committed.. Thanks Anthony!
On Sat, May 28, 2016 at 09:58:55PM +0200, Theo Buehler wrote: > On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote: > > Nice catch, and the right analysis.. Thanks Anthony. I think that can > > be committed > > > > ok tb@ > > > I don't think we will get away from a bit of a maze there without > > deprecating nc options, so > > IMO this is fine. > > > > > > On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter > > <[email protected]> wrote: > > > When nc(1) tries to connect through an HTTP proxy that requires > > > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > > > fixes this problem, but you'll notice that the diff has a lot of nasty > > > branches. My failure to check Pflag when connecting over unix sockets > > > is not an oversight; nc does not support that configuration. > > > > > > To reproduce the failure without setting up a real HTTP proxy, open > > > two terminals and run nc as a coprocess in the first. The following > > > session causes a core dump: > > > (tty1)$ nc -lk 8080 |& > > > (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 > > > (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" > > > (tty2) Abort trap (core dumped) > > > > > > > > > Index: netcat.c > > > =================================================================== > > > RCS file: /cvs/src/usr.bin/nc/netcat.c,v > > > retrieving revision 1.150 > > > diff -u -p -r1.150 netcat.c > > > --- netcat.c 4 Jan 2016 02:18:31 -0000 1.150 > > > +++ netcat.c 28 May 2016 18:33:30 -0000 > > > @@ -323,7 +323,13 @@ main(int argc, char *argv[]) > > > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) > > > == -1) > > > err(1, "pledge"); > > > } else if (Fflag) { > > > - if (pledge("stdio inet dns sendfd", NULL) == -1) > > > + if (Pflag) { > > > + if (pledge("stdio inet dns sendfd tty", NULL) == > > > -1) > > > + err(1, "pledge"); > > > + } else if (pledge("stdio inet dns sendfd", NULL) == -1) > > > + err(1, "pledge"); > > > + } else if (Pflag) { > > > + if (pledge("stdio inet dns tty", NULL) == -1) > > > err(1, "pledge"); > > > } else if (usetls) { > > > if (pledge("stdio rpath inet dns", NULL) == -1) > > > @@ -434,7 +440,10 @@ main(int argc, char *argv[]) > > > if (Kflag && (privkey = tls_load_file(Kflag, &privkeylen, > > > NULL)) == NULL) > > > errx(1, "unable to load TLS key file %s", Kflag); > > > > > > - if (pledge("stdio inet dns", NULL) == -1) > > > + if (Pflag) { > > > + if (pledge("stdio inet dns tty", NULL) == -1) > > > + err(1, "pledge"); > > > + } else if (pledge("stdio inet dns", NULL) == -1) > > > err(1, "pledge"); > > > > > > if (tls_init() == -1) > > > > >
