* using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4
* or SOCKS5 proxy).
*
- * Copyright : Written by and Copyright (C) 2001-2017 the
+ * Copyright : Written by and Copyright (C) 2001-2023 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
#include <netdb.h>
#endif /* def __BEOS__ */
-#ifdef __OS2__
-#include <utils.h>
-#endif /* def __OS2__ */
-
#include "project.h"
#include "jcc.h"
#include "errlog.h"
#endif /* HAVE_POLL */
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-static jb_socket socks4_connect(const struct forward_spec * fwd,
- const char * target_host,
+static jb_socket socks4_connect(const struct forward_spec *fwd,
+ const char *target_host,
int target_port,
struct client_state *csp);
static const char socks_userid[] = "anonymous";
#ifdef FEATURE_CONNECTION_SHARING
+#ifndef FEATURE_CONNECTION_KEEP_ALIVE
+#error Using FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE is impossible
+#endif
#define MAX_REUSABLE_CONNECTIONS 100
return;
}
+ assert(slot < SZ(reusable_connection));
assert(NULL != connection->host);
reusable_connection[slot].host = strdup_or_die(connection->host);
reusable_connection[slot].sfd = connection->sfd;
assert(reusable_connection[slot].gateway_host == NULL);
assert(reusable_connection[slot].gateway_port == 0);
+ assert(reusable_connection[slot].auth_username == NULL);
+ assert(reusable_connection[slot].auth_password == NULL);
assert(reusable_connection[slot].forwarder_type == SOCKS_NONE);
assert(reusable_connection[slot].forward_host == NULL);
assert(reusable_connection[slot].forward_port == 0);
reusable_connection[slot].gateway_host = NULL;
}
reusable_connection[slot].gateway_port = connection->gateway_port;
+ if (NULL != connection->auth_username)
+ {
+ reusable_connection[slot].auth_username = strdup_or_die(connection->auth_username);
+ }
+ else
+ {
+ reusable_connection[slot].auth_username = NULL;
+ }
+ if (NULL != connection->auth_password)
+ {
+ reusable_connection[slot].auth_password = strdup_or_die(connection->auth_password);
+ }
+ else
+ {
+ reusable_connection[slot].auth_password = NULL;
+ }
if (NULL != connection->forward_host)
{
closed_connection->forwarder_type = SOCKS_NONE;
freez(closed_connection->gateway_host);
closed_connection->gateway_port = 0;
+ freez(closed_connection->auth_username);
+ freez(closed_connection->auth_password);
freez(closed_connection->forward_host);
closed_connection->forward_port = 0;
}
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+/*********************************************************************
+ *
+ * Function : string_or_none
+ *
+ * Description : Returns a given string or "none" if a NULL pointer
+ * is given.
+ * Helper function for connection_destination_matches().
+ *
+ * Parameters :
+ * 1 : string = The string to check.
+ *
+ * Returns : The string if non-NULL, "none" otherwise.
+ *
+ *********************************************************************/
+static const char *string_or_none(const char *string)
+{
+ return(string != NULL ? string : "none");
+}
+
+
+/*********************************************************************
+ *
+ * Function : connection_detail_matches
+ *
+ * Description : Helper function for connection_destination_matches().
+ * Compares strings which can be NULL.
+ *
+ * Parameters :
+ * 1 : connection_detail = The connection detail to compare.
+ * 2 : fowarder_detail = The forwarder detail to compare.
+ *
+ * Returns : TRUE for yes, FALSE otherwise.
+ *
+ *********************************************************************/
+static int connection_detail_matches(const char *connection_detail,
+ const char *forwarder_detail)
+{
+ if (connection_detail == NULL && forwarder_detail == NULL)
+ {
+ /* Both details are unset. */
+ return TRUE;
+ }
+
+ if ((connection_detail == NULL && forwarder_detail != NULL)
+ || (connection_detail != NULL && forwarder_detail == NULL))
+ {
+ /* Only one detail isn't set. */
+ return FALSE;
+ }
+
+ /* Both details are set, but do they match? */
+ return(!strcmpic(connection_detail, forwarder_detail));
+
+}
+
+
/*********************************************************************
*
* Function : connection_destination_matches
return FALSE;
}
- if (( (NULL != connection->gateway_host)
- && (NULL != fwd->gateway_host)
- && strcmpic(connection->gateway_host, fwd->gateway_host))
- && (connection->gateway_host != fwd->gateway_host))
+ if (!connection_detail_matches(connection->gateway_host, fwd->gateway_host))
{
log_error(LOG_LEVEL_CONNECT,
"Gateway mismatch. Previous gateway: %s. Current gateway: %s",
- connection->gateway_host, fwd->gateway_host);
+ string_or_none(connection->gateway_host),
+ string_or_none(fwd->gateway_host));
+ return FALSE;
+ }
+
+ if (!connection_detail_matches(connection->auth_username, fwd->auth_username))
+ {
+ log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. "
+ "Previous user name: %s. Current user name: %s",
+ string_or_none(connection->auth_username),
+ string_or_none(fwd->auth_username));
+ return FALSE;
+ }
+
+ if (!connection_detail_matches(connection->auth_password, fwd->auth_password))
+ {
+ log_error(LOG_LEVEL_CONNECT, "Socks user name mismatch. "
+ "Previous password: %s. Current password: %s",
+ string_or_none(connection->auth_password),
+ string_or_none(fwd->auth_password));
return FALSE;
}
- if (( (NULL != connection->forward_host)
- && (NULL != fwd->forward_host)
- && strcmpic(connection->forward_host, fwd->forward_host))
- && (connection->forward_host != fwd->forward_host))
+ if (!connection_detail_matches(connection->forward_host, fwd->forward_host))
{
log_error(LOG_LEVEL_CONNECT,
"Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s",
- connection->forward_host, fwd->forward_host);
+ string_or_none(connection->forward_host),
+ string_or_none(fwd->forward_host));
return FALSE;
}
{
log_error(LOG_LEVEL_CONNECT,
"The connection to %s:%d in slot %d timed out. "
- "Closing socket %d. Timeout is: %d. Assumed latency: %d.",
+ "Closing socket %d. Timeout is: %d. Assumed latency: %ld.",
reusable_connection[slot].host,
reusable_connection[slot].port, slot,
reusable_connection[slot].sfd,
reusable_connection[slot].in_use = TRUE;
sfd = reusable_connection[slot].sfd;
log_error(LOG_LEVEL_CONNECT,
- "Found reusable socket %d for %s:%d in slot %d. Timestamp made %d "
+ "Found reusable socket %d for %s:%d in slot %d. Timestamp made %ld "
"seconds ago. Timeout: %d. Latency: %d. Requests served: %d",
sfd, reusable_connection[slot].host, reusable_connection[slot].port,
slot, time(NULL) - reusable_connection[slot].timestamp,
* Returns : JB_INVALID_SOCKET => failure, else it is the socket file descriptor.
*
*********************************************************************/
-jb_socket forwarded_connect(const struct forward_spec * fwd,
+jb_socket forwarded_connect(const struct forward_spec *fwd,
struct http_request *http,
struct client_state *csp)
{
- const char * dest_host;
+ const char *dest_host;
int dest_port;
jb_socket sfd = JB_INVALID_SOCKET;
* Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor.
*
*********************************************************************/
-static jb_socket socks4_connect(const struct forward_spec * fwd,
- const char * target_host,
+static jb_socket socks4_connect(const struct forward_spec *fwd,
+ const char *target_host,
int target_port,
struct client_state *csp)
{
/* build a socks request for connection to the web server */
- strlcpy(&(c->userid), socks_userid, sizeof(buf) - sizeof(struct socks_op));
+ /*
+ * The more straightforward &(c->userid) destination pointer can
+ * cause some gcc versions to misidentify the size of the destination
+ * buffer, tripping the runtime check of glibc's source fortification.
+ */
+ strlcpy(buf + offsetof(struct socks_op, userid), socks_userid,
+ sizeof(buf) - sizeof(struct socks_op));
csiz = sizeof(*c) + sizeof(socks_userid) - sizeof(c->userid) - sizeof(c->padding);
}
+/*********************************************************************
+ *
+ * Function : convert_ipv4_address_to_bytes
+ *
+ * Description : Converts an IPv4 address from string to bytes.
+ *
+ * Parameters :
+ * 1 : address = The IPv4 address string to convert.
+ * 2 : buf = The buffer to write the bytes to.
+ * Must be at least four bytes long.
+ *
+ * Returns : JB_ERR_OK on success, JB_ERR_PARSE otherwise.
+ *
+ *********************************************************************/
+static jb_err convert_ipv4_address_to_bytes(const char *address, char *buf)
+{
+ int i;
+ const char *p = address;
+
+ for (i = 0; i < 4; i++)
+ {
+ unsigned byte;
+ if (1 != sscanf(p, "%u", &byte))
+ {
+ return JB_ERR_PARSE;
+ }
+ if (byte > 255)
+ {
+ return JB_ERR_PARSE;
+ }
+ buf[i] = (char)byte;
+ if (i < 3)
+ {
+ p = strstr(p, ".");
+ if (p == NULL)
+ {
+ return JB_ERR_PARSE;
+ }
+ p++;
+ }
+ }
+
+ return JB_ERR_OK;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : read_socks_reply
+ *
+ * Description : Read from a socket connected to a socks server.
+ *
+ * Parameters :
+ * 1 : sfd = file descriptor of the socket to read
+ * 2 : buf = pointer to buffer where data will be written
+ * Must be >= len bytes long.
+ * 3 : len = maximum number of bytes to read
+ * 4 : timeout = Number of seconds to wait.
+ *
+ * Returns : On success, the number of bytes read is returned (zero
+ * indicates end of file), and the file position is advanced
+ * by this number. It is not an error if this number is
+ * smaller than the number of bytes requested; this may hap-
+ * pen for example because fewer bytes are actually available
+ * right now (maybe because we were close to end-of-file, or
+ * because we are reading from a pipe, or from a terminal,
+ * or because read() was interrupted by a signal). On error,
+ * -1 is returned, and errno is set appropriately. In this
+ * case it is left unspecified whether the file position (if
+ * any) changes.
+ *
+ *********************************************************************/
+static int read_socks_reply(jb_socket sfd, char *buf, int len, int timeout)
+{
+ if (!data_is_available(sfd, timeout))
+ {
+ if (socket_is_still_alive(sfd))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "The socks connection timed out after %d seconds.", timeout);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_ERROR, "The socks server hung "
+ "up the connection without sending a response.");
+ }
+ return -1;
+ }
+
+ return read_socket(sfd, buf, len);
+
+}
+
+
/*********************************************************************
*
* Function : socks5_connect
{
#define SIZE_SOCKS5_REPLY_IPV4 10
#define SIZE_SOCKS5_REPLY_IPV6 22
+#define SIZE_SOCKS5_REPLY_DOMAIN 300
#define SOCKS5_REPLY_DIFFERENCE (SIZE_SOCKS5_REPLY_IPV6 - SIZE_SOCKS5_REPLY_IPV4)
int err = 0;
char cbuf[300];
- char sbuf[SIZE_SOCKS5_REPLY_IPV6];
+ char sbuf[SIZE_SOCKS5_REPLY_DOMAIN];
size_t client_pos = 0;
int server_size = 0;
size_t hostlen = 0;
close_socket(sfd);
return(JB_INVALID_SOCKET);
}
- if (!data_is_available(sfd, csp->config->socket_timeout))
- {
- if (socket_is_still_alive(sfd))
- {
- errstr = "SOCKS5 negotiation timed out";
- }
- else
- {
- errstr = "SOCKS5 negotiation got aborted by the server";
- }
- err = 1;
- }
-
- if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2)
+ if (read_socks_reply(sfd, sbuf, sizeof(sbuf),
+ csp->config->socket_timeout) != 2)
#endif
{
errstr = "SOCKS5 negotiation read failed";
if (!err && (sbuf[1] == '\x02'))
{
- /* check cbuf overflow */
- size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3;
- if (auth_len > sizeof(cbuf))
+ if (fwd->auth_username && fwd->auth_password)
+ {
+ /* check cbuf overflow */
+ size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3;
+ if (auth_len > sizeof(cbuf))
+ {
+ errstr = "SOCKS5 username and/or password too long";
+ err = 1;
+ }
+ }
+ else
{
- errstr = "SOCKS5 username and/or password too long";
+ errstr = "SOCKS5 server requested authentication while "
+ "no credentials are configured";
err = 1;
}
return(JB_INVALID_SOCKET);
}
- if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2)
+ if (read_socks_reply(sfd, sbuf, sizeof(sbuf),
+ csp->config->socket_timeout) != 2)
{
errstr = "SOCKS5 negotiation auth read failed";
err = 1;
cbuf[client_pos++] = '\x05'; /* Version */
cbuf[client_pos++] = '\x01'; /* TCP connect */
cbuf[client_pos++] = '\x00'; /* Reserved, must be 0x00 */
- cbuf[client_pos++] = '\x03'; /* Address is domain name */
- cbuf[client_pos++] = (char)(hostlen & 0xffu);
- assert(sizeof(cbuf) - client_pos > (size_t)255);
- /* Using strncpy because we really want the nul byte padding. */
- strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos);
- client_pos += (hostlen & 0xffu);
+ if (host_is_ip_address(target_host) && NULL == strstr(target_host, ":"))
+ {
+ cbuf[client_pos++] = '\x01'; /* Address is IPv4 address. */
+ if (JB_ERR_OK != convert_ipv4_address_to_bytes(target_host, &cbuf[client_pos]))
+ {
+ errstr = "SOCKS5 error. Failed to convert target address to IP address";
+ csp->error_message = strdup(errstr);
+ log_error(LOG_LEVEL_CONNECT, "%s", errstr);
+ close_socket(sfd);
+ errno = EINVAL;
+ return(JB_INVALID_SOCKET);
+ }
+ client_pos += 4;
+ }
+ else
+ {
+ /*
+ * XXX: This branch is currently also used for IPv6 addresses
+ */
+ cbuf[client_pos++] = '\x03'; /* Address is domain name. */
+ cbuf[client_pos++] = (char)(hostlen & 0xffu);
+ assert(sizeof(cbuf) - client_pos > (size_t)255);
+ /* Using strncpy because we really want the nul byte padding. */
+ strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos - 1);
+ client_pos += (hostlen & 0xffu);
+ }
cbuf[client_pos++] = (char)((target_port >> 8) & 0xff);
cbuf[client_pos++] = (char)((target_port ) & 0xff);
if (client_headers == NULL)
{
- log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers");
+ log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers.");
}
list_remove_all(csp->headers);
header_length= strlen(client_headers);
log_error(LOG_LEVEL_CONNECT,
- "Optimistically sending %d bytes of client headers intended for %s",
+ "Optimistically sending %lu bytes of client headers intended for %s.",
header_length, csp->http->hostport);
if (write_socket(sfd, client_headers, header_length))
unsigned long long buffered_request_bytes =
(unsigned long long)(csp->client_iob->eod - csp->client_iob->cur);
log_error(LOG_LEVEL_CONNECT,
- "Optimistically sending %llu bytes of client body. Expected %llu",
+ "Optimistically sending %llu bytes of client body. Expected %llu.",
csp->expected_client_content_length, buffered_request_bytes);
assert(csp->expected_client_content_length == buffered_request_bytes);
if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes))
}
#endif
- server_size = read_socket(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4);
+ server_size = read_socks_reply(sfd, sbuf, SIZE_SOCKS5_REPLY_IPV4,
+ csp->config->socket_timeout);
if (server_size != SIZE_SOCKS5_REPLY_IPV4)
{
errstr = "SOCKS5 negotiation read failed";
* yet. Read and discard the rest of it to make
* sure it isn't treated as HTTP data later on.
*/
- server_size = read_socket(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE);
+ server_size = read_socks_reply(sfd, sbuf, SOCKS5_REPLY_DIFFERENCE,
+ csp->config->socket_timeout);
if (server_size != SOCKS5_REPLY_DIFFERENCE)
{
errstr = "SOCKS5 negotiation read failed (IPv6 address)";
}
}
+ else if (sbuf[3] == '\x03')
+ {
+ /*
+ * The address field contains a domain name
+ * which means we didn't get the whole reply
+ * yet. Read and discard the rest of it to make
+ * sure it isn't treated as HTTP data later on.
+ */
+ unsigned domain_length = (unsigned)sbuf[4];
+ int bytes_left_to_read = 5 + (int)domain_length + 2 - SIZE_SOCKS5_REPLY_IPV4;
+ if (bytes_left_to_read <= 0 || sizeof(sbuf) < bytes_left_to_read)
+ {
+ errstr = "SOCKS5 negotiation read failed (Invalid domain length)";
+ }
+ else
+ {
+ server_size = read_socks_reply(sfd, sbuf, bytes_left_to_read,
+ csp->config->socket_timeout);
+ if (server_size != bytes_left_to_read)
+ {
+ errstr = "SOCKS5 negotiation read failed (Domain name)";
+ }
+ }
+ }
else if (sbuf[3] != '\x01')
{
- errstr = "SOCKS5 reply contains unsupported address type";
+ errstr = "SOCKS5 reply contains unsupported address type";
}
if (errstr == NULL)
{