packets around
between to distinct hosts. I have discovered that the UDP traffic provided by
netcat-openbsd is mauled by the insertion of (at least) "X" characters at the
beginning of the "connection" before any other data is passed.
Here is the example scenario:
1. Host "client". Two terminals, each running one command:
tshark -i eth0 -nlp port 50493
nc -vvv -u server 50493
2. Host "server". Two terminals, each running one command:
tshark -i eth0 -nlp port 50493
nc -vvv -ul 50493
Nothing is typed in to the nc running either on "client" or "server". Data is
seen on the wire: 5 packets sent; 5 packets received. Retrying with the tshark
-V flag shows that all packets are (apparently) normal UDP packets each
containing a single one-byte character "X" (0x58).
The net result, however, is that the data stream output by the listening nc on
host "server" starts with "XXXXX", which corrupts the expected message.
To illustrate further, if you run this on host "client":
echo "hello" | nc -vvv -u server 50493
This is the received (but not expected) output:
XXXXXhello
The unexpected behaviour does not happen with netcat-traditional.
-- System Information:
Debian Release: 7.4
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'stable-
updates'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages netcat-openbsd depends on:
ii libbsd0 0.4.2-1
ii libc6 2.18-4
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 1.105-7
Severity: normal
Hi,
Trying to diagnose an OpenVPN issue I started throwing UDP packets around
between to distinct hosts. I have discovered that the UDP traffic provided by
netcat-openbsd is mauled by the insertion of (at least) "X" characters at the
beginning of the "connection" before any other data is passed.
Here is the example scenario:
1. Host "client". Two terminals, each running one command:
tshark -i eth0 -nlp port 50493
nc -vvv -u server 50493
2. Host "server". Two terminals, each running one command:
tshark -i eth0 -nlp port 50493
nc -vvv -ul 50493
Nothing is typed in to the nc running either on "client" or "server". Data is
seen on the wire: 5 packets sent; 5 packets received. Retrying with the tshark
-V flag shows that all packets are (apparently) normal UDP packets each
containing a single one-byte character "X" (0x58).
The net result, however, is that the data stream output by the listening nc on
host "server" starts with "XXXXX", which corrupts the expected message.
To illustrate further, if you run this on host "client":
echo "hello" | nc -vvv -u server 50493
This is the received (but not expected) output:
XXXXXhello
The unexpected behaviour does not happen with netcat-traditional.
-- System Information:
Debian Release: 7.4
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'stable-
updates'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages netcat-openbsd depends on:
ii libbsd0 0.4.2-1
ii libc6 2.18-4
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Moshe Piekarski
Nov 9, 2018, 1:30:03 PM11/9/18
to
Package: netcat-openbsd
Version: 1.195-1
Followup-For: Bug #747646
Performing this test with blank packets still works without the server seeing anything.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
LSM: AppArmor: enabled
Versions of packages netcat-openbsd depends on:
ii libbsd0 0.9.1-1
ii libc6 2.27-8
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
-- no debconf information
Version: 1.195-1
Followup-For: Bug #747646
Performing this test with blank packets still works without the server seeing anything.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Foreign Architectures: i386
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages netcat-openbsd depends on:
ii libc6 2.27-8
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
Guilhem Moulin
Nov 9, 2018, 2:50:02 PM11/9/18
to
On Fri, 09 Nov 2018 at 13:17:11 -0500, Moshe Piekarski wrote:
> Performing this test with blank packets still works without the server seeing anything.
> […]
> Performing this test with blank packets still works without the server seeing anything.
> - if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
> + if ((write(s, "", 1) != 1) && (errno == ECONNREFUSED))
That makes the server see a bunch of ‘\0’s instead of ‘X’s; I'd argue
that writing control characters is more confusing than writing something
visible.
OTOH, ‘write(fd, buf, 0)’ has an undefined behavior; in practice an
empty message is sent (as for ‘send(s, NULL, 0, 0)’), but receiving an
empty buffer is what terminates the poll loop, so if the listening side
is `nc -u -l` (without ‘-k’), it closes the socket and exit() before the
client has a chance to perform further write()s.
--
Guilhem.
Thorsten Glaser
Jun 21, 2022, 3:00:03 AM6/21/22
to
Package: netcat-openbsd
Version: 1.217-3
Followup-For: Bug #747646
X-Debbugs-Cc: t...@mirbsd.de
Control: severity -1 important
This makes nc totally unusable for UDP.
-- System Information:
Debian Release: 11.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages netcat-openbsd depends on:
ii libbsd0 0.11.3-1
ii libc6 2.31-13+deb11u3
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
-- no debconf information
Version: 1.217-3
Followup-For: Bug #747646
X-Debbugs-Cc: t...@mirbsd.de
Control: severity -1 important
This makes nc totally unusable for UDP.
-- System Information:
Debian Release: 11.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Foreign Architectures: i386
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages netcat-openbsd depends on:
ii libc6 2.31-13+deb11u3
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
0 new messages