summaryrefslogtreecommitdiff
path: root/src/openvpn/socks.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2014-09-02 12:20:00 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2014-09-02 12:20:00 +0200
commitc1db7b69b6d1d4da34995b32cfd78172d5d015c4 (patch)
treecf2a6cf09c8487f58e19f8ffe72e48cda7deccc6 /src/openvpn/socks.c
parentdc7b942f8f182eb26054299fab3b87c6342361fe (diff)
parent809daf3b371e0c2457b5d4bd414382eb67bf8348 (diff)
Merge tag 'upstream/2.3.4'
Upstream version 2.3.4
Diffstat (limited to 'src/openvpn/socks.c')
-rw-r--r--src/openvpn/socks.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 235982e..2f051ec 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -189,10 +189,15 @@ socks_handshake (struct socks_proxy_info *p,
char buf[2];
int len = 0;
const int timeout_sec = 5;
+ ssize_t size;
+
+ /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */
+ char method_sel[3] = { 0x05, 0x01, 0x00 };
+ if (p->authfile[0])
+ method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */
- /* VER = 5, NMETHODS = 2, METHODS = [0 (no auth), 2 (plain login)] */
- const ssize_t size = send (sd, "\x05\x02\x00\x02", 4, MSG_NOSIGNAL);
- if (size != 4)
+ size = send (sd, method_sel, sizeof (method_sel), MSG_NOSIGNAL);
+ if (size != sizeof (method_sel))
{
msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()");
return false;
@@ -252,6 +257,13 @@ socks_handshake (struct socks_proxy_info *p,
return false;
}
+ /* validate that the auth method returned is the one sent */
+ if (buf[1] != method_sel[2])
+ {
+ msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned unexpected auth");
+ return false;
+ }
+
/* select the appropriate authentication method */
switch (buf[1])
{