Mandatory use of square-bracket notation for literal IPv6 proxy address

Closes #1441
2026-05-13 08:46:45 +00:00 · 2019-02-23 23:23:47 +00:00 · 2019-02-23 23:23:47 +00:00 · 504e9d767e
commit 504e9d767e
parent dbed133fc5
3 changed files with 19 additions and 4 deletions
--- a/4
+++ b/4
@ -1,5 +1,9 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [ncat][GH#1441] To avoid confusion and to support default proxy ports,
+  option --proxy now requires a literal IPv6 address to be specified using
+  square-bracket notation, such as --proxy [2001:db8::123]:456. [nnposter] 
+
 o [ncat][GH#1214][GH#1230][GH#1439] New ncat option provides control over
  whether proxy destinations are resolved by the remote proxy server or
  locally, by Ncat itself. See option --proxy-dns. [nnposter]
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@ -429,8 +429,10 @@
          using the protocol specified by <option>--proxy-type</option>.</para>

          <para>If no port is specified, the proxy protocol's well-known port is used (1080 for
-          SOCKS and 3128 for HTTP).  However, when specifying an IPv6 HTTP proxy server using
-          the IP address rather than the hostname, the port number MUST be specified as well.
+          SOCKS and 3128 for HTTP).  When specifying an IPv6 HTTP proxy server
+          using the IP address rather than the hostname, the square-bracket
+          notation (for example [2001:db8::1]:8080) MUST be used to separate
+          the port from the IPv6 address.
          If the proxy requires authentication, use <option>--proxy-auth</option>.</para>
        </listitem>
      </varlistentry>
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@ -164,12 +164,21 @@ static int ncat_listen_mode(void);
 static size_t parseproxy(char *str, struct sockaddr_storage *ss,
    size_t *sslen, unsigned short *portno)
 {
-    char *p = strrchr(str, ':');
+    char *p = str;
    char *q;
    long pno;
    int rc;

-    if (p != NULL) {
+    if (*p == '[') {
+        p = strchr(p, ']');
+        if (p == NULL)
+            bye("Invalid proxy IPv6 address \"%s\".", str);
+        ++str;
+        *p++ = '\0';
+    }
+
+    p = strchr(p, ':');
+    if (p != NULL && strchr(p + 1, ':') == NULL) {
        *p++ = '\0';
        pno = strtol(p, &q, 10);
        if (pno < 1 || pno > 0xFFFF || *q)