X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=4207cb7c28ea7567de9ac84e2d3dc9a65d8de5aa;hp=a84ea5e70004701cfa8a016935be472da0b1100b;hb=3cc55dad1b9d96de47176ea913ca32f6d6f70065;hpb=4218c1d3050714d80816c43867b9e25a73cbf097 diff --git a/gateway.c b/gateway.c index a84ea5e7..4207cb7c 100644 --- a/gateway.c +++ b/gateway.c @@ -1,14 +1,13 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.18 2006/07/18 14:48:46 david__schmidt Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ * * Purpose : Contains functions to connect to a server, possibly * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 - * proxy). + * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2017 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -32,97 +31,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.18 2006/07/18 14:48:46 david__sch * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: gateway.c,v $ - * Revision 1.18 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.16 2002/05/12 21:36:29 jongfoster - * Correcting function comments - * - * Revision 1.15 2002/03/26 22:29:54 swa - * we have a new homepage! - * - * Revision 1.14 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.13 2002/03/13 00:29:59 jongfoster - * Killing warnings - * - * Revision 1.12 2002/03/09 20:03:52 jongfoster - * - Making various functions return int rather than size_t. - * (Undoing a recent change). Since size_t is unsigned on - * Windows, functions like read_socket that return -1 on - * error cannot return a size_t. - * - * THIS WAS A MAJOR BUG - it caused frequent, unpredictable - * crashes, and also frequently caused JB to jump to 100% - * CPU and stay there. (Because it thought it had just - * read ((unsigned)-1) == 4Gb of data...) - * - * - The signature of write_socket has changed, it now simply - * returns success=0/failure=nonzero. - * - * - Trying to get rid of a few warnings --with-debug on - * Windows, I've introduced a new type "jb_socket". This is - * used for the socket file descriptors. On Windows, this - * is SOCKET (a typedef for unsigned). Everywhere else, it's - * an int. The error value can't be -1 any more, so it's - * now JB_INVALID_SOCKET (which is -1 on UNIX, and in - * Windows it maps to the #define INVALID_SOCKET.) - * - * - The signature of bind_port has changed. - * - * Revision 1.11 2002/03/08 17:46:04 jongfoster - * Fixing int/size_t warnings - * - * Revision 1.10 2002/03/07 03:50:19 oes - * - Improved handling of failed DNS lookups - * - Fixed compiler warnings - * - * Revision 1.9 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.8 2001/09/13 20:10:12 jongfoster - * Fixing missing #include under Windows - * - * Revision 1.7 2001/09/12 17:58:26 steudten - * - * add #include - * - * Revision 1.6 2001/09/10 10:41:16 oes - * Added #include in.h - * - * Revision 1.5 2001/07/29 18:47:57 jongfoster - * Adding missing #include project.h - * - * Revision 1.4 2001/07/24 12:47:06 oes - * Applied BeOS support update by Eugenia - * - * Revision 1.3 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.2 2001/06/07 23:11:38 jongfoster - * Removing gateways[] list - no longer used. - * Replacing function pointer in struct gateway with a directly - * called function forwarded_connect(), which can do the common - * task of deciding whether to connect to the web server or HTTP - * proxy. - * Replacing struct gateway with struct forward_spec - * Fixing bug with SOCKS4A and HTTP proxy server in combination. - * It was a bug which led to the connection being made to the web - * server rather than the HTTP proxy, and also a buffer overrun. - * - * Revision 1.1.1.1 2001/05/15 13:58:54 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -135,6 +45,7 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.18 2006/07/18 14:48:46 david__sch #include #include +#include "assert.h" #ifdef _WIN32 #include @@ -144,28 +55,53 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.18 2006/07/18 14:48:46 david__sch #include #endif /* def __BEOS__ */ -#ifdef __OS2__ -#include -#endif /* def __OS2__ */ - #include "project.h" #include "jcc.h" #include "errlog.h" #include "jbsockets.h" #include "gateway.h" +#include "miscutil.h" +#include "list.h" +#include "parsers.h" -const char gateway_h_rcs[] = GATEWAY_H_VERSION; +#ifdef FEATURE_CONNECTION_KEEP_ALIVE +#ifdef HAVE_POLL +#ifdef __GLIBC__ +#include +#else +#include +#endif /* def __GLIBC__ */ +#endif /* HAVE_POLL */ +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp); +static jb_socket socks5_connect(const struct forward_spec *fwd, + const char *target_host, + int target_port, + struct client_state *csp); -#define SOCKS_REQUEST_GRANTED 90 -#define SOCKS_REQUEST_REJECT 91 -#define SOCKS_REQUEST_IDENT_FAILED 92 -#define SOCKS_REQUEST_IDENT_CONFLICT 93 +enum { + SOCKS4_REQUEST_GRANTED = 90, + SOCKS4_REQUEST_REJECT = 91, + SOCKS4_REQUEST_IDENT_FAILED = 92, + SOCKS4_REQUEST_IDENT_CONFLICT = 93 +}; + +enum { + SOCKS5_REQUEST_GRANTED = 0, + SOCKS5_REQUEST_FAILED = 1, + SOCKS5_REQUEST_DENIED = 2, + SOCKS5_REQUEST_NETWORK_UNREACHABLE = 3, + SOCKS5_REQUEST_HOST_UNREACHABLE = 4, + SOCKS5_REQUEST_CONNECTION_REFUSED = 5, + SOCKS5_REQUEST_TTL_EXPIRED = 6, + SOCKS5_REQUEST_PROTOCOL_ERROR = 7, + SOCKS5_REQUEST_BAD_ADDRESS_TYPE = 8 +}; /* structure of a socks client operation */ struct socks_op { @@ -173,7 +109,8 @@ struct socks_op { unsigned char cd; /* command code */ unsigned char dstport[2]; /* destination port */ unsigned char dstip[4]; /* destination address */ - unsigned char userid; /* first byte of userid */ + char userid; /* first byte of userid */ + char padding[3]; /* make sure sizeof(struct socks_op) is endian-independent. */ /* more bytes of the userid follow, terminated by a NULL */ }; @@ -187,6 +124,440 @@ struct socks_reply { static const char socks_userid[] = "anonymous"; +#ifdef FEATURE_CONNECTION_SHARING +#ifndef FEATURE_CONNECTION_KEEP_ALIVE +#error Using FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE is impossible +#endif + +#define MAX_REUSABLE_CONNECTIONS 100 + +static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS]; +static int mark_connection_unused(const struct reusable_connection *connection); + +/********************************************************************* + * + * Function : initialize_reusable_connections + * + * Description : Initializes the reusable_connection structures. + * Must be called with connection_reuse_mutex locked. + * + * Parameters : N/A + * + * Returns : void + * + *********************************************************************/ +extern void initialize_reusable_connections(void) +{ + unsigned int slot = 0; + +#if !defined(HAVE_POLL) && !defined(_WIN32) + log_error(LOG_LEVEL_INFO, + "Detecting already dead connections might not work " + "correctly on your platform. In case of problems, " + "unset the keep-alive-timeout option."); +#endif + + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + mark_connection_closed(&reusable_connection[slot]); + } + + log_error(LOG_LEVEL_CONNECT, "Initialized %d socket slots.", slot); +} + + +/********************************************************************* + * + * Function : remember_connection + * + * Description : Remembers a server connection for reuse later on. + * + * Parameters : + * 1 : connection = The server connection to remember. + * + * Returns : void + * + *********************************************************************/ +void remember_connection(const struct reusable_connection *connection) +{ + unsigned int slot = 0; + int free_slot_found = FALSE; + + assert(NULL != connection); + assert(connection->sfd != JB_INVALID_SOCKET); + + if (mark_connection_unused(connection)) + { + return; + } + + privoxy_mutex_lock(&connection_reuse_mutex); + + /* Find free socket slot. */ + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + if (reusable_connection[slot].sfd == JB_INVALID_SOCKET) + { + assert(reusable_connection[slot].in_use == 0); + log_error(LOG_LEVEL_CONNECT, + "Remembering socket %d for %s:%d in slot %d.", + connection->sfd, connection->host, connection->port, slot); + free_slot_found = TRUE; + break; + } + } + + if (!free_slot_found) + { + log_error(LOG_LEVEL_CONNECT, + "No free slots found to remember socket for %s:%d. Last slot %d.", + connection->host, connection->port, slot); + privoxy_mutex_unlock(&connection_reuse_mutex); + close_socket(connection->sfd); + return; + } + + assert(slot < SZ(reusable_connection)); + assert(NULL != connection->host); + reusable_connection[slot].host = strdup_or_die(connection->host); + reusable_connection[slot].sfd = connection->sfd; + reusable_connection[slot].port = connection->port; + reusable_connection[slot].in_use = 0; + reusable_connection[slot].timestamp = connection->timestamp; + reusable_connection[slot].request_sent = connection->request_sent; + reusable_connection[slot].response_received = connection->response_received; + reusable_connection[slot].keep_alive_timeout = connection->keep_alive_timeout; + reusable_connection[slot].requests_sent_total = connection->requests_sent_total; + + assert(reusable_connection[slot].gateway_host == NULL); + assert(reusable_connection[slot].gateway_port == 0); + assert(reusable_connection[slot].forwarder_type == SOCKS_NONE); + assert(reusable_connection[slot].forward_host == NULL); + assert(reusable_connection[slot].forward_port == 0); + + reusable_connection[slot].forwarder_type = connection->forwarder_type; + if (NULL != connection->gateway_host) + { + reusable_connection[slot].gateway_host = strdup_or_die(connection->gateway_host); + } + else + { + reusable_connection[slot].gateway_host = NULL; + } + reusable_connection[slot].gateway_port = connection->gateway_port; + + if (NULL != connection->forward_host) + { + reusable_connection[slot].forward_host = strdup_or_die(connection->forward_host); + } + else + { + reusable_connection[slot].forward_host = NULL; + } + reusable_connection[slot].forward_port = connection->forward_port; + + privoxy_mutex_unlock(&connection_reuse_mutex); +} +#endif /* def FEATURE_CONNECTION_SHARING */ + + +/********************************************************************* + * + * Function : mark_connection_closed + * + * Description : Marks a reused connection closed. + * + * Parameters : + * 1 : closed_connection = The connection to mark as closed. + * + * Returns : void + * + *********************************************************************/ +void mark_connection_closed(struct reusable_connection *closed_connection) +{ + closed_connection->in_use = FALSE; + closed_connection->sfd = JB_INVALID_SOCKET; + freez(closed_connection->host); + closed_connection->port = 0; + closed_connection->timestamp = 0; + closed_connection->request_sent = 0; + closed_connection->response_received = 0; + closed_connection->keep_alive_timeout = 0; + closed_connection->requests_sent_total = 0; + closed_connection->forwarder_type = SOCKS_NONE; + freez(closed_connection->gateway_host); + closed_connection->gateway_port = 0; + freez(closed_connection->forward_host); + closed_connection->forward_port = 0; +} + + +#ifdef FEATURE_CONNECTION_SHARING +/********************************************************************* + * + * Function : forget_connection + * + * Description : Removes a previously remembered connection from + * the list of reusable connections. + * + * Parameters : + * 1 : sfd = The socket belonging to the connection in question. + * + * Returns : void + * + *********************************************************************/ +void forget_connection(jb_socket sfd) +{ + unsigned int slot = 0; + + assert(sfd != JB_INVALID_SOCKET); + + privoxy_mutex_lock(&connection_reuse_mutex); + + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + if (reusable_connection[slot].sfd == sfd) + { + assert(reusable_connection[slot].in_use); + + log_error(LOG_LEVEL_CONNECT, + "Forgetting socket %d for %s:%d in slot %d.", + sfd, reusable_connection[slot].host, + reusable_connection[slot].port, slot); + mark_connection_closed(&reusable_connection[slot]); + break; + } + } + + privoxy_mutex_unlock(&connection_reuse_mutex); + +} +#endif /* def FEATURE_CONNECTION_SHARING */ + + +#ifdef FEATURE_CONNECTION_KEEP_ALIVE +/********************************************************************* + * + * Function : connection_destination_matches + * + * Description : Determines whether a remembered connection can + * be reused. That is, whether the destination and + * the forwarding settings match. + * + * Parameters : + * 1 : connection = The connection to check. + * 2 : http = The destination for the connection. + * 3 : fwd = The forwarder settings. + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +int connection_destination_matches(const struct reusable_connection *connection, + const struct http_request *http, + const struct forward_spec *fwd) +{ + if ((connection->forwarder_type != fwd->type) + || (connection->gateway_port != fwd->gateway_port) + || (connection->forward_port != fwd->forward_port) + || (connection->port != http->port)) + { + return FALSE; + } + + if (( (NULL != connection->gateway_host) + && (NULL != fwd->gateway_host) + && strcmpic(connection->gateway_host, fwd->gateway_host)) + && (connection->gateway_host != fwd->gateway_host)) + { + log_error(LOG_LEVEL_CONNECT, + "Gateway mismatch. Previous gateway: %s. Current gateway: %s", + connection->gateway_host, fwd->gateway_host); + return FALSE; + } + + if (( (NULL != connection->forward_host) + && (NULL != fwd->forward_host) + && strcmpic(connection->forward_host, fwd->forward_host)) + && (connection->forward_host != fwd->forward_host)) + { + log_error(LOG_LEVEL_CONNECT, + "Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s", + connection->forward_host, fwd->forward_host); + return FALSE; + } + + return (!strcmpic(connection->host, http->host)); + +} +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ + + +#ifdef FEATURE_CONNECTION_SHARING +/********************************************************************* + * + * Function : close_unusable_connections + * + * Description : Closes remembered connections that have timed + * out or have been closed on the other side. + * + * Parameters : none + * + * Returns : Number of connections that are still alive. + * + *********************************************************************/ +int close_unusable_connections(void) +{ + unsigned int slot = 0; + int connections_alive = 0; + + privoxy_mutex_lock(&connection_reuse_mutex); + + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + if (!reusable_connection[slot].in_use + && (JB_INVALID_SOCKET != reusable_connection[slot].sfd)) + { + time_t time_open = time(NULL) - reusable_connection[slot].timestamp; + time_t latency = (reusable_connection[slot].response_received - + reusable_connection[slot].request_sent) / 2; + + if (reusable_connection[slot].keep_alive_timeout < time_open + latency) + { + log_error(LOG_LEVEL_CONNECT, + "The connection to %s:%d in slot %d timed out. " + "Closing socket %d. Timeout is: %d. Assumed latency: %ld.", + reusable_connection[slot].host, + reusable_connection[slot].port, slot, + reusable_connection[slot].sfd, + reusable_connection[slot].keep_alive_timeout, + latency); + close_socket(reusable_connection[slot].sfd); + mark_connection_closed(&reusable_connection[slot]); + } + else if (!socket_is_still_alive(reusable_connection[slot].sfd)) + { + log_error(LOG_LEVEL_CONNECT, + "The connection to %s:%d in slot %d is no longer usable. " + "Closing socket %d.", reusable_connection[slot].host, + reusable_connection[slot].port, slot, + reusable_connection[slot].sfd); + close_socket(reusable_connection[slot].sfd); + mark_connection_closed(&reusable_connection[slot]); + } + else + { + connections_alive++; + } + } + } + + privoxy_mutex_unlock(&connection_reuse_mutex); + + return connections_alive; + +} + + +/********************************************************************* + * + * Function : get_reusable_connection + * + * Description : Returns an open socket to a previously remembered + * open connection (if there is one). + * + * Parameters : + * 1 : http = The destination for the connection. + * 2 : fwd = The forwarder settings. + * + * Returns : JB_INVALID_SOCKET => No reusable connection found, + * otherwise a usable socket. + * + *********************************************************************/ +static jb_socket get_reusable_connection(const struct http_request *http, + const struct forward_spec *fwd) +{ + jb_socket sfd = JB_INVALID_SOCKET; + unsigned int slot = 0; + + close_unusable_connections(); + + privoxy_mutex_lock(&connection_reuse_mutex); + + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + if (!reusable_connection[slot].in_use + && (JB_INVALID_SOCKET != reusable_connection[slot].sfd)) + { + if (connection_destination_matches(&reusable_connection[slot], http, fwd)) + { + reusable_connection[slot].in_use = TRUE; + sfd = reusable_connection[slot].sfd; + log_error(LOG_LEVEL_CONNECT, + "Found reusable socket %d for %s:%d in slot %d. Timestamp made %ld " + "seconds ago. Timeout: %d. Latency: %d. Requests served: %d", + sfd, reusable_connection[slot].host, reusable_connection[slot].port, + slot, time(NULL) - reusable_connection[slot].timestamp, + reusable_connection[slot].keep_alive_timeout, + (int)(reusable_connection[slot].response_received - + reusable_connection[slot].request_sent), + reusable_connection[slot].requests_sent_total); + break; + } + } + } + + privoxy_mutex_unlock(&connection_reuse_mutex); + + return sfd; + +} + + +/********************************************************************* + * + * Function : mark_connection_unused + * + * Description : Gives a remembered connection free for reuse. + * + * Parameters : + * 1 : connection = The connection in question. + * + * Returns : TRUE => Socket found and marked as unused. + * FALSE => Socket not found. + * + *********************************************************************/ +static int mark_connection_unused(const struct reusable_connection *connection) +{ + unsigned int slot = 0; + int socket_found = FALSE; + + assert(connection->sfd != JB_INVALID_SOCKET); + + privoxy_mutex_lock(&connection_reuse_mutex); + + for (slot = 0; slot < SZ(reusable_connection); slot++) + { + if (reusable_connection[slot].sfd == connection->sfd) + { + assert(reusable_connection[slot].in_use); + socket_found = TRUE; + log_error(LOG_LEVEL_CONNECT, + "Marking open socket %d for %s:%d in slot %d as unused.", + connection->sfd, reusable_connection[slot].host, + reusable_connection[slot].port, slot); + reusable_connection[slot].in_use = 0; + reusable_connection[slot].timestamp = connection->timestamp; + break; + } + } + + privoxy_mutex_unlock(&connection_reuse_mutex); + + return socket_found; + +} +#endif /* def FEATURE_CONNECTION_SHARING */ + /********************************************************************* * @@ -203,12 +574,25 @@ static const char socks_userid[] = "anonymous"; * Returns : JB_INVALID_SOCKET => failure, else it is the socket file descriptor. * *********************************************************************/ -jb_socket forwarded_connect(const struct forward_spec * fwd, +jb_socket forwarded_connect(const struct forward_spec *fwd, struct http_request *http, struct client_state *csp) { - const char * dest_host; + const char *dest_host; int dest_port; + jb_socket sfd = JB_INVALID_SOCKET; + +#ifdef FEATURE_CONNECTION_SHARING + if ((csp->config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING) + && !(csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)) + { + sfd = get_reusable_connection(http, fwd); + if (JB_INVALID_SOCKET != sfd) + { + return sfd; + } + } +#endif /* def FEATURE_CONNECTION_SHARING */ /* Figure out if we need to connect to the web server or a HTTP proxy. */ if (fwd->forward_host) @@ -228,21 +612,80 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, switch (fwd->type) { case SOCKS_NONE: - return (connect_to(dest_host, dest_port, csp)); - + case FORWARD_WEBSERVER: + sfd = connect_to(dest_host, dest_port, csp); + break; case SOCKS_4: case SOCKS_4A: - return (socks4_connect(fwd, dest_host, dest_port, csp)); - + sfd = socks4_connect(fwd, dest_host, dest_port, csp); + break; + case SOCKS_5: + case SOCKS_5T: + sfd = socks5_connect(fwd, dest_host, dest_port, csp); + break; default: /* Should never get here */ - log_error(LOG_LEVEL_FATAL, "SOCKS4 impossible internal error - bad SOCKS type."); - errno = EINVAL; - return(JB_INVALID_SOCKET); + log_error(LOG_LEVEL_FATAL, + "Internal error in forwarded_connect(). Bad proxy type: %d", fwd->type); } + + if (JB_INVALID_SOCKET != sfd) + { + log_error(LOG_LEVEL_CONNECT, + "Created new connection to %s:%d on socket %d.", + http->host, http->port, sfd); + } + + return sfd; + } +#ifdef FUZZ +/********************************************************************* + * + * Function : socks_fuzz + * + * Description : Wrapper around socks[45]_connect() used for fuzzing. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_ERR_OK or JB_ERR_PARSE + * + *********************************************************************/ +extern jb_err socks_fuzz(struct client_state *csp) +{ + jb_socket socket; + static struct forward_spec fwd; + char target_host[] = "fuzz.example.org"; + int target_port = 12345; + + fwd.gateway_host = strdup_or_die("fuzz.example.org"); + fwd.gateway_port = 12345; + + fwd.type = SOCKS_4A; + socket = socks4_connect(&fwd, target_host, target_port, csp); + + if (JB_INVALID_SOCKET != socket) + { + fwd.type = SOCKS_5; + socket = socks5_connect(&fwd, target_host, target_port, csp); + } + + if (JB_INVALID_SOCKET == socket) + { + log_error(LOG_LEVEL_ERROR, "%s", csp->error_message); + return JB_ERR_PARSE; + } + + log_error(LOG_LEVEL_INFO, "Input looks like an acceptable socks response"); + + return JB_ERR_OK; + +} +#endif + /********************************************************************* * * Function : socks4_connect @@ -266,16 +709,15 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor. * *********************************************************************/ -static jb_socket socks4_connect(const struct forward_spec * fwd, - const char * target_host, +static jb_socket socks4_connect(const struct forward_spec *fwd, + const char *target_host, int target_port, struct client_state *csp) { - int web_server_addr; - char cbuf[BUFFER_SIZE]; - char sbuf[BUFFER_SIZE]; - struct socks_op *c = (struct socks_op *)cbuf; - struct socks_reply *s = (struct socks_reply *)sbuf; + unsigned long web_server_addr; + char buf[BUFFER_SIZE]; + struct socks_op *c = (struct socks_op *)buf; + struct socks_reply *s = (struct socks_reply *)buf; size_t n; size_t csiz; jb_socket sfd; @@ -298,32 +740,36 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); errno = EINVAL; return(JB_INVALID_SOCKET); } /* build a socks request for connection to the web server */ - strcpy((char *)&(c->userid), socks_userid); + strlcpy(&(c->userid), socks_userid, sizeof(buf) - sizeof(struct socks_op)); - csiz = sizeof(*c) + sizeof(socks_userid) - 1; + csiz = sizeof(*c) + sizeof(socks_userid) - sizeof(c->userid) - sizeof(c->padding); switch (fwd->type) { case SOCKS_4: - web_server_addr = htonl(resolve_hostname_to_ip(target_host)); + web_server_addr = resolve_hostname_to_ip(target_host); if (web_server_addr == INADDR_NONE) { errstr = "could not resolve target host"; log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s %s", errstr, target_host); err = 1; } + else + { + web_server_addr = htonl(web_server_addr); + } break; case SOCKS_4A: web_server_addr = 0x00000001; n = csiz + strlen(target_host) + 1; - if (n > sizeof(cbuf)) + if (n > sizeof(buf)) { errno = EINVAL; errstr = "buffer cbuf too small."; @@ -332,7 +778,18 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, } else { - strcpy(cbuf + csiz, target_host); + strlcpy(buf + csiz, target_host, sizeof(buf) - sizeof(struct socks_op) - csiz); + /* + * What we forward to the socks4a server should have the + * size of socks_op, plus the length of the userid plus + * its \0 byte (which we don't have to add because the + * first byte of the userid is counted twice as it's also + * part of sock_op) minus the padding bytes (which are part + * of the userid as well), plus the length of the target_host + * (which is stored csiz bytes after the beginning of the buffer), + * plus another \0 byte. + */ + assert(n == sizeof(struct socks_op) + strlen(&(c->userid)) - sizeof(c->padding) + strlen(buf + csiz) + 1); csiz = n; } break; @@ -341,6 +798,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, log_error(LOG_LEVEL_FATAL, "socks4_connect: SOCKS4 impossible internal error - bad SOCKS type."); /* Not reached */ + return(JB_INVALID_SOCKET); } if (err) @@ -351,25 +809,23 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->vn = 4; c->cd = 1; - /* XXX: these casts surpress gcc43 warnings, but are they correct? */ - c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); - c->dstport[1] = (unsigned char)((target_port ) & 0xff); - c->dstip[0] = (unsigned char)((web_server_addr >> 24 ) & 0xff); - c->dstip[1] = (unsigned char)((web_server_addr >> 16 ) & 0xff); - c->dstip[2] = (unsigned char)((web_server_addr >> 8 ) & 0xff); - c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); + c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); + c->dstport[1] = (unsigned char)((target_port ) & 0xff); + c->dstip[0] = (unsigned char)((web_server_addr >> 24) & 0xff); + c->dstip[1] = (unsigned char)((web_server_addr >> 16) & 0xff); + c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); + c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); +#ifdef FUZZ + sfd = 0; +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); if (sfd == JB_INVALID_SOCKET) { - /* - * XXX: connect_to could fill in the exact reason. - * Most likely resolving the IP of the forwarder failed. - */ - errstr = "connect_to failed: see logfile for details"; - err = 1; + /* The error an its reason have already been logged by connect_to() */ + return(JB_INVALID_SOCKET); } else if (write_socket(sfd, (char *)c, csiz)) { @@ -378,7 +834,23 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, err = 1; close_socket(sfd); } - else if (read_socket(sfd, sbuf, sizeof(sbuf)) != sizeof(*s)) + else if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS4 negotiation timed out"; + } + else + { + errstr = "SOCKS4 negotiation got aborted by the server"; + } + log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); + err = 1; + close_socket(sfd); + } + else +#endif + if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) { errstr = "SOCKS4 negotiation read failed."; log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); @@ -388,25 +860,24 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); return(JB_INVALID_SOCKET); } switch (s->cd) { - case SOCKS_REQUEST_GRANTED: + case SOCKS4_REQUEST_GRANTED: return(sfd); - break; - case SOCKS_REQUEST_REJECT: + case SOCKS4_REQUEST_REJECT: errstr = "SOCKS request rejected or failed."; errno = EINVAL; break; - case SOCKS_REQUEST_IDENT_FAILED: + case SOCKS4_REQUEST_IDENT_FAILED: errstr = "SOCKS request rejected because " "SOCKS server cannot connect to identd on the client."; errno = EACCES; break; - case SOCKS_REQUEST_IDENT_CONFLICT: + case SOCKS4_REQUEST_IDENT_CONFLICT: errstr = "SOCKS request rejected because " "the client program and identd report " "different user-ids."; @@ -414,9 +885,9 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, break; default: errno = ENOENT; - snprintf(cbuf, sizeof(cbuf), - "SOCKS request rejected for reason code %d.", s->cd); - errstr = cbuf; + snprintf(buf, sizeof(buf), + "SOCKS request rejected for reason code %d.", s->cd); + errstr = buf; } log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); @@ -427,6 +898,387 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, } +/********************************************************************* + * + * Function : translate_socks5_error + * + * Description : Translates a SOCKS errors to a string. + * + * Parameters : + * 1 : socks_error = The error code to translate. + * + * Returns : The string translation. + * + *********************************************************************/ +static const char *translate_socks5_error(int socks_error) +{ + switch (socks_error) + { + /* XXX: these should be more descriptive */ + case SOCKS5_REQUEST_FAILED: + return "SOCKS5 request failed"; + case SOCKS5_REQUEST_DENIED: + return "SOCKS5 request denied"; + case SOCKS5_REQUEST_NETWORK_UNREACHABLE: + return "SOCKS5 network unreachable"; + case SOCKS5_REQUEST_HOST_UNREACHABLE: + return "SOCKS5 destination host unreachable"; + case SOCKS5_REQUEST_CONNECTION_REFUSED: + return "SOCKS5 connection refused"; + case SOCKS5_REQUEST_TTL_EXPIRED: + return "SOCKS5 TTL expired"; + case SOCKS5_REQUEST_PROTOCOL_ERROR: + return "SOCKS5 client protocol error"; + case SOCKS5_REQUEST_BAD_ADDRESS_TYPE: + return "SOCKS5 domain names unsupported"; + case SOCKS5_REQUEST_GRANTED: + return "everything's peachy"; + default: + return "SOCKS5 negotiation protocol error"; + } +} + + +/********************************************************************* + * + * Function : socks5_connect + * + * Description : Connect to the SOCKS server, and connect through + * it to the specified server. This handles + * all the SOCKS negotiation, and returns a file + * descriptor for a socket which can be treated as a + * normal (non-SOCKS) socket. + * + * Parameters : + * 1 : fwd = Specifies the SOCKS proxy to use. + * 2 : target_host = The final server to connect to. + * 3 : target_port = The final port to connect to. + * 4 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor. + * + *********************************************************************/ +static jb_socket socks5_connect(const struct forward_spec *fwd, + const char *target_host, + int target_port, + struct client_state *csp) +{ +#define SIZE_SOCKS5_REPLY_IPV4 10 +#define SIZE_SOCKS5_REPLY_IPV6 22 +#define SOCKS5_REPLY_DIFFERENCE (SIZE_SOCKS5_REPLY_IPV6 - SIZE_SOCKS5_REPLY_IPV4) + int err = 0; + char cbuf[300]; + char sbuf[SIZE_SOCKS5_REPLY_IPV6]; + size_t client_pos = 0; + int server_size = 0; + size_t hostlen = 0; + jb_socket sfd; + const char *errstr = NULL; + + assert(fwd->gateway_host); + if ((fwd->gateway_host == NULL) || (*fwd->gateway_host == '\0')) + { + errstr = "NULL gateway host specified"; + err = 1; + } + + if (fwd->gateway_port <= 0) + { + /* + * XXX: currently this can't happen because in + * case of invalid gateway ports we use the defaults. + * Of course we really shouldn't do that. + */ + errstr = "invalid gateway port specified"; + err = 1; + } + + hostlen = strlen(target_host); + if (hostlen > (size_t)255) + { + errstr = "target host name is longer than 255 characters"; + err = 1; + } + + if ((fwd->type != SOCKS_5) && (fwd->type != SOCKS_5T)) + { + /* Should never get here */ + log_error(LOG_LEVEL_FATAL, + "SOCKS5 impossible internal error - bad SOCKS type"); + err = 1; + } + + if (err) + { + errno = EINVAL; + assert(errstr != NULL); + log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + csp->error_message = strdup(errstr); + return(JB_INVALID_SOCKET); + } + +#ifdef FUZZ + sfd = 0; + if (!err && read_socket(sfd, sbuf, 2) != 2) +#else + /* pass the request to the socks server */ + sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); + + if (sfd == JB_INVALID_SOCKET) + { + errstr = "socks5 server unreachable"; + log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + /* Free the generic error message provided by connect_to() */ + freez(csp->error_message); + csp->error_message = strdup(errstr); + return(JB_INVALID_SOCKET); + } + + client_pos = 0; + cbuf[client_pos++] = '\x05'; /* Version */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } + cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS5 negotiation timed out"; + } + else + { + errstr = "SOCKS5 negotiation got aborted by the server"; + } + err = 1; + } + + if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2) +#endif + { + errstr = "SOCKS5 negotiation read failed"; + err = 1; + } + + if (!err && (sbuf[0] != '\x05')) + { + errstr = "SOCKS5 negotiation protocol version error"; + err = 1; + } + + if (!err && (sbuf[1] == '\xff')) + { + errstr = "SOCKS5 authentication required"; + err = 1; + } + + if (!err && (sbuf[1] == '\x02')) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 negotiation protocol error"; + err = 1; + } + + if (err) + { + assert(errstr != NULL); + log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + csp->error_message = strdup(errstr); + close_socket(sfd); + errno = EINVAL; + return(JB_INVALID_SOCKET); + } + + client_pos = 0; + cbuf[client_pos++] = '\x05'; /* Version */ + cbuf[client_pos++] = '\x01'; /* TCP connect */ + cbuf[client_pos++] = '\x00'; /* Reserved, must be 0x00 */ + cbuf[client_pos++] = '\x03'; /* Address is domain name */ + cbuf[client_pos++] = (char)(hostlen & 0xffu); + assert(sizeof(cbuf) - client_pos > (size_t)255); + /* Using strncpy because we really want the nul byte padding. */ + strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos); + client_pos += (hostlen & 0xffu); + cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); + cbuf[client_pos++] = (char)((target_port ) & 0xff); + +#ifndef FUZZ + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + errno = EINVAL; + return(JB_INVALID_SOCKET); + } + + /* + * Optimistically send the HTTP request with the initial + * SOCKS request if the user enabled the use of Tor extensions, + * the CONNECT method isn't being used (in which case the client + * doesn't send data until it gets our 200 response) and the + * client request has actually been completely read already. + */ + if ((fwd->type == SOCKS_5T) && (csp->http->ssl == 0) + && (csp->flags & CSP_FLAG_CLIENT_REQUEST_COMPLETELY_READ)) + { + char *client_headers = list_to_text(csp->headers); + size_t header_length; + + if (client_headers == NULL) + { + log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers"); + } + list_remove_all(csp->headers); + header_length= strlen(client_headers); + + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %lu bytes of client headers intended for %s", + header_length, csp->http->hostport); + + if (write_socket(sfd, client_headers, header_length)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing header to: %s failed: %E", csp->http->hostport); + freez(client_headers); + return(JB_INVALID_SOCKET); + } + freez(client_headers); + if (csp->expected_client_content_length != 0) + { + unsigned long long buffered_request_bytes = + (unsigned long long)(csp->client_iob->eod - csp->client_iob->cur); + log_error(LOG_LEVEL_CONNECT, + "Optimistically sending %llu bytes of client body. Expected %llu", + csp->expected_client_content_length, buffered_request_bytes); + assert(csp->expected_client_content_length == buffered_request_bytes); + if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes)) + { + log_error(LOG_LEVEL_CONNECT, + "optimistically writing %llu bytes of client body to: %s failed: %E", + buffered_request_bytes, csp->http->hostport); + return(JB_INVALID_SOCKET); + } + clear_iob(csp->client_iob); + } + } +#endif + + server_size = read_socket(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4); + if (server_size != SIZE_SOCKS5_REPLY_IPV4) + { + errstr = "SOCKS5 negotiation read failed"; + } + else + { + if (sbuf[0] != '\x05') + { + errstr = "SOCKS5 negotiation protocol version error"; + } + else if (sbuf[2] != '\x00') + { + errstr = "SOCKS5 negotiation protocol error"; + } + else if (sbuf[1] != SOCKS5_REQUEST_GRANTED) + { + errstr = translate_socks5_error(sbuf[1]); + } + else + { + if (sbuf[3] == '\x04') + { + /* + * The address field contains an IPv6 address + * which means we didn't get the whole reply + * yet. Read and discard the rest of it to make + * sure it isn't treated as HTTP data later on. + */ + server_size = read_socket(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE); + if (server_size != SOCKS5_REPLY_DIFFERENCE) + { + errstr = "SOCKS5 negotiation read failed (IPv6 address)"; + } + } + else if (sbuf[3] != '\x01') + { + errstr = "SOCKS5 reply contains unsupported address type"; + } + if (errstr == NULL) + { + return(sfd); + } + } + } + + assert(errstr != NULL); + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + close_socket(sfd); + errno = EINVAL; + + return(JB_INVALID_SOCKET); + +} /* Local Variables: