pwncat icon indicating copy to clipboard operation
pwncat copied to clipboard

Published 20 hours ago verified publisher icon cytopia

IPv6 link-local address causes "Invalid argument" / "Bind Error"

Open oza6ut0ne opened this issue 4 years ago • 3 comments

ISSUE TYPE

  • Bug Report

OS / ENVIRONMENT

  1. [x] Operating system: Ubuntu 20.04
  2. [x] Python version: 3.8.2
  3. [x] Command with highest logging output level is attached.

Here is the terminal output (address is masked for privacy).

$ pwncat -V
pwncat: Version 0.1.0 (https://github.com/cytopia/pwncat) by cytopia

$ pwncat -vvvv fe80::xxxx:xxxx:xxxx:xxxx%eth0 7777
2020-08-16 13:52:30,945 DEBUG [MainThread] 3391:__init__(): STDOUT isatty: True
2020-08-16 13:52:30,945 DEBUG [MainThread] 3392:__init__(): STDIN  isatty: True
2020-08-16 13:52:30,945 DEBUG [MainThread] 3393:__init__(): STDIN  posix:  False (posix)
2020-08-16 13:52:30,945 DEBUG [MainThread] 1465:create_socket(): Creating (family 10/IPv6, TCP) socket
2020-08-16 13:52:30,945 DEBUG [MainThread] 1485:create_socket(): Disabling IPv4 support on IPv6 socket
2020-08-16 13:52:30,945 DEBUG [MainThread] 1465:create_socket(): Creating (family 2/IPv4, TCP) socket
2020-08-16 13:52:30,946 DEBUG [MainThread] 1429:gethostbyname(): Resolved IPv6 host: fe80::xxxx:xxxx:xxxx:xxxx
2020-08-16 13:52:30,946 DEBUG [MainThread] 1435:gethostbyname(): Resolving IPv4 host: fe80::xxxx:xxxx:xxxx:xxxx%eth0 failed: [Errno -9] Address family for hostname not supported
2020-08-16 13:52:30,946 DEBUG [MainThread] 1641:connect(): Connecting to fe80::xxxx:xxxx:xxxx:xxxx:7777 (family 10/IPv6, TCP)
2020-08-16 13:52:30,946 ERROR [MainThread] 2122:run_client(): Connecting to fe80::xxxx:xxxx:xxxx:xxxx:7777 (family 10/IPv6, TCP) failed: [Errno 22] Invalid argument
2020-08-16 13:52:30,946 INFO [MainThread] 2976:__client_reconnect_to_server(): Reconnect count is used up. Shutting down.

$ pwncat -vvvv -l fe80::xxxx:xxxx:xxxx:xxxx%eth0 7777
2020-08-16 13:52:35,838 DEBUG [MainThread] 3391:__init__(): STDOUT isatty: True
2020-08-16 13:52:35,838 DEBUG [MainThread] 3392:__init__(): STDIN  isatty: True
2020-08-16 13:52:35,838 DEBUG [MainThread] 3393:__init__(): STDIN  posix:  False (posix)
2020-08-16 13:52:35,838 DEBUG [MainThread] 1465:create_socket(): Creating (family 10/IPv6, TCP) socket
2020-08-16 13:52:35,838 DEBUG [MainThread] 1485:create_socket(): Disabling IPv4 support on IPv6 socket
2020-08-16 13:52:35,838 DEBUG [MainThread] 1465:create_socket(): Creating (family 2/IPv4, TCP) socket
2020-08-16 13:52:35,839 DEBUG [MainThread] 1429:gethostbyname(): Resolved IPv6 host: fe80::xxxx:xxxx:xxxx:xxxx
2020-08-16 13:52:35,839 DEBUG [MainThread] 1435:gethostbyname(): Resolving IPv4 host: fe80::xxxx:xxxx:xxxx:xxxx%eth0 failed: [Errno -9] Address family for hostname not supported
2020-08-16 13:52:35,839 DEBUG [MainThread] 2187:run_server(): Removing (family 2/IPv4) due to: Resolving IPv4 host: fe80::xxxx:xxxx:xxxx:xxxx%eth0 failed: [Errno -9] Address family for hostname not supported
2020-08-16 13:52:35,839 DEBUG [MainThread] 1517:bind(): Binding (family 10/IPv6, TCP) socket to fe80::xxxx:xxxx:xxxx:xxxx:7777
2020-08-16 13:52:35,839 DEBUG [MainThread] 2207:run_server(): Removing (family 10/IPv6) due to: Binding (family 10/IPv6, TCP) socket to fe80::xxxx:xxxx:xxxx:xxxx:7777 failed: [Errno 22] Invalid argument
2020-08-16 13:52:35,839 ERROR [MainThread] 2216:run_server(): Bind Error: Could not bind any socket
2020-08-16 13:52:35,839 INFO [MainThread] 3034:__server_rebind(): Rebind count is used up. Shutting down.

STEPS TO REPRODUCE

Same as above log.

EXPECTED BEHAVIOUR

Works same as IPv6 global unicast address.

ACTUAL BEHAVIOUR

Invalid argument / Bind Error

oza6ut0ne avatar Aug 16 '20 05:08 oza6ut0ne

This may not be a very important feature, but netcat can do it. I found scope id is dropped here. This may be the main cause of these errors.

For reference:

  • https://docs.python.org/3/library/socket.html#socket.getaddrinfo
  • https://stackoverflow.com/questions/4030269/why-doesnt-a-en0-suffix-work-to-connect-a-link-local-ipv6-tcp-socket-in-python

oza6ut0ne avatar Aug 16 '20 05:08 oza6ut0ne

Thanks @oza6ut0ne for the provided links :+1: . Will be looking into this.

cytopia avatar Aug 17 '20 11:08 cytopia

I found scope id is dropped here. This may be the main cause of these errors.

At least for the server part, it doesn't seem to be it, as the function already terminates here:

        # [2/4] Already an IP address
        if family == int(socket.AF_INET6):
            if Sock.is_ipv6_address(host):
                self.__log.debug("Resolving IPv6 name not required, already an IP: %s", host)
                return host

and it never gets to this part:

        # [4/4] Resolve
        try:
            infos = socket.getaddrinfo(host, port, family, socktype, proto, flags)
            addr = str(infos[0][4][0])
            self.__log.debug("Resolved %s host: %s", self.get_family_name(family), addr)
            return addr

What is failing is this one:

        try:
            sock.bind((addr, port))
        except (OverflowError, OSError, socket.gaierror, socket.error) as error:
            msg = "Binding (family {}/{}, {}) socket to {}:{} failed: {}".format(
                sock.family, sock_family_name, sock_type_name, addr, port, error
            )
            raise socket.error(msg)

This is how I started it.

$ ./pwncat -l -vvvvvvvvvvvvv fe80::93e4:8997:60c4:f3f5 7777
2020-08-22 10:31:53,037 DEBUG [MainThread] 3392:__init__(): STDOUT isatty: True
2020-08-22 10:31:53,037 DEBUG [MainThread] 3393:__init__(): STDIN  isatty: True
2020-08-22 10:31:53,037 DEBUG [MainThread] 3394:__init__(): STDIN  posix:  False (posix)
2020-08-22 10:31:53,037 DEBUG [MainThread] 1467:create_socket(): Creating (family 10/IPv6, TCP) socket
2020-08-22 10:31:53,037 DEBUG [MainThread] 1487:create_socket(): Disabling IPv4 support on IPv6 socket
2020-08-22 10:31:53,038 DEBUG [MainThread] 1467:create_socket(): Creating (family 2/IPv4, TCP) socket
2020-08-22 10:31:53,038 DEBUG [MainThread] 1430:gethostbyname(): Resolved IPv6 host: fe80::93e4:8997:60c4:f3f5
2020-08-22 10:31:53,038 DEBUG [MainThread] 1436:gethostbyname(): Resolving IPv4 host: fe80::93e4:8997:60c4:f3f5 failed: [Errno -9] Address family for hostname not supported
2020-08-22 10:31:53,038 DEBUG [MainThread] 2192:run_server(): Removing (family 2/IPv4) due to: Resolving IPv4 host: fe80::93e4:8997:60c4:f3f5 failed: [Errno -9] Address family for hostname not supported
2020-08-22 10:31:53,038 DEBUG [MainThread] 1524:bind(): Binding (family 10/IPv6, TCP) socket to fe80::93e4:8997:60c4:f3f5:7777
2020-08-22 10:31:53,038 DEBUG [MainThread] 2212:run_server(): Removing (family 10/IPv6) due to: Binding (family 10/IPv6, TCP) socket to fe80::93e4:8997:60c4:f3f5:7777 failed: [Errno 22] Invalid argument
2020-08-22 10:31:53,038 ERROR [MainThread] 2217:run_server(): Bind Error: Could not bind any socket
2020-08-22 10:31:53,038 INFO [MainThread] 3035:__server_rebind(): Rebind count is used up. Shutting down.

cytopia avatar Aug 22 '20 08:08 cytopia