X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=3890b015c1946e5c7cdba9c4dcf67d2957a5fd71;hp=b65991acf83e11cbfe4c4cf79972d7052214d109;hb=1eedfdcf8a3eb49bf78307a1bf5e2555800eb5a8;hpb=ebfbedec7295cb95ceda12f0fa203d4f1d314fdd diff --git a/gateway.c b/gateway.c index b65991ac..3890b015 100644 --- a/gateway.c +++ b/gateway.c @@ -1,4 +1,3 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.81 2011/10/23 11:21:09 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ @@ -7,8 +6,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.81 2011/10/23 11:21:09 fabiankeil * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2009 the - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2021 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -56,16 +55,15 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.81 2011/10/23 11:21:09 fabiankeil #include #endif /* def __BEOS__ */ -#ifdef __OS2__ -#include -#endif /* def __OS2__ */ - #include "project.h" #include "jcc.h" #include "errlog.h" #include "jbsockets.h" #include "gateway.h" #include "miscutil.h" +#include "list.h" +#include "parsers.h" + #ifdef FEATURE_CONNECTION_KEEP_ALIVE #ifdef HAVE_POLL #ifdef __GLIBC__ @@ -76,10 +74,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.81 2011/10/23 11:21:09 fabiankeil #endif /* HAVE_POLL */ #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -const char gateway_h_rcs[] = GATEWAY_H_VERSION; - -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp); @@ -129,9 +125,11 @@ struct socks_reply { static const char socks_userid[] = "anonymous"; #ifdef FEATURE_CONNECTION_SHARING +#ifndef FEATURE_CONNECTION_KEEP_ALIVE +#error Using FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE is impossible +#endif #define MAX_REUSABLE_CONNECTIONS 100 -static unsigned int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS]; static int mark_connection_unused(const struct reusable_connection *connection); @@ -212,29 +210,29 @@ void remember_connection(const struct reusable_connection *connection) if (!free_slot_found) { log_error(LOG_LEVEL_CONNECT, - "No free slots found to remembering socket for %s:%d. Last slot %d.", + "No free slots found to remember socket for %s:%d. Last slot %d.", connection->host, connection->port, slot); privoxy_mutex_unlock(&connection_reuse_mutex); close_socket(connection->sfd); return; } + assert(slot < SZ(reusable_connection)); assert(NULL != connection->host); - reusable_connection[slot].host = strdup(connection->host); - if (NULL == reusable_connection[slot].host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving socket."); - } + reusable_connection[slot].host = strdup_or_die(connection->host); reusable_connection[slot].sfd = connection->sfd; reusable_connection[slot].port = connection->port; reusable_connection[slot].in_use = 0; reusable_connection[slot].timestamp = connection->timestamp; - reusable_connection->request_sent = connection->request_sent; - reusable_connection->response_received = connection->response_received; + reusable_connection[slot].request_sent = connection->request_sent; + reusable_connection[slot].response_received = connection->response_received; reusable_connection[slot].keep_alive_timeout = connection->keep_alive_timeout; + reusable_connection[slot].requests_sent_total = connection->requests_sent_total; assert(reusable_connection[slot].gateway_host == NULL); assert(reusable_connection[slot].gateway_port == 0); + assert(reusable_connection[slot].auth_username == NULL); + assert(reusable_connection[slot].auth_password == NULL); assert(reusable_connection[slot].forwarder_type == SOCKS_NONE); assert(reusable_connection[slot].forward_host == NULL); assert(reusable_connection[slot].forward_port == 0); @@ -242,25 +240,33 @@ void remember_connection(const struct reusable_connection *connection) reusable_connection[slot].forwarder_type = connection->forwarder_type; if (NULL != connection->gateway_host) { - reusable_connection[slot].gateway_host = strdup(connection->gateway_host); - if (NULL == reusable_connection[slot].gateway_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving gateway_host."); - } + reusable_connection[slot].gateway_host = strdup_or_die(connection->gateway_host); } else { reusable_connection[slot].gateway_host = NULL; } reusable_connection[slot].gateway_port = connection->gateway_port; + if (NULL != connection->auth_username) + { + reusable_connection[slot].auth_username = strdup_or_die(connection->auth_username); + } + else + { + reusable_connection[slot].auth_username = NULL; + } + if (NULL != connection->auth_password) + { + reusable_connection[slot].auth_password = strdup_or_die(connection->auth_password); + } + else + { + reusable_connection[slot].auth_password = NULL; + } if (NULL != connection->forward_host) { - reusable_connection[slot].forward_host = strdup(connection->forward_host); - if (NULL == reusable_connection[slot].forward_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving forward_host."); - } + reusable_connection[slot].forward_host = strdup_or_die(connection->forward_host); } else { @@ -273,7 +279,6 @@ void remember_connection(const struct reusable_connection *connection) #endif /* def FEATURE_CONNECTION_SHARING */ -#ifdef FEATURE_CONNECTION_KEEP_ALIVE /********************************************************************* * * Function : mark_connection_closed @@ -296,13 +301,15 @@ void mark_connection_closed(struct reusable_connection *closed_connection) closed_connection->request_sent = 0; closed_connection->response_received = 0; closed_connection->keep_alive_timeout = 0; + closed_connection->requests_sent_total = 0; closed_connection->forwarder_type = SOCKS_NONE; freez(closed_connection->gateway_host); closed_connection->gateway_port = 0; + freez(closed_connection->auth_username); + freez(closed_connection->auth_password); freez(closed_connection->forward_host); closed_connection->forward_port = 0; } -#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ #ifdef FEATURE_CONNECTION_SHARING @@ -349,6 +356,62 @@ void forget_connection(jb_socket sfd) #ifdef FEATURE_CONNECTION_KEEP_ALIVE +/********************************************************************* + * + * Function : string_or_none + * + * Description : Returns a given string or "none" if a NULL pointer + * is given. + * Helper function for connection_destination_matches(). + * + * Parameters : + * 1 : string = The string to check. + * + * Returns : The string if non-NULL, "none" otherwise. + * + *********************************************************************/ +static const char *string_or_none(const char *string) +{ + return(string != NULL ? string : "none"); +} + + +/********************************************************************* + * + * Function : connection_detail_matches + * + * Description : Helper function for connection_destination_matches(). + * Compares strings which can be NULL. + * + * Parameters : + * 1 : connection_detail = The connection detail to compare. + * 2 : fowarder_detail = The forwarder detail to compare. + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +static int connection_detail_matches(const char *connection_detail, + const char *forwarder_detail) +{ + if (connection_detail == NULL && forwarder_detail == NULL) + { + /* Both details are unset. */ + return TRUE; + } + + if ((connection_detail == NULL && forwarder_detail != NULL) + || (connection_detail != NULL && forwarder_detail == NULL)) + { + /* Only one detail isn't set. */ + return FALSE; + } + + /* Both details are set, but do they match? */ + return(!strcmpic(connection_detail, forwarder_detail)); + +} + + /********************************************************************* * * Function : connection_destination_matches @@ -377,25 +440,39 @@ int connection_destination_matches(const struct reusable_connection *connection, return FALSE; } - if (( (NULL != connection->gateway_host) - && (NULL != fwd->gateway_host) - && strcmpic(connection->gateway_host, fwd->gateway_host)) - && (connection->gateway_host != fwd->gateway_host)) + if (!connection_detail_matches(connection->gateway_host, fwd->gateway_host)) { log_error(LOG_LEVEL_CONNECT, "Gateway mismatch. Previous gateway: %s. Current gateway: %s", - connection->gateway_host, fwd->gateway_host); + string_or_none(connection->gateway_host), + string_or_none(fwd->gateway_host)); + return FALSE; + } + + if (!connection_detail_matches(connection->auth_username, fwd->auth_username)) + { + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous user name: %s. Current user name: %s", + string_or_none(connection->auth_username), + string_or_none(fwd->auth_username)); + return FALSE; + } + + if (!connection_detail_matches(connection->auth_password, fwd->auth_password)) + { + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous password: %s. Current password: %s", + string_or_none(connection->auth_password), + string_or_none(fwd->auth_password)); return FALSE; } - if (( (NULL != connection->forward_host) - && (NULL != fwd->forward_host) - && strcmpic(connection->forward_host, fwd->forward_host)) - && (connection->forward_host != fwd->forward_host)) + if (!connection_detail_matches(connection->forward_host, fwd->forward_host)) { log_error(LOG_LEVEL_CONNECT, "Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s", - connection->forward_host, fwd->forward_host); + string_or_none(connection->forward_host), + string_or_none(fwd->forward_host)); return FALSE; } @@ -438,7 +515,7 @@ int close_unusable_connections(void) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d timed out. " - "Closing socket %d. Timeout is: %d. Assumed latency: %d.", + "Closing socket %d. Timeout is: %d. Assumed latency: %ld.", reusable_connection[slot].host, reusable_connection[slot].port, slot, reusable_connection[slot].sfd, @@ -506,13 +583,14 @@ static jb_socket get_reusable_connection(const struct http_request *http, reusable_connection[slot].in_use = TRUE; sfd = reusable_connection[slot].sfd; log_error(LOG_LEVEL_CONNECT, - "Found reusable socket %d for %s:%d in slot %d. " - "Timestamp made %d seconds ago. Timeout: %d. Latency: %d.", + "Found reusable socket %d for %s:%d in slot %d. Timestamp made %ld " + "seconds ago. Timeout: %d. Latency: %d. Requests served: %d", sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot, time(NULL) - reusable_connection[slot].timestamp, reusable_connection[slot].keep_alive_timeout, (int)(reusable_connection[slot].response_received - - reusable_connection[slot].request_sent)); + reusable_connection[slot].request_sent), + reusable_connection[slot].requests_sent_total); break; } } @@ -568,25 +646,6 @@ static int mark_connection_unused(const struct reusable_connection *connection) return socket_found; } - - -/********************************************************************* - * - * Function : set_keep_alive_timeout - * - * Description : Sets the timeout after which open - * connections will no longer be reused. - * - * Parameters : - * 1 : timeout = The timeout in seconds. - * - * Returns : void - * - *********************************************************************/ -void set_keep_alive_timeout(unsigned int timeout) -{ - keep_alive_timeout = timeout; -} #endif /* def FEATURE_CONNECTION_SHARING */ @@ -605,11 +664,11 @@ void set_keep_alive_timeout(unsigned int timeout) * Returns : JB_INVALID_SOCKET => failure, else it is the socket file descriptor. * *********************************************************************/ -jb_socket forwarded_connect(const struct forward_spec * fwd, +jb_socket forwarded_connect(const struct forward_spec *fwd, struct http_request *http, struct client_state *csp) { - const char * dest_host; + const char *dest_host; int dest_port; jb_socket sfd = JB_INVALID_SOCKET; @@ -643,6 +702,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, switch (fwd->type) { case SOCKS_NONE: + case FORWARD_WEBSERVER: sfd = connect_to(dest_host, dest_port, csp); break; case SOCKS_4: @@ -650,6 +710,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, sfd = socks4_connect(fwd, dest_host, dest_port, csp); break; case SOCKS_5: + case SOCKS_5T: sfd = socks5_connect(fwd, dest_host, dest_port, csp); break; default: @@ -670,6 +731,51 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, } +#ifdef FUZZ +/********************************************************************* + * + * Function : socks_fuzz + * + * Description : Wrapper around socks[45]_connect() used for fuzzing. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_ERR_OK or JB_ERR_PARSE + * + *********************************************************************/ +extern jb_err socks_fuzz(struct client_state *csp) +{ + jb_socket socket; + static struct forward_spec fwd; + char target_host[] = "fuzz.example.org"; + int target_port = 12345; + + fwd.gateway_host = strdup_or_die("fuzz.example.org"); + fwd.gateway_port = 12345; + + fwd.type = SOCKS_4A; + socket = socks4_connect(&fwd, target_host, target_port, csp); + + if (JB_INVALID_SOCKET != socket) + { + fwd.type = SOCKS_5; + socket = socks5_connect(&fwd, target_host, target_port, csp); + } + + if (JB_INVALID_SOCKET == socket) + { + log_error(LOG_LEVEL_ERROR, "%s", csp->error_message); + return JB_ERR_PARSE; + } + + log_error(LOG_LEVEL_INFO, "Input looks like an acceptable socks response"); + + return JB_ERR_OK; + +} +#endif + /********************************************************************* * * Function : socks4_connect @@ -693,8 +799,8 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor. * *********************************************************************/ -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp) { @@ -793,13 +899,16 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->vn = 4; c->cd = 1; - c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); - c->dstport[1] = (unsigned char)((target_port ) & 0xff); - c->dstip[0] = (unsigned char)((web_server_addr >> 24 ) & 0xff); - c->dstip[1] = (unsigned char)((web_server_addr >> 16 ) & 0xff); - c->dstip[2] = (unsigned char)((web_server_addr >> 8 ) & 0xff); - c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); - + c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); + c->dstport[1] = (unsigned char)((target_port ) & 0xff); + c->dstip[0] = (unsigned char)((web_server_addr >> 24) & 0xff); + c->dstip[1] = (unsigned char)((web_server_addr >> 16) & 0xff); + c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); + c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); + +#ifdef FUZZ + sfd = 0; +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); @@ -808,6 +917,13 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, /* The error an its reason have already been logged by connect_to() */ return(JB_INVALID_SOCKET); } + else if (write_socket(sfd, (char *)c, csiz)) + { + errstr = "SOCKS4 negotiation write failed."; + log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); + err = 1; + close_socket(sfd); + } else if (!data_is_available(sfd, csp->config->socket_timeout)) { if (socket_is_still_alive(sfd)) @@ -822,14 +938,9 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, err = 1; close_socket(sfd); } - else if (write_socket(sfd, (char *)c, csiz)) - { - errstr = "SOCKS4 negotiation write failed."; - log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); - err = 1; - close_socket(sfd); - } - else if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) + else +#endif + if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) { errstr = "SOCKS4 negotiation read failed."; log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); @@ -901,7 +1012,7 @@ static const char *translate_socks5_error(int socks_error) case SOCKS5_REQUEST_NETWORK_UNREACHABLE: return "SOCKS5 network unreachable"; case SOCKS5_REQUEST_HOST_UNREACHABLE: - return "SOCKS5 host unreachable"; + return "SOCKS5 destination host unreachable"; case SOCKS5_REQUEST_CONNECTION_REFUSED: return "SOCKS5 connection refused"; case SOCKS5_REQUEST_TTL_EXPIRED: @@ -917,6 +1028,102 @@ static const char *translate_socks5_error(int socks_error) } } + +/********************************************************************* + * + * Function : convert_ipv4_address_to_bytes + * + * Description : Converts an IPv4 address from string to bytes. + * + * Parameters : + * 1 : address = The IPv4 address string to convert. + * 2 : buf = The buffer to write the bytes to. + * Must be at least four bytes long. + * + * Returns : JB_ERR_OK on success, JB_ERR_PARSE otherwise. + * + *********************************************************************/ +static jb_err convert_ipv4_address_to_bytes(const char *address, char *buf) +{ + int i; + const char *p = address; + + for (i = 0; i < 4; i++) + { + unsigned byte; + if (1 != sscanf(p, "%u", &byte)) + { + return JB_ERR_PARSE; + } + if (byte > 255) + { + return JB_ERR_PARSE; + } + buf[i] = (char)byte; + if (i < 3) + { + p = strstr(p, "."); + if (p == NULL) + { + return JB_ERR_PARSE; + } + p++; + } + } + + return JB_ERR_OK; + +} + + +/********************************************************************* + * + * Function : read_socks_reply + * + * Description : Read from a socket connected to a socks server. + * + * Parameters : + * 1 : sfd = file descriptor of the socket to read + * 2 : buf = pointer to buffer where data will be written + * Must be >= len bytes long. + * 3 : len = maximum number of bytes to read + * 4 : timeout = Number of seconds to wait. + * + * Returns : On success, the number of bytes read is returned (zero + * indicates end of file), and the file position is advanced + * by this number. It is not an error if this number is + * smaller than the number of bytes requested; this may hap- + * pen for example because fewer bytes are actually available + * right now (maybe because we were close to end-of-file, or + * because we are reading from a pipe, or from a terminal, + * or because read() was interrupted by a signal). On error, + * -1 is returned, and errno is set appropriately. In this + * case it is left unspecified whether the file position (if + * any) changes. + * + *********************************************************************/ +static int read_socks_reply(jb_socket sfd, char *buf, int len, int timeout) +{ + if (!data_is_available(sfd, timeout)) + { + if (socket_is_still_alive(sfd)) + { + log_error(LOG_LEVEL_ERROR, + "The socks connection timed out after %d seconds.", timeout); + } + else + { + log_error(LOG_LEVEL_ERROR, "The socks server hung " + "up the connection without sending a response."); + } + return -1; + } + + return read_socket(sfd, buf, len); + +} + + /********************************************************************* * * Function : socks5_connect @@ -941,9 +1148,13 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, int target_port, struct client_state *csp) { +#define SIZE_SOCKS5_REPLY_IPV4 10 +#define SIZE_SOCKS5_REPLY_IPV6 22 +#define SIZE_SOCKS5_REPLY_DOMAIN 300 +#define SOCKS5_REPLY_DIFFERENCE (SIZE_SOCKS5_REPLY_IPV6 - SIZE_SOCKS5_REPLY_IPV4) int err = 0; char cbuf[300]; - char sbuf[10]; + char sbuf[SIZE_SOCKS5_REPLY_DOMAIN]; size_t client_pos = 0; int server_size = 0; size_t hostlen = 0; @@ -975,7 +1186,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (fwd->type != SOCKS_5) + if ((fwd->type != SOCKS_5) && (fwd->type != SOCKS_5T)) { /* Should never get here */ log_error(LOG_LEVEL_FATAL, @@ -992,6 +1203,10 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } +#ifdef FUZZ + sfd = 0; + if (!err && read_socket(sfd, sbuf, 2) != 2) +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); @@ -1007,7 +1222,16 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, client_pos = 0; cbuf[client_pos++] = '\x05'; /* Version */ - cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ if (write_socket(sfd, cbuf, client_pos)) @@ -1018,21 +1242,9 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, close_socket(sfd); return(JB_INVALID_SOCKET); } - - if (!data_is_available(sfd, csp->config->socket_timeout)) - { - if (socket_is_still_alive(sfd)) - { - errstr = "SOCKS5 negotiation timed out"; - } - else - { - errstr = "SOCKS5 negotiation got aborted by the server"; - } - err = 1; - } - - if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + if (read_socks_reply(sfd, sbuf, sizeof(sbuf), + csp->config->socket_timeout) != 2) +#endif { errstr = "SOCKS5 negotiation read failed"; err = 1; @@ -1050,7 +1262,61 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (!err && (sbuf[1] != '\x00')) + if (!err && (sbuf[1] == '\x02')) + { + if (fwd->auth_username && fwd->auth_password) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + } + else + { + errstr = "SOCKS5 server requested authentication while " + "no credentials are configured"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socks_reply(sfd, sbuf, sizeof(sbuf), + csp->config->socket_timeout) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) { errstr = "SOCKS5 negotiation protocol error"; err = 1; @@ -1070,15 +1336,36 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = '\x05'; /* Version */ cbuf[client_pos++] = '\x01'; /* TCP connect */ cbuf[client_pos++] = '\x00'; /* Reserved, must be 0x00 */ - cbuf[client_pos++] = '\x03'; /* Address is domain name */ - cbuf[client_pos++] = (char)(hostlen & 0xffu); - assert(sizeof(cbuf) - client_pos > (size_t)255); - /* Using strncpy because we really want the nul byte padding. */ - strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos); - client_pos += (hostlen & 0xffu); + if (host_is_ip_address(target_host) && NULL == strstr(target_host, ":")) + { + cbuf[client_pos++] = '\x01'; /* Address is IPv4 address. */ + if (JB_ERR_OK != convert_ipv4_address_to_bytes(target_host, &cbuf[client_pos])) + { + errstr = "SOCKS5 error. Failed to convert target address to IP address"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + errno = EINVAL; + return(JB_INVALID_SOCKET); + } + client_pos += 4; + } + else + { + /* + * XXX: This branch is currently also used for IPv6 addresses + */ + cbuf[client_pos++] = '\x03'; /* Address is domain name. */ + cbuf[client_pos++] = (char)(hostlen & 0xffu); + assert(sizeof(cbuf) - client_pos > (size_t)255); + /* Using strncpy because we really want the nul byte padding. */ + strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos - 1); + client_pos += (hostlen & 0xffu); + } cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); +#ifndef FUZZ if (write_socket(sfd, cbuf, client_pos)) { errstr = "SOCKS5 negotiation write failed"; @@ -1089,8 +1376,61 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } - server_size = read_socket(sfd, sbuf, sizeof(sbuf)); - if (server_size != sizeof(sbuf)) + /* + * Optimistically send the HTTP request with the initial + * SOCKS request if the user enabled the use of Tor extensions, + * the CONNECT method isn't being used (in which case the client + * doesn't send data until it gets our 200 response) and the + * client request has actually been completely read already. + */ + if ((fwd->type == SOCKS_5T) && (csp->http->ssl == 0) + && (csp->flags & CSP_FLAG_CLIENT_REQUEST_COMPLETELY_READ)) + { + char *client_headers = list_to_text(csp->headers); + size_t header_length; + + if (client_headers == NULL) + { + log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers"); + } + list_remove_all(csp->headers); + header_length= strlen(client_headers); + + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %lu bytes of client headers intended for %s", + header_length, csp->http->hostport); + + if (write_socket(sfd, client_headers, header_length)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing header to: %s failed: %E", csp->http->hostport); + freez(client_headers); + return(JB_INVALID_SOCKET); + } + freez(client_headers); + if (csp->expected_client_content_length != 0) + { + unsigned long long buffered_request_bytes = + (unsigned long long)(csp->client_iob->eod - csp->client_iob->cur); + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %llu bytes of client body. Expected %llu", + csp->expected_client_content_length, buffered_request_bytes); + assert(csp->expected_client_content_length == buffered_request_bytes); + if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing %llu bytes of client body to: %s failed: %E", + buffered_request_bytes, csp->http->hostport); + return(JB_INVALID_SOCKET); + } + clear_iob(csp->client_iob); + } + } +#endif + + server_size = read_socks_reply(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4, + csp->config->socket_timeout); + if (server_size != SIZE_SOCKS5_REPLY_IPV4) { errstr = "SOCKS5 negotiation read failed"; } @@ -1110,13 +1450,59 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } else { - return(sfd); + if (sbuf[3] == '\x04') + { + /* + * The address field contains an IPv6 address + * which means we didn't get the whole reply + * yet. Read and discard the rest of it to make + * sure it isn't treated as HTTP data later on. + */ + server_size = read_socks_reply(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE, + csp->config->socket_timeout); + if (server_size != SOCKS5_REPLY_DIFFERENCE) + { + errstr = "SOCKS5 negotiation read failed (IPv6 address)"; + } + } + else if (sbuf[3] == '\x03') + { + /* + * The address field contains a domain name + * which means we didn't get the whole reply + * yet. Read and discard the rest of it to make + * sure it isn't treated as HTTP data later on. + */ + unsigned domain_length = (unsigned)sbuf[4]; + int bytes_left_to_read = 5 + (int)domain_length + 2 - SIZE_SOCKS5_REPLY_IPV4; + if (bytes_left_to_read <= 0 || sizeof(sbuf) < bytes_left_to_read) + { + errstr = "SOCKS5 negotiation read failed (Invalid domain length)"; + } + else + { + server_size = read_socks_reply(sfd, sbuf, bytes_left_to_read, + csp->config->socket_timeout); + if (server_size != bytes_left_to_read) + { + errstr = "SOCKS5 negotiation read failed (Domain name)"; + } + } + } + else if (sbuf[3] != '\x01') + { + errstr = "SOCKS5 reply contains unsupported address type"; + } + if (errstr == NULL) + { + return(sfd); + } } } assert(errstr != NULL); csp->error_message = strdup(errstr); - log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s: %N", errstr, server_size, sbuf); + log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); close_socket(sfd); errno = EINVAL;