[gnurl] 70/222: socks: Fix destination host shown on SOCKS5 error

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 70/222: socks: Fix destination host shown on SOCKS5 error

From:	gnunet
Subject:	[gnurl] 70/222: socks: Fix destination host shown on SOCKS5 error
Date:	Thu, 07 Nov 2019 00:09:26 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 5ee88eee6861ab1c98c03bc0b1c8f63c447c7fdc
Author: Jay Satiro <address@hidden>
AuthorDate: Sat Sep 21 03:39:21 2019 -0400

    socks: Fix destination host shown on SOCKS5 error
    
    Prior to this change when a server returned a socks5 connect error then
    curl would parse the destination address:port from that data and show it
    to the user as the destination:
    
    curld -v --socks5 10.0.3.1:1080 http://google.com:99
    * SOCKS5 communication to google.com:99
    * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
    * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
    curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
    
    That's incorrect because the address:port included in the connect error
    is actually a bind address:port (typically unused) and not the
    destination address:port. This fix changes curl to show the destination
    information that curl sent to the server instead:
    
    curld -v --socks5 10.0.3.1:1080 http://google.com:99
    * SOCKS5 communication to google.com:99
    * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
    * Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
    curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
    
    curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
    * SOCKS5 communication to google.com:99
    * SOCKS5 connect to google.com:99 (remotely resolved)
    * Can't complete SOCKS5 connection to google.com:99. (1)
    curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)
    
    Ref: https://tools.ietf.org/html/rfc1928#section-6
    
    Closes https://github.com/curl/curl/pull/4394
---
 lib/socks.c | 64 +++++++++++++++++++------------------------------------------
 1 file changed, 20 insertions(+), 44 deletions(-)

diff --git a/lib/socks.c b/lib/socks.c
index d8fcc3bbb..6ae98184d 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -38,7 +38,9 @@
 #include "timeval.h"
 #include "socks.h"
 
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
 #include "memdebug.h"
 
 /*
@@ -372,8 +374,9 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     o  REP    Reply field:
     o  X'00' succeeded
   */
-
-  unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
+#define REQUEST_BUFSIZE 600  /* room for large user/pw (255 max each) */
+  unsigned char socksreq[REQUEST_BUFSIZE];
+  char dest[REQUEST_BUFSIZE] = "unknown";  /* printable hostname:port */
   int idx;
   ssize_t actualread;
   ssize_t written;
@@ -605,6 +608,8 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     socksreq[len++] = (char) hostname_len; /* address length */
     memcpy(&socksreq[len], hostname, hostname_len); /* address str w/o NULL */
     len += hostname_len;
+    msnprintf(dest, sizeof(dest), "%s:%d", hostname, remote_port);
+    infof(data, "SOCKS5 connect to %s (remotely resolved)\n", dest);
   }
   else {
     struct Curl_dns_entry *dns;
@@ -628,8 +633,13 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     if(dns)
       hp = dns->addr;
     if(hp) {
-      char buf[64];
-      Curl_printable_address(hp, buf, sizeof(buf));
+      if(Curl_printable_address(hp, dest, sizeof(dest))) {
+        size_t destlen = strlen(dest);
+        msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port);
+      }
+      else {
+        strcpy(dest, "unknown");
+      }
 
       if(hp->ai_family == AF_INET) {
         int i;
@@ -641,7 +651,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
           socksreq[len++] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[i];
         }
 
-        infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)\n", buf);
+        infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)\n", dest);
       }
 #ifdef ENABLE_IPV6
       else if(hp->ai_family == AF_INET6) {
@@ -655,13 +665,13 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
             ((unsigned char *)&saddr_in6->sin6_addr.s6_addr)[i];
         }
 
-        infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)\n", buf);
+        infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)\n", dest);
       }
 #endif
       else {
         hp = NULL; /* fail! */
 
-        failf(data, "SOCKS5 connection to %s not supported\n", buf);
+        failf(data, "SOCKS5 connection to %s not supported\n", dest);
       }
 
       Curl_resolv_unlock(data, dns); /* not used anymore from now on */
@@ -756,42 +766,8 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
 #endif
 
   if(socksreq[1] != 0) { /* Anything besides 0 is an error */
-    if(socksreq[3] == 1) {
-      failf(data,
-            "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (((unsigned char)socksreq[8] << 8) |
-             (unsigned char)socksreq[9]),
-            (unsigned char)socksreq[1]);
-    }
-    else if(socksreq[3] == 3) {
-      unsigned char port_upper = (unsigned char)socksreq[len - 2];
-      socksreq[len - 2] = 0;
-      failf(data,
-            "Can't complete SOCKS5 connection to %s:%d. (%d)",
-            (char *)&socksreq[5],
-            ((port_upper << 8) |
-             (unsigned char)socksreq[len - 1]),
-            (unsigned char)socksreq[1]);
-      socksreq[len - 2] = port_upper;
-    }
-    else if(socksreq[3] == 4) {
-      failf(data,
-            "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"
-            "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (unsigned char)socksreq[8], (unsigned char)socksreq[9],
-            (unsigned char)socksreq[10], (unsigned char)socksreq[11],
-            (unsigned char)socksreq[12], (unsigned char)socksreq[13],
-            (unsigned char)socksreq[14], (unsigned char)socksreq[15],
-            (unsigned char)socksreq[16], (unsigned char)socksreq[17],
-            (unsigned char)socksreq[18], (unsigned char)socksreq[19],
-            (((unsigned char)socksreq[20] << 8) |
-             (unsigned char)socksreq[21]),
-            (unsigned char)socksreq[1]);
-    }
+    failf(data, "Can't complete SOCKS5 connection to %s. (%d)",
+          dest, (unsigned char)socksreq[1]);
     return CURLE_COULDNT_CONNECT;
   }
   infof(data, "SOCKS5 request granted.\n");

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 79/222: vauth: The parameter 'status' must be surrounded by parentheses, (continued)
- [gnurl] 79/222: vauth: The parameter 'status' must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 78/222: doh: allow only http and https in debug mode, gnunet, 2019/11/06
- [gnurl] 71/222: curl: exit the create_transfers loop on errors, gnunet, 2019/11/06
- [gnurl] 80/222: quiche: The expression must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 69/222: travis: enable ngtcp2 h3-23 builds, gnunet, 2019/11/06
- [gnurl] 86/222: strcase: fix raw lowercasing the letter X, gnunet, 2019/11/06
- [gnurl] 85/222: http2: Expression 'stream->stream_id != - 1' is always true, gnunet, 2019/11/06
- [gnurl] 83/222: libssh: part of conditional expression is always true: !result, gnunet, 2019/11/06
- [gnurl] 76/222: http: lowercase headernames for HTTP/2 and HTTP/3, gnunet, 2019/11/06
- [gnurl] 84/222: http2: A value is being subtracted from the unsigned variable, gnunet, 2019/11/06
- [gnurl] 70/222: socks: Fix destination host shown on SOCKS5 error, gnunet <=
- [gnurl] 74/222: winbuild: Add manifest to curl.exe for proper OS version detection, gnunet, 2019/11/06
- [gnurl] 82/222: libssh: part of conditional expression is always true, gnunet, 2019/11/06
- [gnurl] 75/222: vtls: fix narrowing conversion warnings, gnunet, 2019/11/06
- [gnurl] 77/222: doh: return early if there is no time left, gnunet, 2019/11/06
- [gnurl] 90/222: altsvc: save h3 as h3-23, gnunet, 2019/11/06
- [gnurl] 102/222: quiche: set 'drain' when returning without having drained the queues, gnunet, 2019/11/06
- [gnurl] 92/222: travis: move the go install to linux-only, gnunet, 2019/11/06
- [gnurl] 100/222: HTTP3: merged and simplified the two 'running' sections, gnunet, 2019/11/06
- [gnurl] 87/222: os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,, gnunet, 2019/11/06
- [gnurl] 91/222: altsvc: correct the #ifdef for the ngtcp2 backend, gnunet, 2019/11/06

Prev by Date: [gnurl] 84/222: http2: A value is being subtracted from the unsigned variable
Next by Date: [gnurl] 74/222: winbuild: Add manifest to curl.exe for proper OS version detection
Previous by thread: [gnurl] 84/222: http2: A value is being subtracted from the unsigned variable
Next by thread: [gnurl] 74/222: winbuild: Add manifest to curl.exe for proper OS version detection
Index(es):
- Date
- Thread