X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=64ba52364dd1010a93ece0b915bd909b106fde5b;hp=fd3d33c6c5da2f1c15d1954d08ba3633d34c0d81;hb=326d2da979c442da79590d388cbfca249f55a103;hpb=83acee61d2f7e4a3c2e6e9e6b582849867d2324e diff --git a/gateway.c b/gateway.c index fd3d33c6..64ba5236 100644 --- a/gateway.c +++ b/gateway.c @@ -1,4 +1,3 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.103 2017/07/01 18:34:07 ler762 Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ @@ -8,7 +7,7 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.103 2017/07/01 18:34:07 ler762 Ex * or SOCKS5 proxy). * * Copyright : Written by and Copyright (C) 2001-2017 the - * Privoxy team. http://www.privoxy.org/ + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -79,8 +78,6 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.103 2017/07/01 18:34:07 ler762 Ex #endif /* HAVE_POLL */ #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -const char gateway_h_rcs[] = GATEWAY_H_VERSION; - static jb_socket socks4_connect(const struct forward_spec * fwd, const char * target_host, int target_port, @@ -221,6 +218,7 @@ void remember_connection(const struct reusable_connection *connection) return; } + assert(slot < SZ(reusable_connection)); assert(NULL != connection->host); reusable_connection[slot].host = strdup_or_die(connection->host); reusable_connection[slot].sfd = connection->sfd; @@ -1039,7 +1037,16 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, client_pos = 0; cbuf[client_pos++] = '\x05'; /* Version */ - cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + + if (fwd->auth_username && fwd->auth_password) + { + cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */ + cbuf[client_pos++] = '\x02'; /* Username/password */ + } + else + { + cbuf[client_pos++] = '\x01'; /* One authentication method supported */ + } cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */ if (write_socket(sfd, cbuf, client_pos)) @@ -1082,7 +1089,51 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, err = 1; } - if (!err && (sbuf[1] != '\x00')) + if (!err && (sbuf[1] == '\x02')) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + + if (!err) + { + client_pos = 0; + cbuf[client_pos++] = '\x01'; /* Version */ + cbuf[client_pos++] = (char)strlen(fwd->auth_username); + + memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username)); + client_pos += strlen(fwd->auth_username); + cbuf[client_pos++] = (char)strlen(fwd->auth_password); + memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password)); + client_pos += strlen(fwd->auth_password); + + if (write_socket(sfd, cbuf, client_pos)) + { + errstr = "SOCKS5 negotiation auth write failed"; + csp->error_message = strdup(errstr); + log_error(LOG_LEVEL_CONNECT, "%s", errstr); + close_socket(sfd); + return(JB_INVALID_SOCKET); + } + + if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + { + errstr = "SOCKS5 negotiation auth read failed"; + err = 1; + } + } + + if (!err && (sbuf[1] != '\x00')) + { + errstr = "SOCKS5 authentication failed"; + err = 1; + } + } + else if (!err && (sbuf[1] != '\x00')) { errstr = "SOCKS5 negotiation protocol error"; err = 1;