dest-unreach / socat

socat - Multipurpose relay

Abstract

what: "netcat++" (extended design, new implementation)
OS:   AIX, BSD, HP-UX, Linux, Solaris e.a. (UNIX)
lic:  GPL2
inst: tar x...; ./configure; make; make install
doc:  README; socat.html, socat.1; xio.help
ui:   command line
exa:  socat TCP6-LISTEN:8080,reuseaddr,fork PROXY:proxy:www.domain.com:80
keyw: tcp, udp, ipv6, raw ip, unix-socket, pty, pipe, listen, socks4, socks4a,
      proxy-connect, ssl-client, filedescriptor, readline, stdio,
      exec, system, file, open, tail -f, termios, setsockopt, chroot,
      fork, perm, owner, trace, dump, dgram, ext3, resolver, datagram,
      multicast, broadcast, interface, socket, sctp, generic, ioctl

What's new?

2014-03-09: Socat version 1.7.2.4 contains fixes for most of the bugs and porting issues reported or found in more than two years, see CHANGES.

Download gz, bz2, or patch

2014-01-28: Socat versions 1.7.2.3 and 2.0.0-b7 fix a security issue: socats PROXY-CONNECT address was vulnerable to a buffer overflow with data provided on command line (CVE-2014-0019, advisory). Fixed versions are 1.7.2.3 and 2.0.0-b7. Patches are available in the download area.

2013-05-26: Socat versions 1.7.2.2 and 2.0.0-b6 fix a security issue: Under certain circumstances an FD leak occurs and may be misused for denial of service attacks against socat running in server mode (CVE-2013-3571, advisory). Fixed versions are 1.7.2.2 and 2.0.0-b6. Patches are available in the download area.

2012-05-14: A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (CVE-2012-0219, advisory). Fixed versions are 1.7.2.1 and 2.0.0-b5. Patches are available in the download area.

2011-12-05: socat version 1.7.2.0 allows tun/tap interfaces without IP address and introduces options openssl-compress and max-children. It fixes 18 bugs and has 11 changes for improved platform support, especially for Mac OS X Lion, DragonFly, and Android.

2011-05-29: Michael Terzo provided a patch that fixes the compile error of socat 2.0.0 up to b4 on non-Linux systems.

2010-10-03: Vitali Shukela provided a patch that allows to use the original target address of an accepted connection in a socks or proxy address.

2010-08-02: A stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes (CVE-2010-2799, advisory). Fixed versions are 1.7.1.3 and 2.0.0-b4. See socat security advisory 2 for details.

2009-04-04: the third beta version (2.0.0-b3) of socat version 2 is ready for download. It contains all new bug fixes and features of 1.7.1.0 (plus fix:setenv, see below) and introduces the possibility to integrate external programs in address chains (see doc/socat-addresschain.html and doc/socat-exec.html).

2008-11-01: a public git repository containing socat 1.6.0.0 and all later releases is available.

Get it!

You can download socat 1.7.2.2 in source form (.gz, .bz2). Feel free to check the md5 hashes.

Many actual Linux and BSD distributions already provide socat; for other distributions and for some commercial UNIX platforms, precompiled socat packages are available too, so search the internet if you dont´t want to bother with compiling it yourself.

There is a page with socat patches and contributions.

socat binaries for Windows based on Cygwin are provided by Gentil Kiwi for download.

Documentation

Classical documentation:

Mini tutorials:

Contact

If you have more questions, please contact socat@dest-unreach.org