X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=64ba52364dd1010a93ece0b915bd909b106fde5b;hp=22efba5e65f12c60bc6a94486ec112cfae44e9e4;hb=326d2da979c442da79590d388cbfca249f55a103;hpb=d51ecc85d592ae919c8d114cd8c1eb82107d99c7 diff --git a/gateway.c b/gateway.c index 22efba5e..64ba5236 100644 --- a/gateway.c +++ b/gateway.c @@ -1,4 +1,3 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.95 2015/08/12 10:37:11 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ @@ -7,8 +6,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.95 2015/08/12 10:37:11 fabiankeil * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2009 the - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2017 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -79,8 +78,6 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.95 2015/08/12 10:37:11 fabiankeil #endif /* HAVE_POLL */ #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -const char gateway_h_rcs[] = GATEWAY_H_VERSION; - static jb_socket socks4_connect(const struct forward_spec * fwd, const char * target_host, int target_port, @@ -134,7 +131,6 @@ static const char socks_userid[] = "anonymous"; #ifdef FEATURE_CONNECTION_SHARING #define MAX_REUSABLE_CONNECTIONS 100 -static unsigned int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS]; static int mark_connection_unused(const struct reusable_connection *connection); @@ -222,6 +218,7 @@ void remember_connection(const struct reusable_connection *connection) return; } + assert(slot < SZ(reusable_connection)); assert(NULL != connection->host); reusable_connection[slot].host = strdup_or_die(connection->host); reusable_connection[slot].sfd = connection->sfd; @@ -560,25 +557,6 @@ static int mark_connection_unused(const struct reusable_connection *connection) return socket_found; } - - -/********************************************************************* - * - * Function : set_keep_alive_timeout - * - * Description : Sets the timeout after which open - * connections will no longer be reused. - * - * Parameters : - * 1 : timeout = The timeout in seconds. - * - * Returns : void - * - *********************************************************************/ -void set_keep_alive_timeout(unsigned int timeout) -{ - keep_alive_timeout = timeout; -} #endif /* def FEATURE_CONNECTION_SHARING */ @@ -664,6 +642,51 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, } +#ifdef FUZZ +/********************************************************************* + * + * Function : socks_fuzz + * + * Description : Wrapper around socks[45]_connect() used for fuzzing. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_ERR_OK or JB_ERR_PARSE + * + *********************************************************************/ +extern jb_err socks_fuzz(struct client_state *csp) +{ + jb_socket socket; + static struct forward_spec fwd; + char target_host[] = "fuzz.example.org"; + int target_port = 12345; + + fwd.gateway_host = strdup_or_die("fuzz.example.org"); + fwd.gateway_port = 12345; + + fwd.type = SOCKS_4A; + socket = socks4_connect(&fwd, target_host, target_port, csp); + + if (JB_INVALID_SOCKET != socket) + { + fwd.type = SOCKS_5; + socket = socks5_connect(&fwd, target_host, target_port, csp); + } + + if (JB_INVALID_SOCKET == socket) + { + log_error(LOG_LEVEL_ERROR, "%s", csp->error_message); + return JB_ERR_PARSE; + } + + log_error(LOG_LEVEL_INFO, "Input looks like an acceptable socks response"); + + return JB_ERR_OK; + +} +#endif + /********************************************************************* * * Function : socks4_connect @@ -794,6 +817,9 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); +#ifdef FUZZ + sfd = 0; +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); @@ -823,7 +849,9 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, err = 1; close_socket(sfd); } - else if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) + else +#endif + if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) { errstr = "SOCKS4 negotiation read failed."; log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); @@ -911,6 +939,7 @@ static const char *translate_socks5_error(int socks_error) } } + /********************************************************************* * * Function : socks5_connect @@ -935,9 +964,12 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, int target_port, struct client_state *csp) { +#define SIZE_SOCKS5_REPLY_IPV4 10 +#define SIZE_SOCKS5_REPLY_IPV6 22 +#define SOCKS5_REPLY_DIFFERENCE (SIZE_SOCKS5_REPLY_IPV6 - SIZE_SOCKS5_REPLY_IPV4) int err = 0; char cbuf[300]; - char sbuf[10]; + char sbuf[SIZE_SOCKS5_REPLY_IPV6]; size_t client_pos = 0; int server_size = 0; size_t hostlen = 0; @@ -986,6 +1018,10 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } +#ifdef FUZZ + sfd = 0; + if (!err && read_socket(sfd, sbuf, 2) != 2) +#else /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); @@ -1001,7 +1037,16 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, client_pos = 0; cbuf[client_pos++] = '\x05'; /* Version */ - cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ if (write_socket(sfd, cbuf, client_pos)) @@ -1012,7 +1057,6 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, close_socket(sfd); return(JB_INVALID_SOCKET); } - if (!data_is_available(sfd, csp->config->socket_timeout)) { if (socket_is_still_alive(sfd)) @@ -1027,6 +1071,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2) +#endif { errstr = "SOCKS5 negotiation read failed"; err = 1; @@ -1044,7 +1089,51 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (!err && (sbuf[1] != '\x00')) + if (!err && (sbuf[1] == '\x02')) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) { errstr = "SOCKS5 negotiation protocol error"; err = 1; @@ -1073,6 +1162,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); +#ifndef FUZZ if (write_socket(sfd, cbuf, client_pos)) { errstr = "SOCKS5 negotiation write failed"; @@ -1120,22 +1210,23 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, unsigned long long buffered_request_bytes = (unsigned long long)(csp->client_iob->eod - csp->client_iob->cur); log_error(LOG_LEVEL_CONNECT, - "Optimistically sending %d bytes of client body. Expected %d", + "Optimistically sending %llu bytes of client body. Expected %llu", csp->expected_client_content_length, buffered_request_bytes); assert(csp->expected_client_content_length == buffered_request_bytes); if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes)) { log_error(LOG_LEVEL_CONNECT, - "optimistically writing %d bytes of client body to: %s failed: %E", + "optimistically writing %llu bytes of client body to: %s failed: %E", buffered_request_bytes, csp->http->hostport); return(JB_INVALID_SOCKET); } clear_iob(csp->client_iob); } } +#endif - server_size = read_socket(sfd, sbuf, sizeof(sbuf)); - if (server_size != sizeof(sbuf)) + server_size = read_socket(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4); + if (server_size != SIZE_SOCKS5_REPLY_IPV4) { errstr = "SOCKS5 negotiation read failed"; } @@ -1155,7 +1246,28 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } else { - return(sfd); + if (sbuf[3] == '\x04') + { + /* + * The address field contains an IPv6 address + * which means we didn't get the whole reply + * yet. Read and discard the rest of it to make + * sure it isn't treated as HTTP data later on. + */ + server_size = read_socket(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE); + if (server_size != SOCKS5_REPLY_DIFFERENCE) + { + errstr = "SOCKS5 negotiation read failed (IPv6 address)"; + } + } + else if (sbuf[3] != '\x01') + { + errstr = "SOCKS5 reply contains unsupported address type"; + } + if (errstr == NULL) + { + return(sfd); + } } }