X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=4207cb7c28ea7567de9ac84e2d3dc9a65d8de5aa;hp=5895b23a9ccf48d159c9da87728d79e2dfa46f68;hb=3cc55dad1b9d96de47176ea913ca32f6d6f70065;hpb=8383a7f4f1db4fa709339e7b324689b5ece8d633 diff --git a/gateway.c b/gateway.c index 5895b23a..4207cb7c 100644 --- a/gateway.c +++ b/gateway.c @@ -1,4 +1,3 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.101 2017/06/04 14:42:13 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ @@ -7,8 +6,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.101 2017/06/04 14:42:13 fabiankei * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2016 the - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2017 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -56,10 +55,6 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.101 2017/06/04 14:42:13 fabiankei #include #endif /* def __BEOS__ */ -#ifdef __OS2__ -#include -#endif /* def __OS2__ */ - #include "project.h" #include "jcc.h" #include "errlog.h" @@ -79,10 +74,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.101 2017/06/04 14:42:13 fabiankei #endif /* HAVE_POLL */ #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -const char gateway_h_rcs[] = GATEWAY_H_VERSION; - -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp); @@ -132,6 +125,9 @@ struct socks_reply { static const char socks_userid[] = "anonymous"; #ifdef FEATURE_CONNECTION_SHARING +#ifndef FEATURE_CONNECTION_KEEP_ALIVE +#error Using FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE is impossible +#endif #define MAX_REUSABLE_CONNECTIONS 100 @@ -221,6 +217,7 @@ void remember_connection(const struct reusable_connection *connection) return; } + assert(slot < SZ(reusable_connection)); assert(NULL != connection->host); reusable_connection[slot].host = strdup_or_die(connection->host); reusable_connection[slot].sfd = connection->sfd; @@ -428,7 +425,7 @@ int close_unusable_connections(void) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d timed out. " - "Closing socket %d. Timeout is: %d. Assumed latency: %d.", + "Closing socket %d. Timeout is: %d. Assumed latency: %ld.", reusable_connection[slot].host, reusable_connection[slot].port, slot, reusable_connection[slot].sfd, @@ -496,7 +493,7 @@ static jb_socket get_reusable_connection(const struct http_request *http, reusable_connection[slot].in_use = TRUE; sfd = reusable_connection[slot].sfd; log_error(LOG_LEVEL_CONNECT, - "Found reusable socket %d for %s:%d in slot %d. Timestamp made %d " + "Found reusable socket %d for %s:%d in slot %d. Timestamp made %ld " "seconds ago. Timeout: %d. Latency: %d. Requests served: %d", sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot, time(NULL) - reusable_connection[slot].timestamp, @@ -577,11 +574,11 @@ static int mark_connection_unused(const struct reusable_connection *connection) * Returns : JB_INVALID_SOCKET => failure, else it is the socket file descriptor. * *********************************************************************/ -jb_socket forwarded_connect(const struct forward_spec * fwd, +jb_socket forwarded_connect(const struct forward_spec *fwd, struct http_request *http, struct client_state *csp) { - const char * dest_host; + const char *dest_host; int dest_port; jb_socket sfd = JB_INVALID_SOCKET; @@ -644,7 +641,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, } -#ifdef FUZZ_SOCKS +#ifdef FUZZ /********************************************************************* * * Function : socks_fuzz @@ -712,8 +709,8 @@ extern jb_err socks_fuzz(struct client_state *csp) * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor. * *********************************************************************/ -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp) { @@ -819,7 +816,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); -#ifdef FUZZ_SOCKS +#ifdef FUZZ sfd = 0; #else /* pass the request to the socks server */ @@ -1020,7 +1017,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } -#ifdef FUZZ_SOCKS +#ifdef FUZZ sfd = 0; if (!err && read_socket(sfd, sbuf, 2) != 2) #else @@ -1039,7 +1036,16 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, client_pos = 0; cbuf[client_pos++] = '\x05'; /* Version */ - cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ if (write_socket(sfd, cbuf, client_pos)) @@ -1082,7 +1088,51 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (!err && (sbuf[1] != '\x00')) + if (!err && (sbuf[1] == '\x02')) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) { errstr = "SOCKS5 negotiation protocol error"; err = 1; @@ -1111,7 +1161,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); -#ifndef FUZZ_SOCKS +#ifndef FUZZ if (write_socket(sfd, cbuf, client_pos)) { errstr = "SOCKS5 negotiation write failed"; @@ -1143,7 +1193,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, header_length= strlen(client_headers); log_error(LOG_LEVEL_CONNECT, - "Optimistically sending %d bytes of client headers intended for %s", + "Optimistically sending %lu bytes of client headers intended for %s", header_length, csp->http->hostport); if (write_socket(sfd, client_headers, header_length))