From 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Tue, 27 Dec 2016 18:25:47 +0100 Subject: New upstream version 2.4.0 --- src/openvpn/socks.c | 849 +++++++++++++++++++++++++++------------------------- 1 file changed, 446 insertions(+), 403 deletions(-) (limited to 'src/openvpn/socks.c') diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 5a9ea6c..b50cac3 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -48,466 +48,503 @@ #include "memdbg.h" -#define UP_TYPE_SOCKS "SOCKS Proxy" +#define UP_TYPE_SOCKS "SOCKS Proxy" void -socks_adjust_frame_parameters (struct frame *frame, int proto) +socks_adjust_frame_parameters(struct frame *frame, int proto) { - if (proto == PROTO_UDP) - frame_add_to_extra_link (frame, 10); + if (proto == PROTO_UDP) + { + frame_add_to_extra_link(frame, 10); + } } struct socks_proxy_info * -socks_proxy_new (const char *server, - const char *port, - const char *authfile) +socks_proxy_new(const char *server, + const char *port, + const char *authfile) { - struct socks_proxy_info *p; + struct socks_proxy_info *p; - ALLOC_OBJ_CLEAR (p, struct socks_proxy_info); + ALLOC_OBJ_CLEAR(p, struct socks_proxy_info); - ASSERT (server); - ASSERT (port); + ASSERT(server); + ASSERT(port); - strncpynt (p->server, server, sizeof (p->server)); - p->port = port; + strncpynt(p->server, server, sizeof(p->server)); + p->port = port; - if (authfile) - strncpynt (p->authfile, authfile, sizeof (p->authfile)); - else - p->authfile[0] = 0; + if (authfile) + { + strncpynt(p->authfile, authfile, sizeof(p->authfile)); + } + else + { + p->authfile[0] = 0; + } - p->defined = true; + p->defined = true; - return p; + return p; } void -socks_proxy_close (struct socks_proxy_info *sp) -{ - free (sp); -} - -static bool -socks_username_password_auth (struct socks_proxy_info *p, - socket_descriptor_t sd, - volatile int *signal_received) +socks_proxy_close(struct socks_proxy_info *sp) { - char to_send[516]; - char buf[2]; - int len = 0; - const int timeout_sec = 5; - struct user_pass creds; - ssize_t size; - - creds.defined = 0; - if (!get_user_pass (&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT)) - { - msg (M_NONFATAL, "SOCKS failed to get username/password."); - return false; - } - - if( (strlen(creds.username) > 255) || (strlen(creds.password) > 255) ) { - msg (M_NONFATAL, - "SOCKS username and/or password exceeds 255 characters. " - "Authentication not possible."); - return false; - } - openvpn_snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", (int) strlen(creds.username), - creds.username, (int) strlen(creds.password), creds.password); - size = send (sd, to_send, strlen(to_send), MSG_NOSIGNAL); - - if (size != strlen (to_send)) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port write failed on send()"); - return false; - } - - while (len < 2) - { - int status; - ssize_t size; - fd_set reads; - struct timeval tv; - char c; - - FD_ZERO (&reads); - openvpn_fd_set (sd, &reads); - tv.tv_sec = timeout_sec; - tv.tv_usec = 0; - - status = select (sd + 1, &reads, NULL, NULL, &tv); - - get_signal (signal_received); - if (*signal_received) - return false; - - /* timeout? */ - if (status == 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read timeout expired"); - return false; - } - - /* error */ - if (status < 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on select()"); - return false; - } - - /* read single char */ - size = recv(sd, &c, 1, MSG_NOSIGNAL); - - /* error? */ - if (size != 1) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on recv()"); - return false; - } - - /* store char in buffer */ - buf[len++] = c; - } - - /* VER = 5, SUCCESS = 0 --> auth success */ - if (buf[0] != 5 && buf[1] != 0) - { - msg (D_LINK_ERRORS, "socks_username_password_auth: server refused the authentication"); - return false; - } - - return true; + free(sp); } static bool -socks_handshake (struct socks_proxy_info *p, - socket_descriptor_t sd, - volatile int *signal_received) +socks_username_password_auth(struct socks_proxy_info *p, + socket_descriptor_t sd, + volatile int *signal_received) { - char buf[2]; - int len = 0; - const int timeout_sec = 5; - ssize_t size; - - /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */ - char method_sel[3] = { 0x05, 0x01, 0x00 }; - if (p->authfile[0]) - method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */ - - size = send (sd, method_sel, sizeof (method_sel), MSG_NOSIGNAL); - if (size != sizeof (method_sel)) + char to_send[516]; + char buf[2]; + int len = 0; + const int timeout_sec = 5; + struct user_pass creds; + ssize_t size; + + creds.defined = 0; + if (!get_user_pass(&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT)) { - msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()"); - return false; + msg(M_NONFATAL, "SOCKS failed to get username/password."); + return false; } - while (len < 2) + if ( (strlen(creds.username) > 255) || (strlen(creds.password) > 255) ) { - int status; - ssize_t size; - fd_set reads; - struct timeval tv; - char c; - - FD_ZERO (&reads); - openvpn_fd_set (sd, &reads); - tv.tv_sec = timeout_sec; - tv.tv_usec = 0; - - status = select (sd + 1, &reads, NULL, NULL, &tv); - - get_signal (signal_received); - if (*signal_received) - return false; - - /* timeout? */ - if (status == 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read timeout expired"); - return false; - } - - /* error */ - if (status < 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on select()"); - return false; - } - - /* read single char */ - size = recv(sd, &c, 1, MSG_NOSIGNAL); - - /* error? */ - if (size != 1) - { - msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on recv()"); - return false; - } - - /* store char in buffer */ - buf[len++] = c; + msg(M_NONFATAL, + "SOCKS username and/or password exceeds 255 characters. " + "Authentication not possible."); + return false; } + openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username), + creds.username, (int) strlen(creds.password), creds.password); + size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL); - /* VER == 5 */ - if (buf[0] != '\x05') + if (size != strlen(to_send)) { - msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status"); - return false; + msg(D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port write failed on send()"); + return false; } - /* validate that the auth method returned is the one sent */ - if (buf[1] != method_sel[2]) + while (len < 2) { - msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned unexpected auth"); - return false; + int status; + ssize_t size; + fd_set reads; + struct timeval tv; + char c; + + FD_ZERO(&reads); + openvpn_fd_set(sd, &reads); + tv.tv_sec = timeout_sec; + tv.tv_usec = 0; + + status = select(sd + 1, &reads, NULL, NULL, &tv); + + get_signal(signal_received); + if (*signal_received) + { + return false; + } + + /* timeout? */ + if (status == 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read timeout expired"); + return false; + } + + /* error */ + if (status < 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on select()"); + return false; + } + + /* read single char */ + size = recv(sd, &c, 1, MSG_NOSIGNAL); + + /* error? */ + if (size != 1) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on recv()"); + return false; + } + + /* store char in buffer */ + buf[len++] = c; } - /* select the appropriate authentication method */ - switch (buf[1]) + /* VER = 5, SUCCESS = 0 --> auth success */ + if (buf[0] != 5 && buf[1] != 0) { - case 0: /* no authentication */ - break; - - case 2: /* login/password */ - if (!p->authfile[0]) - { - msg(D_LINK_ERRORS, "socks_handshake: server asked for username/login auth but we were " - "not provided any credentials"); - return false; - } - - if (!socks_username_password_auth(p, sd, signal_received)) - return false; - - break; - - default: /* unknown auth method */ - msg(D_LINK_ERRORS, "socks_handshake: unknown SOCKS auth method"); - return false; + msg(D_LINK_ERRORS, "socks_username_password_auth: server refused the authentication"); + return false; } - return true; + return true; } static bool -recv_socks_reply (socket_descriptor_t sd, - struct openvpn_sockaddr *addr, - volatile int *signal_received) +socks_handshake(struct socks_proxy_info *p, + socket_descriptor_t sd, + volatile int *signal_received) { - char atyp = '\0'; - int alen = 0; - int len = 0; - char buf[22]; - const int timeout_sec = 5; + char buf[2]; + int len = 0; + const int timeout_sec = 5; + ssize_t size; + + /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */ + char method_sel[3] = { 0x05, 0x01, 0x00 }; + if (p->authfile[0]) + { + method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */ - if (addr != NULL) + } + size = send(sd, method_sel, sizeof(method_sel), MSG_NOSIGNAL); + if (size != sizeof(method_sel)) { - addr->addr.in4.sin_family = AF_INET; - addr->addr.in4.sin_addr.s_addr = htonl (INADDR_ANY); - addr->addr.in4.sin_port = htons (0); + msg(D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()"); + return false; } - while (len < 4 + alen + 2) + while (len < 2) { - int status; - ssize_t size; - fd_set reads; - struct timeval tv; - char c; - - FD_ZERO (&reads); - openvpn_fd_set (sd, &reads); - tv.tv_sec = timeout_sec; - tv.tv_usec = 0; - - status = select (sd + 1, &reads, NULL, NULL, &tv); - - get_signal (signal_received); - if (*signal_received) - return false; - - /* timeout? */ - if (status == 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read timeout expired"); - return false; - } - - /* error */ - if (status < 0) - { - msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on select()"); - return false; - } - - /* read single char */ - size = recv(sd, &c, 1, MSG_NOSIGNAL); + int status; + ssize_t size; + fd_set reads; + struct timeval tv; + char c; + + FD_ZERO(&reads); + openvpn_fd_set(sd, &reads); + tv.tv_sec = timeout_sec; + tv.tv_usec = 0; + + status = select(sd + 1, &reads, NULL, NULL, &tv); + + get_signal(signal_received); + if (*signal_received) + { + return false; + } + + /* timeout? */ + if (status == 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read timeout expired"); + return false; + } + + /* error */ + if (status < 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on select()"); + return false; + } + + /* read single char */ + size = recv(sd, &c, 1, MSG_NOSIGNAL); + + /* error? */ + if (size != 1) + { + msg(D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on recv()"); + return false; + } + + /* store char in buffer */ + buf[len++] = c; + } - /* error? */ - if (size != 1) - { - msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on recv()"); - return false; - } + /* VER == 5 */ + if (buf[0] != '\x05') + { + msg(D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status"); + return false; + } - if (len == 3) - atyp = c; + /* validate that the auth method returned is the one sent */ + if (buf[1] != method_sel[2]) + { + msg(D_LINK_ERRORS, "socks_handshake: Socks proxy returned unexpected auth"); + return false; + } - if (len == 4) - { - switch (atyp) - { - case '\x01': /* IP V4 */ - alen = 4; - break; + /* select the appropriate authentication method */ + switch (buf[1]) + { + case 0: /* no authentication */ + break; + + case 2: /* login/password */ + if (!p->authfile[0]) + { + msg(D_LINK_ERRORS, "socks_handshake: server asked for username/login auth but we were " + "not provided any credentials"); + return false; + } + + if (!socks_username_password_auth(p, sd, signal_received)) + { + return false; + } + + break; + + default: /* unknown auth method */ + msg(D_LINK_ERRORS, "socks_handshake: unknown SOCKS auth method"); + return false; + } - case '\x03': /* DOMAINNAME */ - alen = (unsigned char) c; - break; + return true; +} - case '\x04': /* IP V6 */ - alen = 16; - break; +static bool +recv_socks_reply(socket_descriptor_t sd, + struct openvpn_sockaddr *addr, + volatile int *signal_received) +{ + char atyp = '\0'; + int alen = 0; + int len = 0; + char buf[22]; + const int timeout_sec = 5; - default: - msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad address type"); - return false; - } - } + if (addr != NULL) + { + addr->addr.in4.sin_family = AF_INET; + addr->addr.in4.sin_addr.s_addr = htonl(INADDR_ANY); + addr->addr.in4.sin_port = htons(0); + } - /* store char in buffer */ - if (len < (int)sizeof(buf)) - buf[len] = c; - ++len; + while (len < 4 + alen + 2) + { + int status; + ssize_t size; + fd_set reads; + struct timeval tv; + char c; + + FD_ZERO(&reads); + openvpn_fd_set(sd, &reads); + tv.tv_sec = timeout_sec; + tv.tv_usec = 0; + + status = select(sd + 1, &reads, NULL, NULL, &tv); + + get_signal(signal_received); + if (*signal_received) + { + return false; + } + + /* timeout? */ + if (status == 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read timeout expired"); + return false; + } + + /* error */ + if (status < 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on select()"); + return false; + } + + /* read single char */ + size = recv(sd, &c, 1, MSG_NOSIGNAL); + + /* error? */ + if (size != 1) + { + msg(D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on recv()"); + return false; + } + + if (len == 3) + { + atyp = c; + } + + if (len == 4) + { + switch (atyp) + { + case '\x01': /* IP V4 */ + alen = 4; + break; + + case '\x03': /* DOMAINNAME */ + alen = (unsigned char) c; + break; + + case '\x04': /* IP V6 */ + alen = 16; + break; + + default: + msg(D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad address type"); + return false; + } + } + + /* store char in buffer */ + if (len < (int)sizeof(buf)) + { + buf[len] = c; + } + ++len; } - /* VER == 5 && REP == 0 (succeeded) */ - if (buf[0] != '\x05' || buf[1] != '\x00') + /* VER == 5 && REP == 0 (succeeded) */ + if (buf[0] != '\x05' || buf[1] != '\x00') { - msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply"); - return false; + msg(D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply"); + return false; } - /* ATYP == 1 (IP V4 address) */ - if (atyp == '\x01' && addr != NULL) + /* ATYP == 1 (IP V4 address) */ + if (atyp == '\x01' && addr != NULL) { - memcpy (&addr->addr.in4.sin_addr, buf + 4, sizeof (addr->addr.in4.sin_addr)); - memcpy (&addr->addr.in4.sin_port, buf + 8, sizeof (addr->addr.in4.sin_port)); + memcpy(&addr->addr.in4.sin_addr, buf + 4, sizeof(addr->addr.in4.sin_addr)); + memcpy(&addr->addr.in4.sin_port, buf + 8, sizeof(addr->addr.in4.sin_port)); } - return true; + return true; } static int -port_from_servname(const char* servname) +port_from_servname(const char *servname) { - int port =0; + int port = 0; port = atoi(servname); - if(port >0 && port < 65536) + if (port >0 && port < 65536) + { return port; + } - struct servent* service; + struct servent *service; service = getservbyname(servname, NULL); - if(service) + if (service) + { return service->s_port; + } return 0; } void -establish_socks_proxy_passthru (struct socks_proxy_info *p, - socket_descriptor_t sd, /* already open to proxy */ - const char *host, /* openvpn server remote */ - const char *servname, /* openvpn server port */ - volatile int *signal_received) +establish_socks_proxy_passthru(struct socks_proxy_info *p, + socket_descriptor_t sd, /* already open to proxy */ + const char *host, /* openvpn server remote */ + const char *servname, /* openvpn server port */ + volatile int *signal_received) { - char buf[128]; - size_t len; + char buf[128]; + size_t len; - if (!socks_handshake (p, sd, signal_received)) - goto error; + if (!socks_handshake(p, sd, signal_received)) + { + goto error; + } - /* format Socks CONNECT message */ - buf[0] = '\x05'; /* VER = 5 */ - buf[1] = '\x01'; /* CMD = 1 (CONNECT) */ - buf[2] = '\x00'; /* RSV */ - buf[3] = '\x03'; /* ATYP = 3 (DOMAINNAME) */ + /* format Socks CONNECT message */ + buf[0] = '\x05'; /* VER = 5 */ + buf[1] = '\x01'; /* CMD = 1 (CONNECT) */ + buf[2] = '\x00'; /* RSV */ + buf[3] = '\x03'; /* ATYP = 3 (DOMAINNAME) */ - len = strlen(host); - len = (5 + len + 2 > sizeof(buf)) ? (sizeof(buf) - 5 - 2) : len; + len = strlen(host); + len = (5 + len + 2 > sizeof(buf)) ? (sizeof(buf) - 5 - 2) : len; - buf[4] = (char) len; - memcpy(buf + 5, host, len); + buf[4] = (char) len; + memcpy(buf + 5, host, len); - int port = port_from_servname (servname); - if (port ==0) + int port = port_from_servname(servname); + if (port ==0) { - msg (D_LINK_ERRORS, "establish_socks_proxy_passthrough: Cannot convert %s to port number", servname); - goto error; + msg(D_LINK_ERRORS, "establish_socks_proxy_passthrough: Cannot convert %s to port number", servname); + goto error; } - buf[5 + len] = (char) (port >> 8); - buf[5 + len + 1] = (char) (port & 0xff); + buf[5 + len] = (char) (port >> 8); + buf[5 + len + 1] = (char) (port & 0xff); - { - const ssize_t size = send (sd, buf, 5 + len + 2, MSG_NOSIGNAL); - if ((int)size != 5 + (int)len + 2) - { - msg (D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()"); - goto error; - } - } + { + const ssize_t size = send(sd, buf, 5 + len + 2, MSG_NOSIGNAL); + if ((int)size != 5 + (int)len + 2) + { + msg(D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()"); + goto error; + } + } - /* receive reply from Socks proxy and discard */ - if (!recv_socks_reply (sd, NULL, signal_received)) - goto error; + /* receive reply from Socks proxy and discard */ + if (!recv_socks_reply(sd, NULL, signal_received)) + { + goto error; + } - return; + return; - error: - if (!*signal_received) - *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ - return; +error: + if (!*signal_received) + { + *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ + } + return; } void -establish_socks_proxy_udpassoc (struct socks_proxy_info *p, - socket_descriptor_t ctrl_sd, /* already open to proxy */ - socket_descriptor_t udp_sd, - struct openvpn_sockaddr *relay_addr, - volatile int *signal_received) +establish_socks_proxy_udpassoc(struct socks_proxy_info *p, + socket_descriptor_t ctrl_sd, /* already open to proxy */ + socket_descriptor_t udp_sd, + struct openvpn_sockaddr *relay_addr, + volatile int *signal_received) { - if (!socks_handshake (p, ctrl_sd, signal_received)) - goto error; - - { - /* send Socks UDP ASSOCIATE message */ - /* VER = 5, CMD = 3 (UDP ASSOCIATE), RSV = 0, ATYP = 1 (IP V4), - BND.ADDR = 0, BND.PORT = 0 */ - const ssize_t size = send (ctrl_sd, - "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00", - 10, MSG_NOSIGNAL); - if (size != 10) - { - msg (D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()"); - goto error; - } - } - - /* receive reply from Socks proxy */ - CLEAR (*relay_addr); - if (!recv_socks_reply (ctrl_sd, relay_addr, signal_received)) - goto error; - - return; - - error: - if (!*signal_received) - *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ - return; + if (!socks_handshake(p, ctrl_sd, signal_received)) + { + goto error; + } + + { + /* send Socks UDP ASSOCIATE message */ + /* VER = 5, CMD = 3 (UDP ASSOCIATE), RSV = 0, ATYP = 1 (IP V4), + * BND.ADDR = 0, BND.PORT = 0 */ + const ssize_t size = send(ctrl_sd, + "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00", + 10, MSG_NOSIGNAL); + if (size != 10) + { + msg(D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()"); + goto error; + } + } + + /* receive reply from Socks proxy */ + CLEAR(*relay_addr); + if (!recv_socks_reply(ctrl_sd, relay_addr, signal_received)) + { + goto error; + } + + return; + +error: + if (!*signal_received) + { + *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ + } + return; } /* @@ -517,29 +554,35 @@ establish_socks_proxy_udpassoc (struct socks_proxy_info *p, * Run after UDP read. */ void -socks_process_incoming_udp (struct buffer *buf, - struct link_socket_actual *from) +socks_process_incoming_udp(struct buffer *buf, + struct link_socket_actual *from) { - int atyp; + int atyp; - if (BLEN (buf) < 10) - goto error; + if (BLEN(buf) < 10) + { + goto error; + } - buf_read_u16 (buf); - if (buf_read_u8 (buf) != 0) - goto error; + buf_read_u16(buf); + if (buf_read_u8(buf) != 0) + { + goto error; + } - atyp = buf_read_u8 (buf); - if (atyp != 1) /* ATYP == 1 (IP V4) */ - goto error; + atyp = buf_read_u8(buf); + if (atyp != 1) /* ATYP == 1 (IP V4) */ + { + goto error; + } - buf_read (buf, &from->dest.addr.in4.sin_addr, sizeof (from->dest.addr.in4.sin_addr)); - buf_read (buf, &from->dest.addr.in4.sin_port, sizeof (from->dest.addr.in4.sin_port)); + buf_read(buf, &from->dest.addr.in4.sin_addr, sizeof(from->dest.addr.in4.sin_addr)); + buf_read(buf, &from->dest.addr.in4.sin_port, sizeof(from->dest.addr.in4.sin_port)); - return; + return; - error: - buf->len = 0; +error: + buf->len = 0; } /* @@ -550,24 +593,24 @@ socks_process_incoming_udp (struct buffer *buf, * Returns the size of the header. */ int -socks_process_outgoing_udp (struct buffer *buf, - const struct link_socket_actual *to) +socks_process_outgoing_udp(struct buffer *buf, + const struct link_socket_actual *to) { - /* - * Get a 10 byte subset buffer prepended to buf -- - * we expect these bytes will be here because - * we allocated frame space in socks_adjust_frame_parameters. - */ - struct buffer head = buf_sub (buf, 10, true); - - /* crash if not enough headroom in buf */ - ASSERT (buf_defined (&head)); - - buf_write_u16 (&head, 0); /* RSV = 0 */ - buf_write_u8 (&head, 0); /* FRAG = 0 */ - buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */ - buf_write (&head, &to->dest.addr.in4.sin_addr, sizeof (to->dest.addr.in4.sin_addr)); - buf_write (&head, &to->dest.addr.in4.sin_port, sizeof (to->dest.addr.in4.sin_port)); - - return 10; + /* + * Get a 10 byte subset buffer prepended to buf -- + * we expect these bytes will be here because + * we allocated frame space in socks_adjust_frame_parameters. + */ + struct buffer head = buf_sub(buf, 10, true); + + /* crash if not enough headroom in buf */ + ASSERT(buf_defined(&head)); + + buf_write_u16(&head, 0); /* RSV = 0 */ + buf_write_u8(&head, 0); /* FRAG = 0 */ + buf_write_u8(&head, '\x01'); /* ATYP = 1 (IP V4) */ + buf_write(&head, &to->dest.addr.in4.sin_addr, sizeof(to->dest.addr.in4.sin_addr)); + buf_write(&head, &to->dest.addr.in4.sin_port, sizeof(to->dest.addr.in4.sin_port)); + + return 10; } -- cgit v1.2.3