summaryrefslogtreecommitdiff
path: root/src/openvpn/socks.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/socks.c')
-rw-r--r--src/openvpn/socks.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 235982e..2f051ec 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -189,10 +189,15 @@ socks_handshake (struct socks_proxy_info *p,
char buf[2];
int len = 0;
const int timeout_sec = 5;
+ ssize_t size;
+
+ /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */
+ char method_sel[3] = { 0x05, 0x01, 0x00 };
+ if (p->authfile[0])
+ method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */
- /* VER = 5, NMETHODS = 2, METHODS = [0 (no auth), 2 (plain login)] */
- const ssize_t size = send (sd, "\x05\x02\x00\x02", 4, MSG_NOSIGNAL);
- if (size != 4)
+ size = send (sd, method_sel, sizeof (method_sel), MSG_NOSIGNAL);
+ if (size != sizeof (method_sel))
{
msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()");
return false;
@@ -252,6 +257,13 @@ socks_handshake (struct socks_proxy_info *p,
return false;
}
+ /* validate that the auth method returned is the one sent */
+ if (buf[1] != method_sel[2])
+ {
+ msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned unexpected auth");
+ return false;
+ }
+
/* select the appropriate authentication method */
switch (buf[1])
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 11:16:52 +0000