X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=f1a2074996f5c720770373c2e09436d5fc95c61f;hp=67219537da4dd82094c1a9b68e07b821118ea126;hb=c6c2c046f72499256a856813350aa626522ba9a0;hpb=fac48065f627c1f0faf80c86b2b64615e6f92b36 diff --git a/gateway.c b/gateway.c index 67219537..f1a20749 100644 --- a/gateway.c +++ b/gateway.c @@ -6,7 +6,7 @@ * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2017 the + * Copyright : Written by and Copyright (C) 2001-2020 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -231,6 +231,8 @@ void remember_connection(const struct reusable_connection *connection) assert(reusable_connection[slot].gateway_host == NULL); assert(reusable_connection[slot].gateway_port == 0); + assert(reusable_connection[slot].auth_username == NULL); + assert(reusable_connection[slot].auth_password == NULL); assert(reusable_connection[slot].forwarder_type == SOCKS_NONE); assert(reusable_connection[slot].forward_host == NULL); assert(reusable_connection[slot].forward_port == 0); @@ -245,6 +247,22 @@ void remember_connection(const struct reusable_connection *connection) reusable_connection[slot].gateway_host = NULL; } reusable_connection[slot].gateway_port = connection->gateway_port; + if (NULL != connection->auth_username) + { + reusable_connection[slot].auth_username = strdup_or_die(connection->auth_username); + } + else + { + reusable_connection[slot].auth_username = NULL; + } + if (NULL != connection->auth_password) + { + reusable_connection[slot].auth_password = strdup_or_die(connection->auth_password); + } + else + { + reusable_connection[slot].auth_password = NULL; + } if (NULL != connection->forward_host) { @@ -287,6 +305,8 @@ void mark_connection_closed(struct reusable_connection *closed_connection) closed_connection->forwarder_type = SOCKS_NONE; freez(closed_connection->gateway_host); closed_connection->gateway_port = 0; + freez(closed_connection->auth_username); + freez(closed_connection->auth_password); freez(closed_connection->forward_host); closed_connection->forward_port = 0; } @@ -336,6 +356,62 @@ void forget_connection(jb_socket sfd) #ifdef FEATURE_CONNECTION_KEEP_ALIVE +/********************************************************************* + * + * Function : string_or_none + * + * Description : Returns a given string or "none" if a NULL pointer + * is given. + * Helper function for connection_destination_matches(). + * + * Parameters : + * 1 : string = The string to check. + * + * Returns : The string if non-NULL, "none" otherwise. + * + *********************************************************************/ +static const char *string_or_none(const char *string) +{ + return(string != NULL ? string : "none"); +} + + +/********************************************************************* + * + * Function : connection_detail_matches + * + * Description : Helper function for connection_destination_matches(). + * Compares strings which can be NULL. + * + * Parameters : + * 1 : connection_detail = The connection detail to compare. + * 2 : fowarder_detail = The forwarder detail to compare. + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +static int connection_detail_matches(const char *connection_detail, + const char *forwarder_detail) +{ + if (connection_detail == NULL && forwarder_detail == NULL) + { + /* Both details are unset. */ + return TRUE; + } + + if ((connection_detail == NULL && forwarder_detail != NULL) + || (connection_detail != NULL && forwarder_detail == NULL)) + { + /* Only one detail isn't set. */ + return FALSE; + } + + /* Both details are set, but do they match? */ + return(!strcmpic(connection_detail, forwarder_detail)); + +} + + /********************************************************************* * * Function : connection_destination_matches @@ -364,25 +440,39 @@ int connection_destination_matches(const struct reusable_connection *connection, return FALSE; } - if (( (NULL != connection->gateway_host) - && (NULL != fwd->gateway_host) - && strcmpic(connection->gateway_host, fwd->gateway_host)) - && (connection->gateway_host != fwd->gateway_host)) + if (!connection_detail_matches(connection->gateway_host, fwd->gateway_host)) { log_error(LOG_LEVEL_CONNECT, "Gateway mismatch. Previous gateway: %s. Current gateway: %s", - connection->gateway_host, fwd->gateway_host); + string_or_none(connection->gateway_host), + string_or_none(fwd->gateway_host)); return FALSE; } - if (( (NULL != connection->forward_host) - && (NULL != fwd->forward_host) - && strcmpic(connection->forward_host, fwd->forward_host)) - && (connection->forward_host != fwd->forward_host)) + if (!connection_detail_matches(connection->auth_username, fwd->auth_username)) + { + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous user name: %s. Current user name: %s", + string_or_none(connection->auth_username), + string_or_none(fwd->auth_username)); + return FALSE; + } + + if (!connection_detail_matches(connection->auth_password, fwd->auth_password)) + { + log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. " + "Previous password: %s. Current password: %s", + string_or_none(connection->auth_password), + string_or_none(fwd->auth_password)); + return FALSE; + } + + if (!connection_detail_matches(connection->forward_host, fwd->forward_host)) { log_error(LOG_LEVEL_CONNECT, "Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s", - connection->forward_host, fwd->forward_host); + string_or_none(connection->forward_host), + string_or_none(fwd->forward_host)); return FALSE; } @@ -1090,11 +1180,20 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, if (!err && (sbuf[1] == '\x02')) { - /* check cbuf overflow */ - size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; - if (auth_len > sizeof(cbuf)) + if (fwd->auth_username && fwd->auth_password) + { + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + } + else { - errstr = "SOCKS5 username and/or password too long"; + errstr = "SOCKS5 server requested authentication while " + "no credentials are configured"; err = 1; } @@ -1156,7 +1255,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = (char)(hostlen & 0xffu); assert(sizeof(cbuf) - client_pos > (size_t)255); /* Using strncpy because we really want the nul byte padding. */ - strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos); + strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos - 1); client_pos += (hostlen & 0xffu); cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); @@ -1193,7 +1292,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, header_length= strlen(client_headers); log_error(LOG_LEVEL_CONNECT, - "Optimistically sending %d bytes of client headers intended for %s", + "Optimistically sending %lu bytes of client headers intended for %s", header_length, csp->http->hostport); if (write_socket(sfd, client_headers, header_length)) @@ -1261,7 +1360,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } else if (sbuf[3] != '\x01') { - errstr = "SOCKS5 reply contains unsupported address type"; + errstr = "SOCKS5 reply contains unsupported address type"; } if (errstr == NULL) {