On Wed, May 14, 2025 at 06:28:01PM +1000, Ross L Richardson wrote:
> nc(1) handling of option arguments for "-T" is suboptimal for arguments
> which are _not_ of the form "key=value".  There is no check that nothing
> follows the keyword:
> 
> $ nc -c -T muststaple openbsd.org https
> nc: tls handshake failed (no stapled OCSP response provided)
> $ nc -c -T muststaple= openbsd.org https
> nc: tls handshake failed (no stapled OCSP response provided)
> $ nc -c -T muststaple=NBG openbsd.org https
> nc: tls handshake failed (no stapled OCSP response provided)
> :
> 
> The patch below provides one way to correct the deficiency.

applied. Thanks Ross.

> 
> Ross
> 
> ========
> Index: netcat.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> diff -u -p -r1.229 netcat.c
> --- netcat.c	2 Nov 2024 17:19:27 -0000	1.229
> +++ netcat.c	14 May 2025 08:23:05 -0000
> @@ -1692,6 +1692,8 @@ process_tls_opt(char *s, int *flags)
>  					errx(1, "invalid tls value `%s'", s);
>  				*t->value = v;
>  			} else {
> +				if (v != NULL)
> +					errx(1, "invalid tls value `%s'", s);
>  				*flags |= t->flag;
>  			}
>  			return 1;
>