X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=135b217344cfadea2e51e9d7f9c7c85e55412789;hp=781a4ad845453130805c85a1940134fe40953cb1;hb=a5b4d31ab5ad2ed24cdb53ffa92679411b4176b0;hpb=134b3281a608ec2b8a7c2fcbe6b28094f0e94973 diff --git a/gateway.c b/gateway.c index 781a4ad8..135b2173 100644 --- a/gateway.c +++ b/gateway.c @@ -1,14 +1,13 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.42 2008/11/13 09:08:42 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ * * Purpose : Contains functions to connect to a server, possibly * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 - * proxy). + * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2020 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -32,196 +31,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.42 2008/11/13 09:08:42 fabiankeil * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: gateway.c,v $ - * Revision 1.42 2008/11/13 09:08:42 fabiankeil - * Add new config option: keep-alive-timeout. - * - * Revision 1.41 2008/11/08 15:29:58 fabiankeil - * Unify two debug messages. - * - * Revision 1.40 2008/11/08 15:14:05 fabiankeil - * Fix duplicated debugging check. - * - * Revision 1.39 2008/10/25 11:33:01 fabiankeil - * Remove already out-commented line left over from debugging. - * - * Revision 1.38 2008/10/24 17:33:00 fabiankeil - * - Tone the "keep-alive support is experimental" warning - * down a bit as hackish 0-chunk detection has been - * implemented recently. - * - Only show the "ndef HAVE_POLL" warning once on start-up. - * - * Revision 1.37 2008/10/23 17:40:53 fabiankeil - * Fix forget_connection() and mark_connection_unused(), - * which would both under certain circumstances access - * reusable_connection[MAX_REUSABLE_CONNECTIONS]. Oops. - * - * Revision 1.36 2008/10/18 19:49:15 fabiankeil - * - Factor close_unusable_connections() out of - * get_reusable_connection() to make sure we really check - * all the remembered connections, not just the ones before - * the next reusable one. - * - Plug two file descriptor leaks. Internally marking - * connections as closed doesn't cut it. - * - * Revision 1.35 2008/10/17 17:12:01 fabiankeil - * In socket_is_still_usable(), use select() - * and FD_ISSET() if poll() isn't available. - * - * Revision 1.34 2008/10/17 17:07:13 fabiankeil - * Add preliminary timeout support. - * - * Revision 1.33 2008/10/16 16:34:21 fabiankeil - * Fix two gcc44 warnings. - * - * Revision 1.32 2008/10/16 16:27:22 fabiankeil - * Fix compiler warning. - * - * Revision 1.31 2008/10/16 07:31:11 fabiankeil - * - Factor socket_is_still_usable() out of get_reusable_connection(). - * - If poll() isn't available, show a warning and assume the socket - * is still usable. - * - * Revision 1.30 2008/10/13 17:31:03 fabiankeil - * If a remembered connection is no longer usable and - * has been marked closed, don't bother checking if the - * destination matches. - * - * Revision 1.29 2008/10/11 16:59:41 fabiankeil - * Add missing dots for two log messages. - * - * Revision 1.28 2008/10/09 18:21:41 fabiankeil - * Flush work-in-progress changes to keep outgoing connections - * alive where possible. Incomplete and mostly #ifdef'd out. - * - * Revision 1.27 2008/09/27 15:05:51 fabiankeil - * Return only once in forwarded_connect(). - * - * Revision 1.26 2008/08/18 17:42:06 fabiankeil - * Fix typo in macro name. - * - * Revision 1.25 2008/02/07 18:09:46 fabiankeil - * In socks5_connect: - * - make the buffers quite a bit smaller. - * - properly report "socks5 server unreachable" failures. - * - let strncpy() use the whole buffer. Using a length of 0xffu wasn't actually - * wrong, but requires too much thinking as it doesn't depend on the buffer size. - * - log a message if the socks5 server sends more data than expected. - * - add some assertions and comments. - * - * Revision 1.24 2008/02/04 14:56:29 fabiankeil - * - Fix a compiler warning. - * - Stop assuming that htonl(INADDR_NONE) equals INADDR_NONE. - * - * Revision 1.23 2008/02/04 13:11:35 fabiankeil - * Remember the cause of the SOCKS5 error for the CGI message. - * - * Revision 1.22 2008/02/03 13:46:15 fabiankeil - * Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes. - * - * Revision 1.21 2007/07/28 12:30:03 fabiankeil - * Modified patch from Song Weijia (#1762559) to - * fix socks requests on big-endian platforms. - * - * Revision 1.20 2007/05/14 10:23:48 fabiankeil - * - Use strlcpy() instead of strcpy(). - * - Use the same buffer for socks requests and socks responses. - * - Fix bogus warning about web_server_addr being used uninitialized. - * - * Revision 1.19 2007/01/25 14:09:45 fabiankeil - * - Save errors in socks4_connect() to csp->error_message. - * - Silence some gcc43 warnings, hopefully the right way. - * - * Revision 1.18 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.16 2002/05/12 21:36:29 jongfoster - * Correcting function comments - * - * Revision 1.15 2002/03/26 22:29:54 swa - * we have a new homepage! - * - * Revision 1.14 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.13 2002/03/13 00:29:59 jongfoster - * Killing warnings - * - * Revision 1.12 2002/03/09 20:03:52 jongfoster - * - Making various functions return int rather than size_t. - * (Undoing a recent change). Since size_t is unsigned on - * Windows, functions like read_socket that return -1 on - * error cannot return a size_t. - * - * THIS WAS A MAJOR BUG - it caused frequent, unpredictable - * crashes, and also frequently caused JB to jump to 100% - * CPU and stay there. (Because it thought it had just - * read ((unsigned)-1) == 4Gb of data...) - * - * - The signature of write_socket has changed, it now simply - * returns success=0/failure=nonzero. - * - * - Trying to get rid of a few warnings --with-debug on - * Windows, I've introduced a new type "jb_socket". This is - * used for the socket file descriptors. On Windows, this - * is SOCKET (a typedef for unsigned). Everywhere else, it's - * an int. The error value can't be -1 any more, so it's - * now JB_INVALID_SOCKET (which is -1 on UNIX, and in - * Windows it maps to the #define INVALID_SOCKET.) - * - * - The signature of bind_port has changed. - * - * Revision 1.11 2002/03/08 17:46:04 jongfoster - * Fixing int/size_t warnings - * - * Revision 1.10 2002/03/07 03:50:19 oes - * - Improved handling of failed DNS lookups - * - Fixed compiler warnings - * - * Revision 1.9 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.8 2001/09/13 20:10:12 jongfoster - * Fixing missing #include under Windows - * - * Revision 1.7 2001/09/12 17:58:26 steudten - * - * add #include - * - * Revision 1.6 2001/09/10 10:41:16 oes - * Added #include in.h - * - * Revision 1.5 2001/07/29 18:47:57 jongfoster - * Adding missing #include project.h - * - * Revision 1.4 2001/07/24 12:47:06 oes - * Applied BeOS support update by Eugenia - * - * Revision 1.3 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.2 2001/06/07 23:11:38 jongfoster - * Removing gateways[] list - no longer used. - * Replacing function pointer in struct gateway with a directly - * called function forwarded_connect(), which can do the common - * task of deciding whether to connect to the web server or HTTP - * proxy. - * Replacing struct gateway with struct forward_spec - * Fixing bug with SOCKS4A and HTTP proxy server in combination. - * It was a bug which led to the connection being made to the web - * server rather than the HTTP proxy, and also a buffer overrun. - * - * Revision 1.1.1.1 2001/05/15 13:58:54 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -244,19 +55,18 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.42 2008/11/13 09:08:42 fabiankeil #include #endif /* def __BEOS__ */ -#ifdef __OS2__ -#include -#endif /* def __OS2__ */ - #include "project.h" #include "jcc.h" #include "errlog.h" #include "jbsockets.h" #include "gateway.h" #include "miscutil.h" +#include "list.h" +#include "parsers.h" + #ifdef FEATURE_CONNECTION_KEEP_ALIVE #ifdef HAVE_POLL -#ifdef __GLIBC__ +#ifdef __GLIBC__ #include #else #include @@ -264,10 +74,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.42 2008/11/13 09:08:42 fabiankeil #endif /* HAVE_POLL */ #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -const char gateway_h_rcs[] = GATEWAY_H_VERSION; - -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp); @@ -276,21 +84,24 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, int target_port, struct client_state *csp); +enum { + SOCKS4_REQUEST_GRANTED = 90, + SOCKS4_REQUEST_REJECT = 91, + SOCKS4_REQUEST_IDENT_FAILED = 92, + SOCKS4_REQUEST_IDENT_CONFLICT = 93 +}; -#define SOCKS_REQUEST_GRANTED 90 -#define SOCKS_REQUEST_REJECT 91 -#define SOCKS_REQUEST_IDENT_FAILED 92 -#define SOCKS_REQUEST_IDENT_CONFLICT 93 - -#define SOCKS5_REQUEST_GRANTED 0 -#define SOCKS5_REQUEST_FAILED 1 -#define SOCKS5_REQUEST_DENIED 2 -#define SOCKS5_REQUEST_NETWORK_UNREACHABLE 3 -#define SOCKS5_REQUEST_HOST_UNREACHABLE 4 -#define SOCKS5_REQUEST_CONNECTION_REFUSED 5 -#define SOCKS5_REQUEST_TTL_EXPIRED 6 -#define SOCKS5_REQUEST_PROTOCOL_ERROR 7 -#define SOCKS5_REQUEST_BAD_ADDRESS_TYPE 8 +enum { + SOCKS5_REQUEST_GRANTED = 0, + SOCKS5_REQUEST_FAILED = 1, + SOCKS5_REQUEST_DENIED = 2, + SOCKS5_REQUEST_NETWORK_UNREACHABLE = 3, + SOCKS5_REQUEST_HOST_UNREACHABLE = 4, + SOCKS5_REQUEST_CONNECTION_REFUSED = 5, + SOCKS5_REQUEST_TTL_EXPIRED = 6, + SOCKS5_REQUEST_PROTOCOL_ERROR = 7, + SOCKS5_REQUEST_BAD_ADDRESS_TYPE = 8 +}; /* structure of a socks client operation */ struct socks_op { @@ -313,32 +124,15 @@ struct socks_reply { static const char socks_userid[] = "anonymous"; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE +#ifdef FEATURE_CONNECTION_SHARING +#ifndef FEATURE_CONNECTION_KEEP_ALIVE +#error Using FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE is impossible +#endif #define MAX_REUSABLE_CONNECTIONS 100 -static int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; - -struct reusable_connection -{ - jb_socket sfd; - int in_use; - char *host; - int port; - time_t timestamp; - - int forwarder_type; - char *gateway_host; - int gateway_port; - char *forward_host; - int forward_port; -}; static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS]; - -static int mark_connection_unused(jb_socket sfd); -static void mark_connection_closed(struct reusable_connection *closed_connection); -static int socket_is_still_usable(jb_socket sfd); - +static int mark_connection_unused(const struct reusable_connection *connection); /********************************************************************* * @@ -356,13 +150,12 @@ extern void initialize_reusable_connections(void) { unsigned int slot = 0; +#if !defined(HAVE_POLL) && !defined(_WIN32) log_error(LOG_LEVEL_INFO, - "Support for 'Connection: keep-alive' is experimental." -#ifndef HAVE_POLL - " Detecting already dead connections might not work" - " correctly on your platform." -#endif /* ndef HAVE_POLL */ - ); + "Detecting already dead connections might not work " + "correctly on your platform. In case of problems, " + "unset the keep-alive-timeout option."); +#endif for (slot = 0; slot < SZ(reusable_connection); slot++) { @@ -377,25 +170,23 @@ extern void initialize_reusable_connections(void) * * Function : remember_connection * - * Description : Remembers a connection for reuse later on. + * Description : Remembers a server connection for reuse later on. * * Parameters : - * 1 : sfd = Open socket to remember. - * 2 : http = The destination for the connection. - * 3 : fwd = The forwarder settings used. + * 1 : connection = The server connection to remember. * * Returns : void * *********************************************************************/ -void remember_connection(jb_socket sfd, const struct http_request *http, - const struct forward_spec *fwd) +void remember_connection(const struct reusable_connection *connection) { unsigned int slot = 0; int free_slot_found = FALSE; - assert(sfd != JB_INVALID_SOCKET); + assert(NULL != connection); + assert(connection->sfd != JB_INVALID_SOCKET); - if (mark_connection_unused(sfd)) + if (mark_connection_unused(connection)) { return; } @@ -410,7 +201,7 @@ void remember_connection(jb_socket sfd, const struct http_request *http, assert(reusable_connection[slot].in_use == 0); log_error(LOG_LEVEL_CONNECT, "Remembering socket %d for %s:%d in slot %d.", - sfd, http->host, http->port, slot); + connection->sfd, connection->host, connection->port, slot); free_slot_found = TRUE; break; } @@ -419,62 +210,73 @@ void remember_connection(jb_socket sfd, const struct http_request *http, if (!free_slot_found) { log_error(LOG_LEVEL_CONNECT, - "No free slots found to remembering socket for %s:%d. Last slot %d.", - http->host, http->port, slot); + "No free slots found to remember socket for %s:%d. Last slot %d.", + connection->host, connection->port, slot); privoxy_mutex_unlock(&connection_reuse_mutex); - close_socket(sfd); + close_socket(connection->sfd); return; } - assert(NULL != http->host); - reusable_connection[slot].host = strdup(http->host); - if (NULL == reusable_connection[slot].host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving socket."); - } - reusable_connection[slot].sfd = sfd; - reusable_connection[slot].port = http->port; + assert(slot < SZ(reusable_connection)); + assert(NULL != connection->host); + reusable_connection[slot].host = strdup_or_die(connection->host); + reusable_connection[slot].sfd = connection->sfd; + reusable_connection[slot].port = connection->port; reusable_connection[slot].in_use = 0; - reusable_connection[slot].timestamp = time(NULL); + reusable_connection[slot].timestamp = connection->timestamp; + reusable_connection[slot].request_sent = connection->request_sent; + reusable_connection[slot].response_received = connection->response_received; + reusable_connection[slot].keep_alive_timeout = connection->keep_alive_timeout; + reusable_connection[slot].requests_sent_total = connection->requests_sent_total; - assert(NULL != fwd); assert(reusable_connection[slot].gateway_host == NULL); assert(reusable_connection[slot].gateway_port == 0); + assert(reusable_connection[slot].auth_username == NULL); + assert(reusable_connection[slot].auth_password == NULL); assert(reusable_connection[slot].forwarder_type == SOCKS_NONE); assert(reusable_connection[slot].forward_host == NULL); assert(reusable_connection[slot].forward_port == 0); - reusable_connection[slot].forwarder_type = fwd->type; - if (NULL != fwd->gateway_host) + reusable_connection[slot].forwarder_type = connection->forwarder_type; + if (NULL != connection->gateway_host) { - reusable_connection[slot].gateway_host = strdup(fwd->gateway_host); - if (NULL == reusable_connection[slot].gateway_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving gateway_host."); - } + reusable_connection[slot].gateway_host = strdup_or_die(connection->gateway_host); } else { reusable_connection[slot].gateway_host = NULL; } - reusable_connection[slot].gateway_port = fwd->gateway_port; + reusable_connection[slot].gateway_port = connection->gateway_port; + if (NULL != connection->auth_username) + { + reusable_connection[slot].auth_username = strdup_or_die(connection->auth_username); + } + else + { + reusable_connection[slot].auth_username = NULL; + } + if (NULL != connection->auth_password) + { + reusable_connection[slot].auth_password = strdup_or_die(connection->auth_password); + } + else + { + reusable_connection[slot].auth_password = NULL; + } - if (NULL != fwd->forward_host) + if (NULL != connection->forward_host) { - reusable_connection[slot].forward_host = strdup(fwd->forward_host); - if (NULL == reusable_connection[slot].forward_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving forward_host."); - } + reusable_connection[slot].forward_host = strdup_or_die(connection->forward_host); } else { reusable_connection[slot].forward_host = NULL; } - reusable_connection[slot].forward_port = fwd->forward_port; + reusable_connection[slot].forward_port = connection->forward_port; privoxy_mutex_unlock(&connection_reuse_mutex); } +#endif /* def FEATURE_CONNECTION_SHARING */ /********************************************************************* @@ -482,7 +284,6 @@ void remember_connection(jb_socket sfd, const struct http_request *http, * Function : mark_connection_closed * * Description : Marks a reused connection closed. - * Must be called with connection_reuse_mutex locked. * * Parameters : * 1 : closed_connection = The connection to mark as closed. @@ -490,21 +291,28 @@ void remember_connection(jb_socket sfd, const struct http_request *http, * Returns : void * *********************************************************************/ -static void mark_connection_closed(struct reusable_connection *closed_connection) +void mark_connection_closed(struct reusable_connection *closed_connection) { closed_connection->in_use = FALSE; closed_connection->sfd = JB_INVALID_SOCKET; freez(closed_connection->host); closed_connection->port = 0; closed_connection->timestamp = 0; + closed_connection->request_sent = 0; + closed_connection->response_received = 0; + closed_connection->keep_alive_timeout = 0; + closed_connection->requests_sent_total = 0; closed_connection->forwarder_type = SOCKS_NONE; freez(closed_connection->gateway_host); closed_connection->gateway_port = 0; + freez(closed_connection->auth_username); + freez(closed_connection->auth_password); freez(closed_connection->forward_host); closed_connection->forward_port = 0; } +#ifdef FEATURE_CONNECTION_SHARING /********************************************************************* * * Function : forget_connection @@ -537,16 +345,70 @@ void forget_connection(jb_socket sfd) sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); mark_connection_closed(&reusable_connection[slot]); - privoxy_mutex_unlock(&connection_reuse_mutex); - - return; + break; } } - log_error(LOG_LEVEL_CONNECT, - "Socket %d already forgotten or never remembered.", sfd); - privoxy_mutex_unlock(&connection_reuse_mutex); + +} +#endif /* def FEATURE_CONNECTION_SHARING */ + + +#ifdef FEATURE_CONNECTION_KEEP_ALIVE +/********************************************************************* + * + * Function : string_or_none + * + * Description : Returns a given string or "none" if a NULL pointer + * is given. + * Helper function for connection_destination_matches(). + * + * Parameters : + * 1 : string = The string to check. + * + * Returns : The string if non-NULL, "none" otherwise. + * + *********************************************************************/ +static const char *string_or_none(const char *string) +{ + return(string != NULL ? string : "none"); +} + + +/********************************************************************* + * + * Function : connection_detail_matches + * + * Description : Helper function for connection_destination_matches(). + * Compares strings which can be NULL. + * + * Parameters : + * 1 : connection_detail = The connection detail to compare. + * 2 : fowarder_detail = The forwarder detail to compare. + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +static int connection_detail_matches(const char *connection_detail, + const char *forwarder_detail) +{ + if (connection_detail == NULL && forwarder_detail == NULL) + { + /* Both details are unset. */ + return TRUE; + } + + if ((connection_detail == NULL && forwarder_detail != NULL) + || (connection_detail != NULL && forwarder_detail == NULL)) + { + /* Only one detail isn't set. */ + return FALSE; + } + + /* Both details are set, but do they match? */ + return(!strcmpic(connection_detail, forwarder_detail)); + } @@ -555,7 +417,7 @@ void forget_connection(jb_socket sfd) * Function : connection_destination_matches * * Description : Determines whether a remembered connection can - * be reused. That is whether the destination and + * be reused. That is, whether the destination and * the forwarding settings match. * * Parameters : @@ -566,74 +428,61 @@ void forget_connection(jb_socket sfd) * Returns : TRUE for yes, FALSE otherwise. * *********************************************************************/ -static int connection_destination_matches(const struct reusable_connection *connection, - const struct http_request *http, - const struct forward_spec *fwd) +int connection_destination_matches(const struct reusable_connection *connection, + const struct http_request *http, + const struct forward_spec *fwd) { - /* XXX: Start of duplicated checks for debugging purposes. */ - if (strcmpic(connection->host, http->host)) + if ((connection->forwarder_type != fwd->type) + || (connection->gateway_port != fwd->gateway_port) + || (connection->forward_port != fwd->forward_port) + || (connection->port != http->port)) { return FALSE; } - if (connection->forwarder_type != fwd->type) - { - log_error(LOG_LEVEL_CONNECT, "Type mismatch: %d %d (%s)", - connection->forwarder_type, fwd->type, http->host); - return FALSE; - } - if (connection->gateway_port != fwd->gateway_port) - { - log_error(LOG_LEVEL_CONNECT, "Gateway port mismatch: %d %d (%s)", - connection->gateway_port, fwd->gateway_port, http->host); - return FALSE; - } - if (connection->forward_port != fwd->forward_port) + if (!connection_detail_matches(connection->gateway_host, fwd->gateway_host)) { - log_error(LOG_LEVEL_CONNECT, "Forward port mismatch: %d %d (%s)", - connection->forward_port, fwd->forward_port, http->host); - return FALSE; - } - if (connection->port != http->port) - { - log_error(LOG_LEVEL_CONNECT, "Server port mismatch: %d %d (%s)", - connection->port, http->port, http->host); + log_error(LOG_LEVEL_CONNECT, + "Gateway mismatch. Previous gateway: %s. Current gateway: %s", + string_or_none(connection->gateway_host), + string_or_none(fwd->gateway_host)); return FALSE; } - /* XXX: End of duplicated checks for debugging purposes. */ - - if ((connection->forwarder_type != fwd->type) - || (connection->gateway_port != fwd->gateway_port) - || (connection->forward_port != fwd->forward_port) - || (connection->port != http->port)) + if (!connection_detail_matches(connection->auth_username, fwd->auth_username)) { + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous user name: %s. Current user name: %s", + string_or_none(connection->auth_username), + string_or_none(fwd->auth_username)); return FALSE; } - if (( (NULL != connection->gateway_host) - && (NULL != fwd->gateway_host) - && strcmpic(connection->gateway_host, fwd->gateway_host)) - && (connection->gateway_host != fwd->gateway_host)) + if (!connection_detail_matches(connection->auth_password, fwd->auth_password)) { - log_error(LOG_LEVEL_CONNECT, "Gateway mismatch."); + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous password: %s. Current password: %s", + string_or_none(connection->auth_password), + string_or_none(fwd->auth_password)); return FALSE; } - if (( (NULL != connection->forward_host) - && (NULL != fwd->forward_host) - && strcmpic(connection->forward_host, fwd->forward_host)) - && (connection->forward_host != fwd->forward_host)) + if (!connection_detail_matches(connection->forward_host, fwd->forward_host)) { - log_error(LOG_LEVEL_CONNECT, "Forwarding proxy mismatch."); + log_error(LOG_LEVEL_CONNECT, + "Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s", + string_or_none(connection->forward_host), + string_or_none(fwd->forward_host)); return FALSE; } return (!strcmpic(connection->host, http->host)); } +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#ifdef FEATURE_CONNECTION_SHARING /********************************************************************* * * Function : close_unusable_connections @@ -643,12 +492,15 @@ static int connection_destination_matches(const struct reusable_connection *conn * * Parameters : none * - * Returns : void + * Returns : Number of connections that are still alive. * *********************************************************************/ -static void close_unusable_connections(void) +int close_unusable_connections(void) { unsigned int slot = 0; + int connections_alive = 0; + + privoxy_mutex_lock(&connection_reuse_mutex); for (slot = 0; slot < SZ(reusable_connection); slot++) { @@ -656,21 +508,23 @@ static void close_unusable_connections(void) && (JB_INVALID_SOCKET != reusable_connection[slot].sfd)) { time_t time_open = time(NULL) - reusable_connection[slot].timestamp; + time_t latency = (reusable_connection[slot].response_received - + reusable_connection[slot].request_sent) / 2; - if (keep_alive_timeout < time_open) + if (reusable_connection[slot].keep_alive_timeout < time_open + latency) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d timed out. " - "Closing socket %d. Timeout is: %d.", + "Closing socket %d. Timeout is: %d. Assumed latency: %ld.", reusable_connection[slot].host, reusable_connection[slot].port, slot, - reusable_connection[slot].sfd, keep_alive_timeout); + reusable_connection[slot].sfd, + reusable_connection[slot].keep_alive_timeout, + latency); close_socket(reusable_connection[slot].sfd); mark_connection_closed(&reusable_connection[slot]); - continue; } - - if (!socket_is_still_usable(reusable_connection[slot].sfd)) + else if (!socket_is_still_alive(reusable_connection[slot].sfd)) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d is no longer usable. " @@ -679,70 +533,18 @@ static void close_unusable_connections(void) reusable_connection[slot].sfd); close_socket(reusable_connection[slot].sfd); mark_connection_closed(&reusable_connection[slot]); - continue; + } + else + { + connections_alive++; } } } -} - - -/********************************************************************* - * - * Function : socket_is_still_usable - * - * Description : Decides whether or not an open socket is still usable. - * - * Parameters : - * 1 : sfd = The socket to check. - * - * Returns : TRUE for yes, otherwise FALSE. - * - *********************************************************************/ -static int socket_is_still_usable(jb_socket sfd) -{ -#ifdef HAVE_POLL - int poll_result; - struct pollfd poll_fd[1]; - - memset(poll_fd, 0, sizeof(poll_fd)); - poll_fd[0].fd = sfd; - poll_fd[0].events = POLLIN; - - poll_result = poll(poll_fd, 1, 0); - - if (-1 != poll_result) - { - return !(poll_fd[0].revents & POLLIN); - } - else - { - log_error(LOG_LEVEL_CONNECT, "Polling socket %d failed.", sfd); - return FALSE; - } -#else - fd_set readable_fds; - struct timeval timeout; - int ret; - int socket_is_alive = 0; - - memset(&timeout, '\0', sizeof(timeout)); - FD_ZERO(&readable_fds); - FD_SET(sfd, &readable_fds); - ret = select((int)sfd+1, &readable_fds, NULL, NULL, &timeout); - if (ret < 0) - { - log_error(LOG_LEVEL_ERROR, "select() failed!: %E"); - } + privoxy_mutex_unlock(&connection_reuse_mutex); - /* - * XXX: I'm not sure why !FD_ISSET() works, - * but apparently it does. - */ - socket_is_alive = !FD_ISSET(sfd, &readable_fds); + return connections_alive; - return socket_is_alive; -#endif /* def HAVE_POLL */ } @@ -767,10 +569,10 @@ static jb_socket get_reusable_connection(const struct http_request *http, jb_socket sfd = JB_INVALID_SOCKET; unsigned int slot = 0; - privoxy_mutex_lock(&connection_reuse_mutex); - close_unusable_connections(); + privoxy_mutex_lock(&connection_reuse_mutex); + for (slot = 0; slot < SZ(reusable_connection); slot++) { if (!reusable_connection[slot].in_use @@ -781,8 +583,14 @@ static jb_socket get_reusable_connection(const struct http_request *http, reusable_connection[slot].in_use = TRUE; sfd = reusable_connection[slot].sfd; log_error(LOG_LEVEL_CONNECT, - "Found reusable socket %d for %s:%d in slot %d.", - sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); + "Found reusable socket %d for %s:%d in slot %d. Timestamp made %ld " + "seconds ago. Timeout: %d. Latency: %d. Requests served: %d", + sfd, reusable_connection[slot].host, reusable_connection[slot].port, + slot, time(NULL) - reusable_connection[slot].timestamp, + reusable_connection[slot].keep_alive_timeout, + (int)(reusable_connection[slot].response_received - + reusable_connection[slot].request_sent), + reusable_connection[slot].requests_sent_total); break; } } @@ -802,33 +610,33 @@ static jb_socket get_reusable_connection(const struct http_request *http, * Description : Gives a remembered connection free for reuse. * * Parameters : - * 1 : sfd = The socket belonging to the connection in question. + * 1 : connection = The connection in question. * * Returns : TRUE => Socket found and marked as unused. * FALSE => Socket not found. * *********************************************************************/ -static int mark_connection_unused(jb_socket sfd) +static int mark_connection_unused(const struct reusable_connection *connection) { unsigned int slot = 0; int socket_found = FALSE; - assert(sfd != JB_INVALID_SOCKET); + assert(connection->sfd != JB_INVALID_SOCKET); privoxy_mutex_lock(&connection_reuse_mutex); for (slot = 0; slot < SZ(reusable_connection); slot++) { - if (reusable_connection[slot].sfd == sfd) + if (reusable_connection[slot].sfd == connection->sfd) { assert(reusable_connection[slot].in_use); socket_found = TRUE; log_error(LOG_LEVEL_CONNECT, "Marking open socket %d for %s:%d in slot %d as unused.", - sfd, reusable_connection[slot].host, + connection->sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); reusable_connection[slot].in_use = 0; - reusable_connection[slot].timestamp = time(NULL); + reusable_connection[slot].timestamp = connection->timestamp; break; } } @@ -838,26 +646,7 @@ static int mark_connection_unused(jb_socket sfd) return socket_found; } - - -/********************************************************************* - * - * Function : set_keep_alive_timeout - * - * Description : Sets the timeout after which open - * connections will no longer be reused. - * - * Parameters : - * 1 : timeout = The timeout in seconds. - * - * Returns : void - * - *********************************************************************/ -void set_keep_alive_timeout(int timeout) -{ - keep_alive_timeout = timeout; -} -#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#endif /* def FEATURE_CONNECTION_SHARING */ /********************************************************************* @@ -875,27 +664,25 @@ void set_keep_alive_timeout(int timeout) * Returns : JB_INVALID_SOCKET => failure, else it is the socket file descriptor. * *********************************************************************/ -jb_socket forwarded_connect(const struct forward_spec * fwd, +jb_socket forwarded_connect(const struct forward_spec *fwd, struct http_request *http, struct client_state *csp) { - const char * dest_host; + const char *dest_host; int dest_port; jb_socket sfd = JB_INVALID_SOCKET; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE - sfd = get_reusable_connection(http, fwd); - if (JB_INVALID_SOCKET == sfd) +#ifdef FEATURE_CONNECTION_SHARING + if ((csp->config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING) + && !(csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)) { - log_error(LOG_LEVEL_CONNECT, - "No reusable socket for %s:%d found. Opening a new one.", - http->host, http->port); - } - else - { - return sfd; + sfd = get_reusable_connection(http, fwd); + if (JB_INVALID_SOCKET != sfd) + { + return sfd; + } } -#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#endif /* def FEATURE_CONNECTION_SHARING */ /* Figure out if we need to connect to the web server or a HTTP proxy. */ if (fwd->forward_host) @@ -915,6 +702,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, switch (fwd->type) { case SOCKS_NONE: + case FORWARD_WEBSERVER: sfd = connect_to(dest_host, dest_port, csp); break; case SOCKS_4: @@ -922,12 +710,20 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, sfd = socks4_connect(fwd, dest_host, dest_port, csp); break; case SOCKS_5: + case SOCKS_5T: sfd = socks5_connect(fwd, dest_host, dest_port, csp); break; default: /* Should never get here */ log_error(LOG_LEVEL_FATAL, - "SOCKS4 impossible internal error - bad SOCKS type."); + "Internal error in forwarded_connect(). Bad proxy type: %d", fwd->type); + } + + if (JB_INVALID_SOCKET != sfd) + { + log_error(LOG_LEVEL_CONNECT, + "Created new connection to %s:%d on socket %d.", + http->host, http->port, sfd); } return sfd; @@ -935,6 +731,51 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, } +#ifdef FUZZ +/********************************************************************* + * + * Function : socks_fuzz + * + * Description : Wrapper around socks[45]_connect() used for fuzzing. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_ERR_OK or JB_ERR_PARSE + * + *********************************************************************/ +extern jb_err socks_fuzz(struct client_state *csp) +{ + jb_socket socket; + static struct forward_spec fwd; + char target_host[] = "fuzz.example.org"; + int target_port = 12345; + + fwd.gateway_host = strdup_or_die("fuzz.example.org"); + fwd.gateway_port = 12345; + + fwd.type = SOCKS_4A; + socket = socks4_connect(&fwd, target_host, target_port, csp); + + if (JB_INVALID_SOCKET != socket) + { + fwd.type = SOCKS_5; + socket = socks5_connect(&fwd, target_host, target_port, csp); + } + + if (JB_INVALID_SOCKET == socket) + { + log_error(LOG_LEVEL_ERROR, "%s", csp->error_message); + return JB_ERR_PARSE; + } + + log_error(LOG_LEVEL_INFO, "Input looks like an acceptable socks response"); + + return JB_ERR_OK; + +} +#endif + /********************************************************************* * * Function : socks4_connect @@ -958,12 +799,12 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor. * *********************************************************************/ -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp) { - unsigned int web_server_addr; + unsigned long web_server_addr; char buf[BUFFER_SIZE]; struct socks_op *c = (struct socks_op *)buf; struct socks_reply *s = (struct socks_reply *)buf; @@ -989,7 +830,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); errno = EINVAL; return(JB_INVALID_SOCKET); } @@ -1058,24 +899,23 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->vn = 4; c->cd = 1; - c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); - c->dstport[1] = (unsigned char)((target_port ) & 0xff); - c->dstip[0] = (unsigned char)((web_server_addr >> 24 ) & 0xff); - c->dstip[1] = (unsigned char)((web_server_addr >> 16 ) & 0xff); - c->dstip[2] = (unsigned char)((web_server_addr >> 8 ) & 0xff); - c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); - + c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); + c->dstport[1] = (unsigned char)((target_port ) & 0xff); + c->dstip[0] = (unsigned char)((web_server_addr >> 24) & 0xff); + c->dstip[1] = (unsigned char)((web_server_addr >> 16) & 0xff); + c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); + c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); + +#ifdef FUZZ + sfd = 0; +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); if (sfd == JB_INVALID_SOCKET) { - /* - * XXX: connect_to should fill in the exact reason. - * Most likely resolving the IP of the forwarder failed. - */ - errstr = "connect_to failed: see logfile for details"; - err = 1; + /* The error an its reason have already been logged by connect_to() */ + return(JB_INVALID_SOCKET); } else if (write_socket(sfd, (char *)c, csiz)) { @@ -1084,7 +924,23 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, err = 1; close_socket(sfd); } - else if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) + else if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS4 negotiation timed out"; + } + else + { + errstr = "SOCKS4 negotiation got aborted by the server"; + } + log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); + err = 1; + close_socket(sfd); + } + else +#endif + if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) { errstr = "SOCKS4 negotiation read failed."; log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); @@ -1094,25 +950,24 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); return(JB_INVALID_SOCKET); } switch (s->cd) { - case SOCKS_REQUEST_GRANTED: + case SOCKS4_REQUEST_GRANTED: return(sfd); - break; - case SOCKS_REQUEST_REJECT: + case SOCKS4_REQUEST_REJECT: errstr = "SOCKS request rejected or failed."; errno = EINVAL; break; - case SOCKS_REQUEST_IDENT_FAILED: + case SOCKS4_REQUEST_IDENT_FAILED: errstr = "SOCKS request rejected because " "SOCKS server cannot connect to identd on the client."; errno = EACCES; break; - case SOCKS_REQUEST_IDENT_CONFLICT: + case SOCKS4_REQUEST_IDENT_CONFLICT: errstr = "SOCKS request rejected because " "the client program and identd report " "different user-ids."; @@ -1157,7 +1012,7 @@ static const char *translate_socks5_error(int socks_error) case SOCKS5_REQUEST_NETWORK_UNREACHABLE: return "SOCKS5 network unreachable"; case SOCKS5_REQUEST_HOST_UNREACHABLE: - return "SOCKS5 host unreachable"; + return "SOCKS5 destination host unreachable"; case SOCKS5_REQUEST_CONNECTION_REFUSED: return "SOCKS5 connection refused"; case SOCKS5_REQUEST_TTL_EXPIRED: @@ -1173,6 +1028,7 @@ static const char *translate_socks5_error(int socks_error) } } + /********************************************************************* * * Function : socks5_connect @@ -1197,9 +1053,12 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, int target_port, struct client_state *csp) { +#define SIZE_SOCKS5_REPLY_IPV4 10 +#define SIZE_SOCKS5_REPLY_IPV6 22 +#define SOCKS5_REPLY_DIFFERENCE (SIZE_SOCKS5_REPLY_IPV6 - SIZE_SOCKS5_REPLY_IPV4) int err = 0; char cbuf[300]; - char sbuf[30]; + char sbuf[SIZE_SOCKS5_REPLY_IPV6]; size_t client_pos = 0; int server_size = 0; size_t hostlen = 0; @@ -1225,13 +1084,13 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } hostlen = strlen(target_host); - if (hostlen > 255) + if (hostlen > (size_t)255) { errstr = "target host name is longer than 255 characters"; err = 1; } - if (fwd->type != SOCKS_5) + if ((fwd->type != SOCKS_5) && (fwd->type != SOCKS_5T)) { /* Should never get here */ log_error(LOG_LEVEL_FATAL, @@ -1248,6 +1107,10 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } +#ifdef FUZZ + sfd = 0; + if (!err && read_socket(sfd, sbuf, 2) != 2) +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); @@ -1255,13 +1118,24 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, { errstr = "socks5 server unreachable"; log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + /* Free the generic error message provided by connect_to() */ + freez(csp->error_message); csp->error_message = strdup(errstr); return(JB_INVALID_SOCKET); } client_pos = 0; cbuf[client_pos++] = '\x05'; /* Version */ - cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ if (write_socket(sfd, cbuf, client_pos)) @@ -1272,8 +1146,21 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, close_socket(sfd); return(JB_INVALID_SOCKET); } + if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS5 negotiation timed out"; + } + else + { + errstr = "SOCKS5 negotiation got aborted by the server"; + } + err = 1; + } - if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2) +#endif { errstr = "SOCKS5 negotiation read failed"; err = 1; @@ -1291,7 +1178,51 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (!err && (sbuf[1] != '\x00')) + if (!err && (sbuf[1] == '\x02')) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) { errstr = "SOCKS5 negotiation protocol error"; err = 1; @@ -1313,16 +1244,17 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = '\x00'; /* Reserved, must be 0x00 */ cbuf[client_pos++] = '\x03'; /* Address is domain name */ cbuf[client_pos++] = (char)(hostlen & 0xffu); - assert(sizeof(cbuf) - client_pos > 255); + assert(sizeof(cbuf) - client_pos > (size_t)255); /* Using strncpy because we really want the nul byte padding. */ - strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos); + strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos - 1); client_pos += (hostlen & 0xffu); cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); +#ifndef FUZZ if (write_socket(sfd, cbuf, client_pos)) { - errstr = "SOCKS5 negotiation read failed"; + errstr = "SOCKS5 negotiation write failed"; csp->error_message = strdup(errstr); log_error(LOG_LEVEL_CONNECT, "%s", errstr); close_socket(sfd); @@ -1330,40 +1262,102 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } - server_size = read_socket(sfd, sbuf, sizeof(sbuf)); - if (server_size < 3) - { - errstr = "SOCKS5 negotiation read failed"; - err = 1; - } - else if (server_size > 20) + /* + * Optimistically send the HTTP request with the initial + * SOCKS request if the user enabled the use of Tor extensions, + * the CONNECT method isn't being used (in which case the client + * doesn't send data until it gets our 200 response) and the + * client request has actually been completely read already. + */ + if ((fwd->type == SOCKS_5T) && (csp->http->ssl == 0) + && (csp->flags & CSP_FLAG_CLIENT_REQUEST_COMPLETELY_READ)) { - /* This is somewhat unexpected but doesn't realy matter. */ - log_error(LOG_LEVEL_CONNECT, "socks5_connect: read %d bytes " - "from socks server. Would have accepted up to %d.", - server_size, sizeof(sbuf)); - } + char *client_headers = list_to_text(csp->headers); + size_t header_length; - if (!err && (sbuf[0] != '\x05')) - { - errstr = "SOCKS5 negotiation protocol version error"; - err = 1; + if (client_headers == NULL) + { + log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers"); + } + list_remove_all(csp->headers); + header_length= strlen(client_headers); + + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %lu bytes of client headers intended for %s", + header_length, csp->http->hostport); + + if (write_socket(sfd, client_headers, header_length)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing header to: %s failed: %E", csp->http->hostport); + freez(client_headers); + return(JB_INVALID_SOCKET); + } + freez(client_headers); + if (csp->expected_client_content_length != 0) + { + unsigned long long buffered_request_bytes = + (unsigned long long)(csp->client_iob->eod - csp->client_iob->cur); + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %llu bytes of client body. Expected %llu", + csp->expected_client_content_length, buffered_request_bytes); + assert(csp->expected_client_content_length == buffered_request_bytes); + if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing %llu bytes of client body to: %s failed: %E", + buffered_request_bytes, csp->http->hostport); + return(JB_INVALID_SOCKET); + } + clear_iob(csp->client_iob); + } } +#endif - if (!err && (sbuf[2] != '\x00')) + server_size = read_socket(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4); + if (server_size != SIZE_SOCKS5_REPLY_IPV4) { - errstr = "SOCKS5 negotiation protocol error"; - err = 1; + errstr = "SOCKS5 negotiation read failed"; } - - if (!err) + else { - if (sbuf[1] == SOCKS5_REQUEST_GRANTED) + if (sbuf[0] != '\x05') { - return(sfd); + errstr = "SOCKS5 negotiation protocol version error"; + } + else if (sbuf[2] != '\x00') + { + errstr = "SOCKS5 negotiation protocol error"; + } + else if (sbuf[1] != SOCKS5_REQUEST_GRANTED) + { + errstr = translate_socks5_error(sbuf[1]); + } + else + { + if (sbuf[3] == '\x04') + { + /* + * The address field contains an IPv6 address + * which means we didn't get the whole reply + * yet. Read and discard the rest of it to make + * sure it isn't treated as HTTP data later on. + */ + server_size = read_socket(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE); + if (server_size != SOCKS5_REPLY_DIFFERENCE) + { + errstr = "SOCKS5 negotiation read failed (IPv6 address)"; + } + } + else if (sbuf[3] != '\x01') + { + errstr = "SOCKS5 reply contains unsupported address type"; + } + if (errstr == NULL) + { + return(sfd); + } } - errstr = translate_socks5_error(sbuf[1]); - err = 1; } assert(errstr != NULL);