X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=f5d15a56732c3fc6207e1dc0b8ceb75d3e5c555a;hp=9bde9e61231a5a4c2b1722299988fbf09c07dd64;hb=c1d7fcffe09bc85bbf76d7189a1c01ca9a0c095b;hpb=f67b3326138f428863c21c7738e0c8db87fa6f5c

diff --git a/gateway.c b/gateway.c
index 9bde9e61..f5d15a56 100644
--- a/gateway.c
+++ b/gateway.c
@@ -1,4 +1,3 @@
-const char gateway_rcs[] = "$Id: gateway.c,v 1.99 2016/10/25 10:46:56 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/gateway.c,v $
@@ -7,8 +6,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.99 2016/10/25 10:46:56 fabiankeil
  *                using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4
  *                or SOCKS5 proxy).
  *
- * Copyright   :  Written by and Copyright (C) 2001-2016 the
- *                Privoxy team. http://www.privoxy.org/
+ * Copyright   :  Written by and Copyright (C) 2001-2017 the
+ *                Privoxy team. https://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
  *                by and Copyright (C) 1997 Anonymous Coders and
@@ -79,8 +78,6 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.99 2016/10/25 10:46:56 fabiankeil
 #endif /* HAVE_POLL */
 #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
 
-const char gateway_h_rcs[] = GATEWAY_H_VERSION;
-
 static jb_socket socks4_connect(const struct forward_spec * fwd,
                                 const char * target_host,
                                 int target_port,
@@ -134,7 +131,6 @@ static const char socks_userid[] = "anonymous";
 #ifdef FEATURE_CONNECTION_SHARING
 
 #define MAX_REUSABLE_CONNECTIONS 100
-static unsigned int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
 
 static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS];
 static int mark_connection_unused(const struct reusable_connection *connection);
@@ -560,25 +556,6 @@ static int mark_connection_unused(const struct reusable_connection *connection)
    return socket_found;
 
 }
-
-
-/*********************************************************************
- *
- * Function    :  set_keep_alive_timeout
- *
- * Description :  Sets the timeout after which open
- *                connections will no longer be reused.
- *
- * Parameters  :
- *          1  :  timeout = The timeout in seconds.
- *
- * Returns     :  void
- *
- *********************************************************************/
-void set_keep_alive_timeout(unsigned int timeout)
-{
-   keep_alive_timeout = timeout;
-}
 #endif /* def FEATURE_CONNECTION_SHARING */
 
 
@@ -664,7 +641,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd,
 }
 
 
-#ifdef FUZZ_SOCKS
+#ifdef FUZZ
 /*********************************************************************
  *
  * Function    :  socks_fuzz
@@ -839,7 +816,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd,
    c->dstip[2]    = (unsigned char)((web_server_addr   >>  8) & 0xff);
    c->dstip[3]    = (unsigned char)((web_server_addr        ) & 0xff);
 
-#ifdef FUZZ_SOCKS
+#ifdef FUZZ
    sfd = 0;
 #else
    /* pass the request to the socks server */
@@ -1040,7 +1017,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
       return(JB_INVALID_SOCKET);
    }
 
-#ifdef FUZZ_SOCKS
+#ifdef FUZZ
    sfd = 0;
    if (!err && read_socket(sfd, sbuf, 2) != 2)
 #else
@@ -1059,7 +1036,16 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
 
    client_pos = 0;
    cbuf[client_pos++] = '\x05'; /* Version */
-   cbuf[client_pos++] = '\x01'; /* One authentication method supported */
+
+   if (fwd->auth_username && fwd->auth_password)
+   {
+      cbuf[client_pos++] = '\x02'; /* Two authentication methods supported */
+      cbuf[client_pos++] = '\x02'; /* Username/password */
+   }
+   else
+   {
+      cbuf[client_pos++] = '\x01'; /* One authentication method supported */
+   }
    cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */
 
    if (write_socket(sfd, cbuf, client_pos))
@@ -1102,7 +1088,51 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
       err = 1;
    }
 
-   if (!err && (sbuf[1] != '\x00'))
+   if (!err && (sbuf[1] == '\x02'))
+   {
+      /* check cbuf overflow */
+      size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3;
+      if (auth_len > sizeof(cbuf))
+      {
+         errstr = "SOCKS5 username and/or password too long";
+         err = 1;
+      }
+
+      if (!err)
+      {
+         client_pos = 0;
+         cbuf[client_pos++] = '\x01'; /* Version */
+         cbuf[client_pos++] = (char)strlen(fwd->auth_username);
+
+         memcpy(cbuf + client_pos, fwd->auth_username, strlen(fwd->auth_username));
+         client_pos += strlen(fwd->auth_username);
+         cbuf[client_pos++] = (char)strlen(fwd->auth_password);
+         memcpy(cbuf + client_pos, fwd->auth_password, strlen(fwd->auth_password));
+         client_pos += strlen(fwd->auth_password);
+
+         if (write_socket(sfd, cbuf, client_pos))
+         {
+            errstr = "SOCKS5 negotiation auth write failed";
+            csp->error_message = strdup(errstr);
+            log_error(LOG_LEVEL_CONNECT, "%s", errstr);
+            close_socket(sfd);
+            return(JB_INVALID_SOCKET);
+         }
+
+         if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2)
+         {
+            errstr = "SOCKS5 negotiation auth read failed";
+            err = 1;
+         }
+      }
+
+      if (!err && (sbuf[1] != '\x00'))
+      {
+         errstr = "SOCKS5 authentication failed";
+         err = 1;
+      }
+   }
+   else if (!err && (sbuf[1] != '\x00'))
    {
       errstr = "SOCKS5 negotiation protocol error";
       err = 1;
@@ -1131,7 +1161,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
    cbuf[client_pos++] = (char)((target_port >> 8) & 0xff);
    cbuf[client_pos++] = (char)((target_port     ) & 0xff);
 
-#ifndef FUZZ_SOCKS
+#ifndef FUZZ
    if (write_socket(sfd, cbuf, client_pos))
    {
       errstr = "SOCKS5 negotiation write failed";
@@ -1179,13 +1209,13 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
          unsigned long long buffered_request_bytes =
             (unsigned long long)(csp->client_iob->eod - csp->client_iob->cur);
          log_error(LOG_LEVEL_CONNECT,
-            "Optimistically sending %d bytes of client body. Expected %d",
+            "Optimistically sending %llu bytes of client body. Expected %llu",
             csp->expected_client_content_length, buffered_request_bytes);
          assert(csp->expected_client_content_length == buffered_request_bytes);
          if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes))
          {
             log_error(LOG_LEVEL_CONNECT,
-               "optimistically writing %d bytes of client body to: %s failed: %E",
+               "optimistically writing %llu bytes of client body to: %s failed: %E",
                buffered_request_bytes, csp->http->hostport);
             return(JB_INVALID_SOCKET);
          }