July 2018 - tor-commits - lists.torproject.org

[tor/master] Remove legacy SOCKS5 phase 2 code
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit d2e54ff8a5826980211cfecd9f289379aa222382 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue May 22 13:53:34 2018 +0200 Remove legacy SOCKS5 phase 2 code --- src/or/proto_socks.c | 121 --------------------------------------------------- 1 file changed, 121 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 84ea58778..6ed8f6e17 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -804,9 +804,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out, size_t *want_length_out) { - unsigned int len; - char tmpbuf[TOR_ADDR_BUF_LEN+1]; - tor_addr_t destaddr; uint8_t socksver; if (datalen < 2) { @@ -825,124 +822,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } switch (socksver) { /* which version of socks? */ - case 5: /* socks5 */ - if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) { - log_warn(LD_APP, - "socks5: negotiated authentication, but none provided"); - return -1; - } - /* we know the method; read in the request */ - log_debug(LD_APP,"socks5: checking request"); - if (datalen < 7) {/* basic info plus >=1 for addr plus 2 for port */ - *want_length_out = 7; - return 0; /* not yet */ - } - req->command = (unsigned char) *(data+1); - if (req->command != SOCKS_COMMAND_CONNECT && - req->command != SOCKS_COMMAND_RESOLVE && - req->command != SOCKS_COMMAND_RESOLVE_PTR) { - /* not a connect or resolve or a resolve_ptr? we don't support it. */ - socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); - - log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.", - req->command); - return -1; - } - switch (*(data+3)) { /* address type */ - case 1: /* IPv4 address */ - case 4: /* IPv6 address */ { - const int is_v6 = *(data+3) == 4; - const unsigned addrlen = is_v6 ? 16 : 4; - log_debug(LD_APP,"socks5: ipv4 address type"); - if (datalen < 6+addrlen) {/* ip/port there? */ - *want_length_out = 6+addrlen; - return 0; /* not yet */ - } - - if (is_v6) - tor_addr_from_ipv6_bytes(&destaddr, data+4); - else - tor_addr_from_ipv4n(&destaddr, get_uint32(data+4)); - - tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1); - - if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- This branch is unreachable, given the - * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 IP takes %d bytes, which doesn't fit in %d. " - "Rejecting.", - (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - strlcpy(req->address,tmpbuf,sizeof(req->address)); - req->port = ntohs(get_uint16(data+4+addrlen)); - *drain_out = 6+addrlen; - if (req->command != SOCKS_COMMAND_RESOLVE_PTR && - !addressmap_have_mapping(req->address,0)) { - log_unsafe_socks_warning(5, req->address, req->port, safe_socks); - if (safe_socks) { - socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); - return -1; - } - } - return 1; - } - case 3: /* fqdn */ - log_debug(LD_APP,"socks5: fqdn address type"); - if (req->command == SOCKS_COMMAND_RESOLVE_PTR) { - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " - "hostname type. Rejecting."); - return -1; - } - len = (unsigned char)*(data+4); - if (datalen < 7+len) { /* addr/port there? */ - *want_length_out = 7+len; - return 0; /* not yet */ - } - if (BUG(len+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- unreachable, since len is at most 255, - * and MAX_SOCKS_ADDR_LEN is 256. */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 hostname is %d bytes, which doesn't fit in " - "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - memcpy(req->address,data+5,len); - req->address[len] = 0; - req->port = ntohs(get_uint16(data+5+len)); - *drain_out = 5+len+2; - - if (!string_is_valid_dest(req->address)) { - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - - log_warn(LD_PROTOCOL, - "Your application (using socks5 to port %d) gave Tor " - "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped_safe_str_client(req->address)); - return -1; - } - if (log_sockstype) - log_notice(LD_APP, - "Your application (using socks5 to port %d) instructed " - "Tor to take care of the DNS resolution itself if " - "necessary. This is good.", req->port); - return 1; - default: /* unsupported */ - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.", - (int) *(data+3)); - return -1; - } - tor_assert(0); - break; case 'G': /* get */ case 'H': /* head */ case 'P': /* put/post */

1 0

[tor/master] Add CMD_RESOLVE to socks5_client_request
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit 94706a427a6ea84e8124bd3bd997d6805149c39d Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue May 22 12:23:32 2018 +0200 Add CMD_RESOLVE to socks5_client_request --- src/trunnel/socks5.c | 12 ++++++------ src/trunnel/socks5.trunnel | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 5b8d49d80..7f4702fb5 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -3477,7 +3477,7 @@ socks5_client_request_get_command(const socks5_client_request_t *inp) int socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) { - if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -3600,7 +3600,7 @@ socks5_client_request_check(const socks5_client_request_t *obj) return "A set function failed on this object"; if (! (obj->version == 5)) return "Integer out of bounds"; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) return "Integer out of bounds"; if (! (obj->reserved == 0)) return "Integer out of bounds"; @@ -3639,7 +3639,7 @@ socks5_client_request_encoded_len(const socks5_client_request_t *obj) /* Length of u8 version IN [5] */ result += 1; - /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ result += 1; /* Length of u8 reserved IN [0] */ @@ -3708,7 +3708,7 @@ socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_c trunnel_set_uint8(ptr, (obj->version)); written += 1; ptr += 1; - /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -3817,11 +3817,11 @@ socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *in if (! (obj->version == 5)) goto fail; - /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ CHECK_REMAINING(1, truncated); obj->command = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) goto fail; /* Parse u8 reserved IN [0] */ diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index b6b8a34f2..d70ad639e 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -30,7 +30,7 @@ struct domainname { struct socks5_client_request { u8 version IN [5]; - u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE_PTR]; + u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE, CMD_RESOLVE_PTR]; u8 reserved IN [0]; u8 atype; union dest_addr[atype] {

1 0

[tor/master] Fix whitespace/formatting
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit fb105404f27a713f3192cb3a376ddc5fc257ccd9 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue May 22 13:59:07 2018 +0200 Fix whitespace/formatting --- src/or/proto_socks.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 6ed8f6e17..17589fad3 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -181,7 +181,6 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, } } - end: socks4_client_request_free(trunnel_req); @@ -362,7 +361,6 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, socks5_client_userpass_auth_t *trunnel_req = NULL; ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, datalen); - tor_assert(drain_out); *drain_out = 0; @@ -460,7 +458,8 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, int res = 1; tor_addr_t destaddr; socks5_client_request_t *trunnel_req = NULL; - ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); + ssize_t parsed = + socks5_client_request_parse(&trunnel_req, raw_data, datalen); if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid client request"); res = -1; @@ -493,7 +492,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); } break; case 3: { - const struct domainname_st *dns_name = + const struct domainname_st *dns_name = socks5_client_request_getconst_dest_addr_domainname(trunnel_req); const char *hostname = domainname_getconstarray_name(dns_name); @@ -502,7 +501,8 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, } break; case 4: { const char *ipv6 = - (const char *)socks5_client_request_getarray_dest_addr_ipv6(trunnel_req); + (const char *)socks5_client_request_getarray_dest_addr_ipv6( + trunnel_req); tor_addr_from_ipv6_bytes(&destaddr, ipv6); tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); @@ -552,7 +552,7 @@ process_socks5_client_request(socks_request_t *req, req->port, escaped_safe_str_client(req->address)); res = -1; - goto end;; + goto end; } if (req->socks5_atyp == 1 || req->socks5_atyp == 4) { @@ -578,8 +578,9 @@ process_socks5_client_request(socks_request_t *req, } static int -handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out) +handle_socks_message(const uint8_t *raw_data, size_t datalen, + socks_request_t *req, int log_sockstype, + int safe_socks, size_t *drain_out) { int res = 1; @@ -733,7 +734,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, do { n_drain = 0; - buf_pullup(buf, MAX(want_length, buf_datalen(buf)), + buf_pullup(buf, MAX(want_length, buf_datalen(buf)), &head, &datalen); tor_assert(head && datalen >= 2); want_length = 0;

1 0

[tor/master] Second phase of SOCKS5
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit bcbd3fb71e1a729f5b499a1452da7d07deeebf39 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Mon May 21 17:33:28 2018 +0200 Second phase of SOCKS5 --- src/or/proto_socks.c | 157 +++++++++++++++++++++++++++++++++++++++++++--- src/or/socks_request_st.h | 2 + src/test/test_socks.c | 3 +- 3 files changed, 151 insertions(+), 11 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 8fdb72235..84ea58778 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -454,10 +454,134 @@ process_socks5_userpass_auth(socks_request_t *req) } static int +parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, size_t *drain_out) +{ + int res = 1; + tor_addr_t destaddr; + socks5_client_request_t *trunnel_req = NULL; + ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid client request"); + res = -1; + goto end; + } else if (parsed == -2) { + res = 0; + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + if (socks5_client_request_get_version(trunnel_req) != 5) { + res = -1; + goto end; + } + + req->command = socks5_client_request_get_command(trunnel_req); + + req->port = socks5_client_request_get_dest_port(trunnel_req); + + uint8_t atype = socks5_client_request_get_atype(trunnel_req); + req->socks5_atyp = atype; + + switch (atype) { + case 1: { + uint32_t ipv4 = socks5_client_request_get_dest_addr_ipv4(trunnel_req); + tor_addr_from_ipv4h(&destaddr, ipv4); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + case 3: { + const struct domainname_st *dns_name = + socks5_client_request_getconst_dest_addr_domainname(trunnel_req); + + const char *hostname = domainname_getconstarray_name(dns_name); + + strlcpy(req->address, hostname, sizeof(req->address)); + } break; + case 4: { + const char *ipv6 = + (const char *)socks5_client_request_getarray_dest_addr_ipv6(trunnel_req); + tor_addr_from_ipv6_bytes(&destaddr, ipv6); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + default: { + res = -1; + } break; + } + + end: + socks5_client_request_free(trunnel_req); + return res; +} + +static int +process_socks5_client_request(socks_request_t *req, + int log_sockstype, + int safe_socks) +{ + int res = 1; + + if (req->command != SOCKS_COMMAND_CONNECT && + req->command != SOCKS_COMMAND_RESOLVE && + req->command != SOCKS_COMMAND_RESOLVE_PTR) { + socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); + res = -1; + goto end; + } + + if (req->command == SOCKS_COMMAND_RESOLVE_PTR && + !string_is_valid_ipv4_address(req->address) && + !string_is_valid_ipv6_address(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); + log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " + "hostname type. Rejecting."); + + res = -1; + goto end; + } + + if (!string_is_valid_dest(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + + log_warn(LD_PROTOCOL, + "Your application (using socks5 to port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped_safe_str_client(req->address)); + + res = -1; + goto end;; + } + + if (req->socks5_atyp == 1 || req->socks5_atyp == 4) { + if (req->command != SOCKS_COMMAND_RESOLVE_PTR && + !addressmap_have_mapping(req->address,0)) { + log_unsafe_socks_warning(5, req->address, req->port, safe_socks); + if (safe_socks) { + socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); + res = -1; + goto end; + } + } + } + + if (log_sockstype) + log_notice(LD_APP, + "Your application (using socks5 to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); + + end: + return res; +} + +static int handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) { - int res = 0; + int res = 1; uint8_t socks_version = raw_data[0]; @@ -497,8 +621,8 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r goto end; } /* RFC1929 SOCKS5 username/password subnegotiation. */ - if ((!req->got_auth && raw_data[0] == 1) || - req->auth_type == SOCKS_USER_PASS) { + if (!req->got_auth && (raw_data[0] == 1 || + req->auth_type == SOCKS_USER_PASS)) { int parse_status = parse_socks5_userpass_auth(raw_data, req, datalen, drain_out); @@ -540,6 +664,23 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r res = 0; goto end; + } else { + int parse_status = parse_socks5_client_request(raw_data, req, + datalen, drain_out); + if (parse_status != 1) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + res = parse_status; + goto end; + } + + int process_status = process_socks5_client_request(req, + log_sockstype, + safe_socks); + + if (process_status != 1) { + res = process_status; + goto end; + } } } else { *drain_out = datalen; @@ -590,11 +731,10 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, goto end; } - buf_pullup(buf, datalen, &head, &datalen); // XXX - do { n_drain = 0; - //buf_pullup(buf, want_length, &head, &datalen); + buf_pullup(buf, MAX(want_length, buf_datalen(buf)), + &head, &datalen); tor_assert(head && datalen >= 2); want_length = 0; @@ -605,10 +745,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, buf_clear(buf); else if (n_drain > 0) buf_drain(buf, n_drain); - - datalen = buf_datalen(buf); - } while (res == 0 && head && want_length < buf_datalen(buf) && - buf_datalen(buf) >= 2); + } while (res == 0 && head && buf_datalen(buf) >= 2); end: return res; diff --git a/src/or/socks_request_st.h b/src/or/socks_request_st.h index c650a5773..bdef21a0d 100644 --- a/src/or/socks_request_st.h +++ b/src/or/socks_request_st.h @@ -53,6 +53,8 @@ struct socks_request_t { /** The negotiated password value if any (for socks5). This value is NOT * nul-terminated; see passwordlen for its length. */ char *password; + + uint8_t socks5_atyp; /* SOCKS5 address type */ }; #endif diff --git a/src/test/test_socks.c b/src/test/test_socks.c index cf34e9d43..9645ea32a 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -646,7 +646,8 @@ test_socks_5_malformed_commands(void *ptr) tt_int_op(5,OP_EQ,socks->socks_version); tt_int_op(10,OP_EQ,socks->replylen); tt_int_op(5,OP_EQ,socks->reply[0]); - tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]); + /* trunnel parsing will fail with -1 */ + tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]); tt_int_op(1,OP_EQ,socks->reply[3]); done:

1 0

[tor/master] Remove prop229 stuff from socks5.trunnel
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit f27dc41627517ebec3feae6ca00eee544d9dcd59 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue Jun 26 19:31:26 2018 +0300 Remove prop229 stuff from socks5.trunnel --- src/trunnel/socks5.c | 2128 +++++++++++--------------------------------- src/trunnel/socks5.h | 376 -------- src/trunnel/socks5.trunnel | 22 - 3 files changed, 526 insertions(+), 2000 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 7f4702fb5..9e5f6fcfe 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -3029,1585 +3029,358 @@ socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const } return result; } -tor_socksauth_keyval_t * -tor_socksauth_keyval_new(void) +socks5_client_request_t * +socks5_client_request_new(void) { - tor_socksauth_keyval_t *val = trunnel_calloc(1, sizeof(tor_socksauth_keyval_t)); + socks5_client_request_t *val = trunnel_calloc(1, sizeof(socks5_client_request_t)); if (NULL == val) return NULL; + val->version = 5; + val->command = CMD_BIND; return val; } /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -tor_socksauth_keyval_clear(tor_socksauth_keyval_t *obj) +socks5_client_request_clear(socks5_client_request_t *obj) { (void) obj; - TRUNNEL_DYNARRAY_WIPE(&obj->key); - TRUNNEL_DYNARRAY_CLEAR(&obj->key); - TRUNNEL_DYNARRAY_WIPE(&obj->val); - TRUNNEL_DYNARRAY_CLEAR(&obj->val); + domainname_free(obj->dest_addr_domainname); + obj->dest_addr_domainname = NULL; } void -tor_socksauth_keyval_free(tor_socksauth_keyval_t *obj) +socks5_client_request_free(socks5_client_request_t *obj) { if (obj == NULL) return; - tor_socksauth_keyval_clear(obj); - trunnel_memwipe(obj, sizeof(tor_socksauth_keyval_t)); + socks5_client_request_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_request_t)); trunnel_free_(obj); } -uint16_t -tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp) +uint8_t +socks5_client_request_get_version(const socks5_client_request_t *inp) { - return inp->keylen; + return inp->version; } int -tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val) +socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val) { - inp->keylen = val; + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; return 0; } -size_t -tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->key); -} - -char -tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->key, idx); -} - -char -tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx) -{ - return tor_socksauth_keyval_get_key((tor_socksauth_keyval_t*)inp, idx); -} -int -tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt) +uint8_t +socks5_client_request_get_command(const socks5_client_request_t *inp) { - TRUNNEL_DYNARRAY_SET(&inp->key, idx, elt); - return 0; + return inp->command; } int -tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt) +socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) { -#if SIZE_MAX >= UINT16_MAX - if (inp->key.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(char, &inp->key, elt, {}); + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->command = val; return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; } - -char * -tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp) -{ - return inp->key.elts_; -} -const char * -tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp) +uint8_t +socks5_client_request_get_reserved(const socks5_client_request_t *inp) { - return (const char *)tor_socksauth_keyval_getarray_key((tor_socksauth_keyval_t*)inp); + return inp->reserved; } int -tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen) -{ -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - return trunnel_string_setlen(&inp->key, newlen, - &inp->trunnel_error_code_); - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} -const char * -tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp) +socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val) { - return trunnel_string_getstr(&inp->key); + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; } -int -tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len) +uint8_t +socks5_client_request_get_atype(const socks5_client_request_t *inp) { -#if UINT16_MAX < SIZE_MAX - if (len > UINT16_MAX) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } -#endif - return trunnel_string_setstr0(&inp->key, val, len, &inp->trunnel_error_code_); + return inp->atype; } int -tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val) +socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val) { - return tor_socksauth_keyval_setstr0_key(inp, val, strlen(val)); + inp->atype = val; + return 0; } -uint16_t -tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp) +uint32_t +socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp) { - return inp->vallen; + return inp->dest_addr_ipv4; } int -tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val) +socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val) { - inp->vallen = val; + inp->dest_addr_ipv4 = val; return 0; } size_t -tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp) +socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp) { - return TRUNNEL_DYNARRAY_LEN(&inp->val); + (void)inp; return 16; } -char -tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx) +uint8_t +socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx) { - return TRUNNEL_DYNARRAY_GET(&inp->val, idx); + trunnel_assert(idx < 16); + return inp->dest_addr_ipv6[idx]; } -char -tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx) -{ - return tor_socksauth_keyval_get_val((tor_socksauth_keyval_t*)inp, idx); -} -int -tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt) +uint8_t +socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx) { - TRUNNEL_DYNARRAY_SET(&inp->val, idx, elt); - return 0; + return socks5_client_request_get_dest_addr_ipv6((socks5_client_request_t*)inp, idx); } int -tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt) +socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt) { -#if SIZE_MAX >= UINT16_MAX - if (inp->val.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(char, &inp->val, elt, {}); + trunnel_assert(idx < 16); + inp->dest_addr_ipv6[idx] = elt; return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; } -char * -tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp) +uint8_t * +socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp) { - return inp->val.elts_; + return inp->dest_addr_ipv6; } -const char * -tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp) +const uint8_t * +socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp) { - return (const char *)tor_socksauth_keyval_getarray_val((tor_socksauth_keyval_t*)inp); + return (const uint8_t *)socks5_client_request_getarray_dest_addr_ipv6((socks5_client_request_t*)inp); } -int -tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen) +struct domainname_st * +socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp) { -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - return trunnel_string_setlen(&inp->val, newlen, - &inp->trunnel_error_code_); - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; + return inp->dest_addr_domainname; } -const char * -tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp) +const struct domainname_st * +socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp) { - return trunnel_string_getstr(&inp->val); + return socks5_client_request_get_dest_addr_domainname((socks5_client_request_t*) inp); } int -tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len) +socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) { -#if UINT16_MAX < SIZE_MAX - if (len > UINT16_MAX) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } -#endif - return trunnel_string_setstr0(&inp->val, val, len, &inp->trunnel_error_code_); + if (inp->dest_addr_domainname && inp->dest_addr_domainname != val) + domainname_free(inp->dest_addr_domainname); + return socks5_client_request_set0_dest_addr_domainname(inp, val); } int -tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val) -{ - return tor_socksauth_keyval_setstr0_val(inp, val, strlen(val)); -} -const char * -tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj) +socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) { - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (TRUNNEL_DYNARRAY_LEN(&obj->key) != obj->keylen) - return "Length mismatch for key"; - if (TRUNNEL_DYNARRAY_LEN(&obj->val) != obj->vallen) - return "Length mismatch for val"; - return NULL; + inp->dest_addr_domainname = val; + return 0; } - -ssize_t -tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj) +uint16_t +socks5_client_request_get_dest_port(const socks5_client_request_t *inp) { - ssize_t result = 0; - - if (NULL != tor_socksauth_keyval_check(obj)) - return -1; - - - /* Length of u16 keylen */ - result += 2; - - /* Length of char key[keylen] */ - result += TRUNNEL_DYNARRAY_LEN(&obj->key); - - /* Length of u16 vallen */ - result += 2; - - /* Length of char val[vallen] */ - result += TRUNNEL_DYNARRAY_LEN(&obj->val); - return result; -} -int -tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -tor_socksauth_keyval_encode(uint8_t *output, const size_t avail, const tor_socksauth_keyval_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_socksauth_keyval_encoded_len(obj); -#endif - - if (NULL != (msg = tor_socksauth_keyval_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u16 keylen */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->keylen)); - written += 2; ptr += 2; - - /* Encode char key[keylen] */ - { - size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->key); - trunnel_assert(obj->keylen == elt_len); - trunnel_assert(written <= avail); - if (avail - written < elt_len) - goto truncated; - if (elt_len) - memcpy(ptr, obj->key.elts_, elt_len); - written += elt_len; ptr += elt_len; - } - - /* Encode u16 vallen */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->vallen)); - written += 2; ptr += 2; - - /* Encode char val[vallen] */ - { - size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->val); - trunnel_assert(obj->vallen == elt_len); - trunnel_assert(written <= avail); - if (avail - written < elt_len) - goto truncated; - if (elt_len) - memcpy(ptr, obj->val.elts_, elt_len); - written += elt_len; ptr += elt_len; - } - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As tor_socksauth_keyval_parse(), but do not allocate the output - * object. - */ -static ssize_t -tor_socksauth_keyval_parse_into(tor_socksauth_keyval_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u16 keylen */ - CHECK_REMAINING(2, truncated); - obj->keylen = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse char key[keylen] */ - CHECK_REMAINING(obj->keylen, truncated); - if (tor_socksauth_keyval_setstr0_key(obj, (const char*)ptr, obj->keylen)) - goto fail; - ptr += obj->keylen; remaining -= obj->keylen; - - /* Parse u16 vallen */ - CHECK_REMAINING(2, truncated); - obj->vallen = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse char val[vallen] */ - CHECK_REMAINING(obj->vallen, truncated); - if (tor_socksauth_keyval_setstr0_val(obj, (const char*)ptr, obj->vallen)) - goto fail; - ptr += obj->vallen; remaining -= obj->vallen; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - fail: - result = -1; - return result; -} - -ssize_t -tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = tor_socksauth_keyval_new(); - if (NULL == *output) - return -1; - result = tor_socksauth_keyval_parse_into(*output, input, len_in); - if (result < 0) { - tor_socksauth_keyval_free(*output); - *output = NULL; - } - return result; -} -socks5_client_request_t * -socks5_client_request_new(void) -{ - socks5_client_request_t *val = trunnel_calloc(1, sizeof(socks5_client_request_t)); - if (NULL == val) - return NULL; - val->version = 5; - val->command = CMD_BIND; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -socks5_client_request_clear(socks5_client_request_t *obj) -{ - (void) obj; - domainname_free(obj->dest_addr_domainname); - obj->dest_addr_domainname = NULL; -} - -void -socks5_client_request_free(socks5_client_request_t *obj) -{ - if (obj == NULL) - return; - socks5_client_request_clear(obj); - trunnel_memwipe(obj, sizeof(socks5_client_request_t)); - trunnel_free_(obj); -} - -uint8_t -socks5_client_request_get_version(const socks5_client_request_t *inp) -{ - return inp->version; -} -int -socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val) -{ - if (! ((val == 5))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint8_t -socks5_client_request_get_command(const socks5_client_request_t *inp) -{ - return inp->command; -} -int -socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) -{ - if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->command = val; - return 0; -} -uint8_t -socks5_client_request_get_reserved(const socks5_client_request_t *inp) -{ - return inp->reserved; -} -int -socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val) -{ - if (! ((val == 0))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->reserved = val; - return 0; -} -uint8_t -socks5_client_request_get_atype(const socks5_client_request_t *inp) -{ - return inp->atype; -} -int -socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val) -{ - inp->atype = val; - return 0; -} -uint32_t -socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp) -{ - return inp->dest_addr_ipv4; -} -int -socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val) -{ - inp->dest_addr_ipv4 = val; - return 0; -} -size_t -socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp) -{ - (void)inp; return 16; -} - -uint8_t -socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx) -{ - trunnel_assert(idx < 16); - return inp->dest_addr_ipv6[idx]; -} - -uint8_t -socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx) -{ - return socks5_client_request_get_dest_addr_ipv6((socks5_client_request_t*)inp, idx); -} -int -socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt) -{ - trunnel_assert(idx < 16); - inp->dest_addr_ipv6[idx] = elt; - return 0; -} - -uint8_t * -socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp) -{ - return inp->dest_addr_ipv6; -} -const uint8_t * -socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp) -{ - return (const uint8_t *)socks5_client_request_getarray_dest_addr_ipv6((socks5_client_request_t*)inp); -} -struct domainname_st * -socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp) -{ - return inp->dest_addr_domainname; -} -const struct domainname_st * -socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp) -{ - return socks5_client_request_get_dest_addr_domainname((socks5_client_request_t*) inp); -} -int -socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) -{ - if (inp->dest_addr_domainname && inp->dest_addr_domainname != val) - domainname_free(inp->dest_addr_domainname); - return socks5_client_request_set0_dest_addr_domainname(inp, val); -} -int -socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) -{ - inp->dest_addr_domainname = val; - return 0; -} -uint16_t -socks5_client_request_get_dest_port(const socks5_client_request_t *inp) -{ - return inp->dest_port; + return inp->dest_port; } int socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val) { - inp->dest_port = val; - return 0; -} -const char * -socks5_client_request_check(const socks5_client_request_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 5)) - return "Integer out of bounds"; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) - return "Integer out of bounds"; - if (! (obj->reserved == 0)) - return "Integer out of bounds"; - switch (obj->atype) { - - case ATYPE_IPV4: - break; - - case ATYPE_IPV6: - break; - - case ATYPE_DOMAINNAME: - { - const char *msg; - if (NULL != (msg = domainname_check(obj->dest_addr_domainname))) - return msg; - } - break; - - default: - return "Bad tag for union"; - break; - } - return NULL; -} - -ssize_t -socks5_client_request_encoded_len(const socks5_client_request_t *obj) -{ - ssize_t result = 0; - - if (NULL != socks5_client_request_check(obj)) - return -1; - - - /* Length of u8 version IN [5] */ - result += 1; - - /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ - result += 1; - - /* Length of u8 reserved IN [0] */ - result += 1; - - /* Length of u8 atype */ - result += 1; - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Length of u32 dest_addr_ipv4 */ - result += 4; - break; - - case ATYPE_IPV6: - - /* Length of u8 dest_addr_ipv6[16] */ - result += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Length of struct domainname dest_addr_domainname */ - result += domainname_encoded_len(obj->dest_addr_domainname); - break; - - default: - trunnel_assert(0); - break; - } - - /* Length of u16 dest_port */ - result += 2; - return result; -} -int -socks5_client_request_clear_errors(socks5_client_request_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_client_request_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = socks5_client_request_encoded_len(obj); -#endif - - if (NULL != (msg = socks5_client_request_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [5] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->command)); - written += 1; ptr += 1; - - /* Encode u8 reserved IN [0] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->reserved)); - written += 1; ptr += 1; - - /* Encode u8 atype */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->atype)); - written += 1; ptr += 1; - - /* Encode union dest_addr[atype] */ - trunnel_assert(written <= avail); - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Encode u32 dest_addr_ipv4 */ - trunnel_assert(written <= avail); - if (avail - written < 4) - goto truncated; - trunnel_set_uint32(ptr, trunnel_htonl(obj->dest_addr_ipv4)); - written += 4; ptr += 4; - break; - - case ATYPE_IPV6: - - /* Encode u8 dest_addr_ipv6[16] */ - trunnel_assert(written <= avail); - if (avail - written < 16) - goto truncated; - memcpy(ptr, obj->dest_addr_ipv6, 16); - written += 16; ptr += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Encode struct domainname dest_addr_domainname */ - trunnel_assert(written <= avail); - result = domainname_encode(ptr, avail - written, obj->dest_addr_domainname); - if (result < 0) - goto fail; /* XXXXXXX !*/ - written += result; ptr += result; - break; - - default: - trunnel_assert(0); - break; - } - - /* Encode u16 dest_port */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->dest_port)); - written += 2; ptr += 2; - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As socks5_client_request_parse(), but do not allocate the output - * object. - */ -static ssize_t -socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [5] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 5)) - goto fail; - - /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ - CHECK_REMAINING(1, truncated); - obj->command = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) - goto fail; - - /* Parse u8 reserved IN [0] */ - CHECK_REMAINING(1, truncated); - obj->reserved = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->reserved == 0)) - goto fail; - - /* Parse u8 atype */ - CHECK_REMAINING(1, truncated); - obj->atype = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - - /* Parse union dest_addr[atype] */ - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Parse u32 dest_addr_ipv4 */ - CHECK_REMAINING(4, truncated); - obj->dest_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); - remaining -= 4; ptr += 4; - break; - - case ATYPE_IPV6: - - /* Parse u8 dest_addr_ipv6[16] */ - CHECK_REMAINING(16, truncated); - memcpy(obj->dest_addr_ipv6, ptr, 16); - remaining -= 16; ptr += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Parse struct domainname dest_addr_domainname */ - result = domainname_parse(&obj->dest_addr_domainname, ptr, remaining); - if (result < 0) - goto relay_fail; - trunnel_assert((size_t)result <= remaining); - remaining -= result; ptr += result; - break; - - default: - goto fail; - break; - } - - /* Parse u16 dest_port */ - CHECK_REMAINING(2, truncated); - obj->dest_port = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - relay_fail: - trunnel_assert(result < 0); - return result; - fail: - result = -1; - return result; -} - -ssize_t -socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = socks5_client_request_new(); - if (NULL == *output) - return -1; - result = socks5_client_request_parse_into(*output, input, len_in); - if (result < 0) { - socks5_client_request_free(*output); - *output = NULL; - } - return result; -} -socks5_server_reply_t * -socks5_server_reply_new(void) -{ - socks5_server_reply_t *val = trunnel_calloc(1, sizeof(socks5_server_reply_t)); - if (NULL == val) - return NULL; - val->version = 5; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -socks5_server_reply_clear(socks5_server_reply_t *obj) -{ - (void) obj; - domainname_free(obj->bind_addr_domainname); - obj->bind_addr_domainname = NULL; -} - -void -socks5_server_reply_free(socks5_server_reply_t *obj) -{ - if (obj == NULL) - return; - socks5_server_reply_clear(obj); - trunnel_memwipe(obj, sizeof(socks5_server_reply_t)); - trunnel_free_(obj); -} - -uint8_t -socks5_server_reply_get_version(const socks5_server_reply_t *inp) -{ - return inp->version; -} -int -socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val) -{ - if (! ((val == 5))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint8_t -socks5_server_reply_get_reply(const socks5_server_reply_t *inp) -{ - return inp->reply; -} -int -socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val) -{ - inp->reply = val; - return 0; -} -uint8_t -socks5_server_reply_get_reserved(const socks5_server_reply_t *inp) -{ - return inp->reserved; -} -int -socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val) -{ - if (! ((val == 0))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->reserved = val; - return 0; -} -uint8_t -socks5_server_reply_get_atype(const socks5_server_reply_t *inp) -{ - return inp->atype; -} -int -socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val) -{ - inp->atype = val; - return 0; -} -uint32_t -socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp) -{ - return inp->bind_addr_ipv4; -} -int -socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val) -{ - inp->bind_addr_ipv4 = val; - return 0; -} -size_t -socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp) -{ - (void)inp; return 16; -} - -uint8_t -socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx) -{ - trunnel_assert(idx < 16); - return inp->bind_addr_ipv6[idx]; -} - -uint8_t -socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx) -{ - return socks5_server_reply_get_bind_addr_ipv6((socks5_server_reply_t*)inp, idx); -} -int -socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt) -{ - trunnel_assert(idx < 16); - inp->bind_addr_ipv6[idx] = elt; - return 0; -} - -uint8_t * -socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp) -{ - return inp->bind_addr_ipv6; -} -const uint8_t * -socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp) -{ - return (const uint8_t *)socks5_server_reply_getarray_bind_addr_ipv6((socks5_server_reply_t*)inp); -} -struct domainname_st * -socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp) -{ - return inp->bind_addr_domainname; -} -const struct domainname_st * -socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp) -{ - return socks5_server_reply_get_bind_addr_domainname((socks5_server_reply_t*) inp); -} -int -socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) -{ - if (inp->bind_addr_domainname && inp->bind_addr_domainname != val) - domainname_free(inp->bind_addr_domainname); - return socks5_server_reply_set0_bind_addr_domainname(inp, val); -} -int -socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) -{ - inp->bind_addr_domainname = val; - return 0; -} -uint16_t -socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp) -{ - return inp->bind_port; -} -int -socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val) -{ - inp->bind_port = val; - return 0; -} -const char * -socks5_server_reply_check(const socks5_server_reply_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 5)) - return "Integer out of bounds"; - if (! (obj->reserved == 0)) - return "Integer out of bounds"; - switch (obj->atype) { - - case ATYPE_IPV4: - break; - - case ATYPE_IPV6: - break; - - case ATYPE_DOMAINNAME: - { - const char *msg; - if (NULL != (msg = domainname_check(obj->bind_addr_domainname))) - return msg; - } - break; - - default: - return "Bad tag for union"; - break; - } - return NULL; -} - -ssize_t -socks5_server_reply_encoded_len(const socks5_server_reply_t *obj) -{ - ssize_t result = 0; - - if (NULL != socks5_server_reply_check(obj)) - return -1; - - - /* Length of u8 version IN [5] */ - result += 1; - - /* Length of u8 reply */ - result += 1; - - /* Length of u8 reserved IN [0] */ - result += 1; - - /* Length of u8 atype */ - result += 1; - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Length of u32 bind_addr_ipv4 */ - result += 4; - break; - - case ATYPE_IPV6: - - /* Length of u8 bind_addr_ipv6[16] */ - result += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Length of struct domainname bind_addr_domainname */ - result += domainname_encoded_len(obj->bind_addr_domainname); - break; - - default: - trunnel_assert(0); - break; - } - - /* Length of u16 bind_port */ - result += 2; - return result; -} -int -socks5_server_reply_clear_errors(socks5_server_reply_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -socks5_server_reply_encode(uint8_t *output, const size_t avail, const socks5_server_reply_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = socks5_server_reply_encoded_len(obj); -#endif - - if (NULL != (msg = socks5_server_reply_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [5] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u8 reply */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->reply)); - written += 1; ptr += 1; - - /* Encode u8 reserved IN [0] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->reserved)); - written += 1; ptr += 1; - - /* Encode u8 atype */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->atype)); - written += 1; ptr += 1; - - /* Encode union bind_addr[atype] */ - trunnel_assert(written <= avail); - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Encode u32 bind_addr_ipv4 */ - trunnel_assert(written <= avail); - if (avail - written < 4) - goto truncated; - trunnel_set_uint32(ptr, trunnel_htonl(obj->bind_addr_ipv4)); - written += 4; ptr += 4; - break; - - case ATYPE_IPV6: - - /* Encode u8 bind_addr_ipv6[16] */ - trunnel_assert(written <= avail); - if (avail - written < 16) - goto truncated; - memcpy(ptr, obj->bind_addr_ipv6, 16); - written += 16; ptr += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Encode struct domainname bind_addr_domainname */ - trunnel_assert(written <= avail); - result = domainname_encode(ptr, avail - written, obj->bind_addr_domainname); - if (result < 0) - goto fail; /* XXXXXXX !*/ - written += result; ptr += result; - break; - - default: - trunnel_assert(0); - break; - } - - /* Encode u16 bind_port */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->bind_port)); - written += 2; ptr += 2; - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As socks5_server_reply_parse(), but do not allocate the output - * object. - */ -static ssize_t -socks5_server_reply_parse_into(socks5_server_reply_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [5] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 5)) - goto fail; - - /* Parse u8 reply */ - CHECK_REMAINING(1, truncated); - obj->reply = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - - /* Parse u8 reserved IN [0] */ - CHECK_REMAINING(1, truncated); - obj->reserved = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->reserved == 0)) - goto fail; - - /* Parse u8 atype */ - CHECK_REMAINING(1, truncated); - obj->atype = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - - /* Parse union bind_addr[atype] */ - switch (obj->atype) { - - case ATYPE_IPV4: - - /* Parse u32 bind_addr_ipv4 */ - CHECK_REMAINING(4, truncated); - obj->bind_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); - remaining -= 4; ptr += 4; - break; - - case ATYPE_IPV6: - - /* Parse u8 bind_addr_ipv6[16] */ - CHECK_REMAINING(16, truncated); - memcpy(obj->bind_addr_ipv6, ptr, 16); - remaining -= 16; ptr += 16; - break; - - case ATYPE_DOMAINNAME: - - /* Parse struct domainname bind_addr_domainname */ - result = domainname_parse(&obj->bind_addr_domainname, ptr, remaining); - if (result < 0) - goto relay_fail; - trunnel_assert((size_t)result <= remaining); - remaining -= result; ptr += result; - break; - - default: - goto fail; - break; - } - - /* Parse u16 bind_port */ - CHECK_REMAINING(2, truncated); - obj->bind_port = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - relay_fail: - trunnel_assert(result < 0); - return result; - fail: - result = -1; - return result; -} - -ssize_t -socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = socks5_server_reply_new(); - if (NULL == *output) - return -1; - result = socks5_server_reply_parse_into(*output, input, len_in); - if (result < 0) { - socks5_server_reply_free(*output); - *output = NULL; - } - return result; -} -tor_extended_socks_auth_request_t * -tor_extended_socks_auth_request_new(void) -{ - tor_extended_socks_auth_request_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_request_t)); - if (NULL == val) - return NULL; - val->version = 1; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -tor_extended_socks_auth_request_clear(tor_extended_socks_auth_request_t *obj) -{ - (void) obj; - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - TRUNNEL_DYNARRAY_WIPE(&obj->pairs); - TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); -} - -void -tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *obj) -{ - if (obj == NULL) - return; - tor_extended_socks_auth_request_clear(obj); - trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_request_t)); - trunnel_free_(obj); -} - -uint8_t -tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp) -{ - return inp->version; -} -int -tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val) -{ - if (! ((val == 1))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint16_t -tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp) -{ - return inp->npairs; -} -int -tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val) -{ - inp->npairs = val; - return 0; -} -size_t -tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->pairs); -} - -struct tor_socksauth_keyval_st * -tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); -} - - const struct tor_socksauth_keyval_st * -tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx) -{ - return tor_extended_socks_auth_request_get_pairs((tor_extended_socks_auth_request_t*)inp, idx); -} -int -tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); - if (oldval && oldval != elt) - tor_socksauth_keyval_free(oldval); - return tor_extended_socks_auth_request_set0_pairs(inp, idx, elt); -} -int -tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); - return 0; -} -int -tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt) -{ -#if SIZE_MAX >= UINT16_MAX - if (inp->pairs.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} - -struct tor_socksauth_keyval_st * * -tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp) -{ - return inp->pairs.elts_; -} -const struct tor_socksauth_keyval_st * const * -tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp) -{ - return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_request_getarray_pairs((tor_extended_socks_auth_request_t*)inp); -} -int -tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen) -{ - struct tor_socksauth_keyval_st * *newptr; -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, - &inp->pairs.n_, inp->pairs.elts_, newlen, - sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, - &inp->trunnel_error_code_); - if (newlen != 0 && newptr == NULL) - goto trunnel_alloc_failed; - inp->pairs.elts_ = newptr; + inp->dest_port = val; return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; } const char * -tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj) +socks5_client_request_check(const socks5_client_request_t *obj) { if (obj == NULL) return "Object was NULL"; if (obj->trunnel_error_code_) return "A set function failed on this object"; - if (! (obj->version == 1)) + if (! (obj->version == 5)) return "Integer out of bounds"; - { - const char *msg; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + return "Integer out of bounds"; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->dest_addr_domainname))) + return msg; + } + break; - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) - return msg; - } + default: + return "Bad tag for union"; + break; } - if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) - return "Length mismatch for pairs"; return NULL; } ssize_t -tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj) +socks5_client_request_encoded_len(const socks5_client_request_t *obj) { ssize_t result = 0; - if (NULL != tor_extended_socks_auth_request_check(obj)) + if (NULL != socks5_client_request_check(obj)) return -1; - /* Length of u8 version IN [1] */ + /* Length of u8 version IN [5] */ result += 1; - /* Length of u16 npairs */ - result += 2; + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + result += 1; - /* Length of struct tor_socksauth_keyval pairs[npairs] */ - { + /* Length of u8 reserved IN [0] */ + result += 1; + + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 dest_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 dest_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname dest_addr_domainname */ + result += domainname_encoded_len(obj->dest_addr_domainname); + break; - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } + default: + trunnel_assert(0); + break; } + + /* Length of u16 dest_port */ + result += 2; return result; } int -tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj) +socks5_client_request_clear_errors(socks5_client_request_t *obj) { int r = obj->trunnel_error_code_; obj->trunnel_error_code_ = 0; return r; } ssize_t -tor_extended_socks_auth_request_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_request_t *obj) +socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_client_request_t *obj) { ssize_t result = 0; size_t written = 0; uint8_t *ptr = output; const char *msg; #ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_extended_socks_auth_request_encoded_len(obj); + const ssize_t encoded_len = socks5_client_request_encoded_len(obj); #endif - if (NULL != (msg = tor_extended_socks_auth_request_check(obj))) + if (NULL != (msg = socks5_client_request_check(obj))) goto check_failed; #ifdef TRUNNEL_CHECK_ENCODED_LEN trunnel_assert(encoded_len >= 0); #endif - /* Encode u8 version IN [1] */ + /* Encode u8 version IN [5] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; trunnel_set_uint8(ptr, (obj->version)); written += 1; ptr += 1; - /* Encode u16 npairs */ + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->command)); + written += 1; ptr += 1; + + /* Encode u8 reserved IN [0] */ trunnel_assert(written <= avail); - if (avail - written < 2) + if (avail - written < 1) goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); - written += 2; ptr += 2; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; - /* Encode struct tor_socksauth_keyval pairs[npairs] */ - { + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union dest_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 dest_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->dest_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 dest_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->dest_addr_ipv6, 16); + written += 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + /* Encode struct domainname dest_addr_domainname */ trunnel_assert(written <= avail); - result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + result = domainname_encode(ptr, avail - written, obj->dest_addr_domainname); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; - } + break; + + default: + trunnel_assert(0); + break; } + /* Encode u16 dest_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->dest_port)); + written += 2; ptr += 2; + trunnel_assert(ptr == output + written); #ifdef TRUNNEL_CHECK_ENCODED_LEN @@ -4632,43 +3405,81 @@ tor_extended_socks_auth_request_encode(uint8_t *output, const size_t avail, cons return result; } -/** As tor_extended_socks_auth_request_parse(), but do not allocate - * the output object. +/** As socks5_client_request_parse(), but do not allocate the output + * object. */ static ssize_t -tor_extended_socks_auth_request_parse_into(tor_extended_socks_auth_request_t *obj, const uint8_t *input, const size_t len_in) +socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *input, const size_t len_in) { const uint8_t *ptr = input; size_t remaining = len_in; ssize_t result = 0; (void)result; - /* Parse u8 version IN [1] */ + /* Parse u8 version IN [5] */ CHECK_REMAINING(1, truncated); obj->version = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->version == 1)) + if (! (obj->version == 5)) goto fail; - /* Parse u16 npairs */ - CHECK_REMAINING(2, truncated); - obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + CHECK_REMAINING(1, truncated); + obj->command = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + goto fail; - /* Parse struct tor_socksauth_keyval pairs[npairs] */ - TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); - { - tor_socksauth_keyval_t * elt; - unsigned idx; - for (idx = 0; idx < obj->npairs; ++idx) { - result = tor_socksauth_keyval_parse(&elt, ptr, remaining); + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; + + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union dest_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 dest_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->dest_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 dest_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->dest_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname dest_addr_domainname */ + result = domainname_parse(&obj->dest_addr_domainname, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); remaining -= result; ptr += result; - TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); - } + break; + + default: + goto fail; + break; } + + /* Parse u16 dest_port */ + CHECK_REMAINING(2, truncated); + obj->dest_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; trunnel_assert(ptr + remaining == input + len_in); return len_in - remaining; @@ -4677,73 +3488,64 @@ tor_extended_socks_auth_request_parse_into(tor_extended_socks_auth_request_t *ob relay_fail: trunnel_assert(result < 0); return result; - trunnel_alloc_failed: - return -1; fail: result = -1; return result; } ssize_t -tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in) +socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in) { ssize_t result; - *output = tor_extended_socks_auth_request_new(); + *output = socks5_client_request_new(); if (NULL == *output) return -1; - result = tor_extended_socks_auth_request_parse_into(*output, input, len_in); + result = socks5_client_request_parse_into(*output, input, len_in); if (result < 0) { - tor_extended_socks_auth_request_free(*output); + socks5_client_request_free(*output); *output = NULL; } return result; } -tor_extended_socks_auth_response_t * -tor_extended_socks_auth_response_new(void) +socks5_server_reply_t * +socks5_server_reply_new(void) { - tor_extended_socks_auth_response_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_response_t)); + socks5_server_reply_t *val = trunnel_calloc(1, sizeof(socks5_server_reply_t)); if (NULL == val) return NULL; - val->version = 1; + val->version = 5; return val; } /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -tor_extended_socks_auth_response_clear(tor_extended_socks_auth_response_t *obj) +socks5_server_reply_clear(socks5_server_reply_t *obj) { (void) obj; - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - TRUNNEL_DYNARRAY_WIPE(&obj->pairs); - TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); + domainname_free(obj->bind_addr_domainname); + obj->bind_addr_domainname = NULL; } void -tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *obj) +socks5_server_reply_free(socks5_server_reply_t *obj) { if (obj == NULL) return; - tor_extended_socks_auth_response_clear(obj); - trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_response_t)); + socks5_server_reply_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_reply_t)); trunnel_free_(obj); } uint8_t -tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp) +socks5_server_reply_get_version(const socks5_server_reply_t *inp) { return inp->version; } int -tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val) +socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val) { - if (! ((val == 1))) { + if (! ((val == 5))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -4751,212 +3553,305 @@ tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t return 0; } uint8_t -tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp) +socks5_server_reply_get_reply(const socks5_server_reply_t *inp) { - return inp->status; + return inp->reply; } int -tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val) +socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val) { - inp->status = val; + inp->reply = val; + return 0; +} +uint8_t +socks5_server_reply_get_reserved(const socks5_server_reply_t *inp) +{ + return inp->reserved; +} +int +socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; +} +uint8_t +socks5_server_reply_get_atype(const socks5_server_reply_t *inp) +{ + return inp->atype; +} +int +socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val) +{ + inp->atype = val; return 0; } -uint16_t -tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp) +uint32_t +socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp) { - return inp->npairs; + return inp->bind_addr_ipv4; } int -tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val) +socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val) { - inp->npairs = val; + inp->bind_addr_ipv4 = val; return 0; } size_t -tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp) +socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp) { - return TRUNNEL_DYNARRAY_LEN(&inp->pairs); + (void)inp; return 16; } -struct tor_socksauth_keyval_st * -tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx) +uint8_t +socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx) { - return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); + trunnel_assert(idx < 16); + return inp->bind_addr_ipv6[idx]; } - const struct tor_socksauth_keyval_st * -tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx) +uint8_t +socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx) { - return tor_extended_socks_auth_response_get_pairs((tor_extended_socks_auth_response_t*)inp, idx); + return socks5_server_reply_get_bind_addr_ipv6((socks5_server_reply_t*)inp, idx); } int -tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) +socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt) { - tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); - if (oldval && oldval != elt) - tor_socksauth_keyval_free(oldval); - return tor_extended_socks_auth_response_set0_pairs(inp, idx, elt); + trunnel_assert(idx < 16); + inp->bind_addr_ipv6[idx] = elt; + return 0; } -int -tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) + +uint8_t * +socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp) { - TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); - return 0; + return inp->bind_addr_ipv6; +} +const uint8_t * +socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp) +{ + return (const uint8_t *)socks5_server_reply_getarray_bind_addr_ipv6((socks5_server_reply_t*)inp); +} +struct domainname_st * +socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp) +{ + return inp->bind_addr_domainname; +} +const struct domainname_st * +socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp) +{ + return socks5_server_reply_get_bind_addr_domainname((socks5_server_reply_t*) inp); } int -tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt) +socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) { -#if SIZE_MAX >= UINT16_MAX - if (inp->pairs.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; + if (inp->bind_addr_domainname && inp->bind_addr_domainname != val) + domainname_free(inp->bind_addr_domainname); + return socks5_server_reply_set0_bind_addr_domainname(inp, val); } - -struct tor_socksauth_keyval_st * * -tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp) +int +socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) { - return inp->pairs.elts_; + inp->bind_addr_domainname = val; + return 0; } -const struct tor_socksauth_keyval_st * const * -tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp) +uint16_t +socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp) { - return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_response_getarray_pairs((tor_extended_socks_auth_response_t*)inp); + return inp->bind_port; } int -tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen) +socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val) { - struct tor_socksauth_keyval_st * *newptr; -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, - &inp->pairs.n_, inp->pairs.elts_, newlen, - sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, - &inp->trunnel_error_code_); - if (newlen != 0 && newptr == NULL) - goto trunnel_alloc_failed; - inp->pairs.elts_ = newptr; + inp->bind_port = val; return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; } const char * -tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj) +socks5_server_reply_check(const socks5_server_reply_t *obj) { if (obj == NULL) return "Object was NULL"; if (obj->trunnel_error_code_) return "A set function failed on this object"; - if (! (obj->version == 1)) + if (! (obj->version == 5)) return "Integer out of bounds"; - { - const char *msg; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->bind_addr_domainname))) + return msg; + } + break; - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) - return msg; - } + default: + return "Bad tag for union"; + break; } - if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) - return "Length mismatch for pairs"; return NULL; } ssize_t -tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj) +socks5_server_reply_encoded_len(const socks5_server_reply_t *obj) { ssize_t result = 0; - if (NULL != tor_extended_socks_auth_response_check(obj)) + if (NULL != socks5_server_reply_check(obj)) return -1; - /* Length of u8 version IN [1] */ + /* Length of u8 version IN [5] */ result += 1; - /* Length of u8 status */ + /* Length of u8 reply */ result += 1; - /* Length of u16 npairs */ - result += 2; + /* Length of u8 reserved IN [0] */ + result += 1; - /* Length of struct tor_socksauth_keyval pairs[npairs] */ - { + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 bind_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 bind_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname bind_addr_domainname */ + result += domainname_encoded_len(obj->bind_addr_domainname); + break; - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } + default: + trunnel_assert(0); + break; } + + /* Length of u16 bind_port */ + result += 2; return result; } int -tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj) +socks5_server_reply_clear_errors(socks5_server_reply_t *obj) { int r = obj->trunnel_error_code_; obj->trunnel_error_code_ = 0; return r; } ssize_t -tor_extended_socks_auth_response_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_response_t *obj) +socks5_server_reply_encode(uint8_t *output, const size_t avail, const socks5_server_reply_t *obj) { ssize_t result = 0; size_t written = 0; uint8_t *ptr = output; const char *msg; #ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_extended_socks_auth_response_encoded_len(obj); + const ssize_t encoded_len = socks5_server_reply_encoded_len(obj); #endif - if (NULL != (msg = tor_extended_socks_auth_response_check(obj))) + if (NULL != (msg = socks5_server_reply_check(obj))) goto check_failed; #ifdef TRUNNEL_CHECK_ENCODED_LEN trunnel_assert(encoded_len >= 0); #endif - /* Encode u8 version IN [1] */ + /* Encode u8 version IN [5] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; trunnel_set_uint8(ptr, (obj->version)); written += 1; ptr += 1; - /* Encode u8 status */ + /* Encode u8 reply */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; - trunnel_set_uint8(ptr, (obj->status)); + trunnel_set_uint8(ptr, (obj->reply)); written += 1; ptr += 1; - /* Encode u16 npairs */ + /* Encode u8 reserved IN [0] */ trunnel_assert(written <= avail); - if (avail - written < 2) + if (avail - written < 1) goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); - written += 2; ptr += 2; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; - /* Encode struct tor_socksauth_keyval pairs[npairs] */ - { + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union bind_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 bind_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->bind_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 bind_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->bind_addr_ipv6, 16); + written += 16; ptr += 16; + break; - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + case ATYPE_DOMAINNAME: + + /* Encode struct domainname bind_addr_domainname */ trunnel_assert(written <= avail); - result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + result = domainname_encode(ptr, avail - written, obj->bind_addr_domainname); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; - } + break; + + default: + trunnel_assert(0); + break; } + /* Encode u16 bind_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->bind_port)); + written += 2; ptr += 2; + trunnel_assert(ptr == output + written); #ifdef TRUNNEL_CHECK_ENCODED_LEN @@ -4981,48 +3876,79 @@ tor_extended_socks_auth_response_encode(uint8_t *output, const size_t avail, con return result; } -/** As tor_extended_socks_auth_response_parse(), but do not allocate - * the output object. +/** As socks5_server_reply_parse(), but do not allocate the output + * object. */ static ssize_t -tor_extended_socks_auth_response_parse_into(tor_extended_socks_auth_response_t *obj, const uint8_t *input, const size_t len_in) +socks5_server_reply_parse_into(socks5_server_reply_t *obj, const uint8_t *input, const size_t len_in) { const uint8_t *ptr = input; size_t remaining = len_in; ssize_t result = 0; (void)result; - /* Parse u8 version IN [1] */ + /* Parse u8 version IN [5] */ CHECK_REMAINING(1, truncated); obj->version = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->version == 1)) + if (! (obj->version == 5)) goto fail; - /* Parse u8 status */ + /* Parse u8 reply */ CHECK_REMAINING(1, truncated); - obj->status = (trunnel_get_uint8(ptr)); + obj->reply = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - /* Parse u16 npairs */ - CHECK_REMAINING(2, truncated); - obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; - /* Parse struct tor_socksauth_keyval pairs[npairs] */ - TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); - { - tor_socksauth_keyval_t * elt; - unsigned idx; - for (idx = 0; idx < obj->npairs; ++idx) { - result = tor_socksauth_keyval_parse(&elt, ptr, remaining); + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union bind_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 bind_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->bind_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 bind_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->bind_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname bind_addr_domainname */ + result = domainname_parse(&obj->bind_addr_domainname, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); remaining -= result; ptr += result; - TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); - } + break; + + default: + goto fail; + break; } + + /* Parse u16 bind_port */ + CHECK_REMAINING(2, truncated); + obj->bind_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; trunnel_assert(ptr + remaining == input + len_in); return len_in - remaining; @@ -5031,23 +3957,21 @@ tor_extended_socks_auth_response_parse_into(tor_extended_socks_auth_response_t * relay_fail: trunnel_assert(result < 0); return result; - trunnel_alloc_failed: - return -1; fail: result = -1; return result; } ssize_t -tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in) +socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in) { ssize_t result; - *output = tor_extended_socks_auth_response_new(); + *output = socks5_server_reply_new(); if (NULL == *output) return -1; - result = tor_extended_socks_auth_response_parse_into(*output, input, len_in); + result = socks5_server_reply_parse_into(*output, input, len_in); if (result < 0) { - tor_extended_socks_auth_response_free(*output); + socks5_server_reply_free(*output); *output = NULL; } return result; diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h index d8f13c2ab..d3bea152e 100644 --- a/src/trunnel/socks5.h +++ b/src/trunnel/socks5.h @@ -82,16 +82,6 @@ struct socks5_server_userpass_auth_st { }; #endif typedef struct socks5_server_userpass_auth_st socks5_server_userpass_auth_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL) -struct tor_socksauth_keyval_st { - uint16_t keylen; - trunnel_string_t key; - uint16_t vallen; - trunnel_string_t val; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_socksauth_keyval_st tor_socksauth_keyval_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_REQUEST) struct socks5_client_request_st { uint8_t version; @@ -120,25 +110,6 @@ struct socks5_server_reply_st { }; #endif typedef struct socks5_server_reply_st socks5_server_reply_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_REQUEST) -struct tor_extended_socks_auth_request_st { - uint8_t version; - uint16_t npairs; - TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_extended_socks_auth_request_st tor_extended_socks_auth_request_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_RESPONSE) -struct tor_extended_socks_auth_response_st { - uint8_t version; - uint8_t status; - uint16_t npairs; - TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_extended_socks_auth_response_st tor_extended_socks_auth_response_t; /** Return a newly allocated domainname with all elements set to zero. */ domainname_t *domainname_new(void); @@ -753,154 +724,6 @@ uint8_t socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth * success; return -1 and set the error code on 'inp' on failure. */ int socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val); -/** Return a newly allocated tor_socksauth_keyval with all elements - * set to zero. - */ -tor_socksauth_keyval_t *tor_socksauth_keyval_new(void); -/** Release all storage held by the tor_socksauth_keyval in 'victim'. - * (Do nothing if 'victim' is NULL.) - */ -void tor_socksauth_keyval_free(tor_socksauth_keyval_t *victim); -/** Try to parse a tor_socksauth_keyval from the buffer in 'input', - * using up to 'len_in' bytes from the input buffer. On success, - * return the number of bytes consumed and set *output to the newly - * allocated tor_socksauth_keyval_t. On failure, return -2 if the - * input appears truncated, and -1 if the input is otherwise invalid. - */ -ssize_t tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_socksauth_keyval in 'obj'. On failure, return a negative value. - * Note that this value may be an overestimate, and can even be an - * underestimate for certain unencodeable objects. - */ -ssize_t tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj); -/** Try to encode the tor_socksauth_keyval from 'input' into the - * buffer at 'output', using up to 'avail' bytes of the output buffer. - * On success, return the number of bytes used. On failure, return -2 - * if the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t tor_socksauth_keyval_encode(uint8_t *output, size_t avail, const tor_socksauth_keyval_t *input); -/** Check whether the internal state of the tor_socksauth_keyval in - * 'obj' is consistent. Return NULL if it is, and a short message if - * it is not. - */ -const char *tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj); -/** Return the value of the keylen field of the tor_socksauth_keyval_t - * in 'inp' - */ -uint16_t tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp); -/** Set the value of the keylen field of the tor_socksauth_keyval_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the key field of - * the tor_socksauth_keyval_t in 'inp'. - */ -size_t tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * key of the tor_socksauth_keyval_t in 'inp'. - */ -char tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx); -/** As tor_socksauth_keyval_get_key, but take and return a const - * pointer - */ -char tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * key of the tor_socksauth_keyval_t in 'inp', so that it will hold - * the value 'elt'. - */ -int tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt); -/** Append a new element 'elt' to the dynamic array field key of the - * tor_socksauth_keyval_t in 'inp'. - */ -int tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt); -/** Return a pointer to the variable-length array field key of 'inp'. - */ -char * tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp); -/** As tor_socksauth_keyval_get_key, but take and return a const - * pointer - */ -const char * tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp); -/** Change the length of the variable-length array field key of 'inp' - * to 'newlen'.Fill extra elements with 0. Return 0 on success; return - * -1 and set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen); -/** Return the value of the key field of a tor_socksauth_keyval_t as a - * NUL-terminated string. - */ -const char * tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp); -/** Set the value of the key field of a tor_socksauth_keyval_t to a - * given string of length 'len'. Return 0 on success; return -1 and - * set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len); -/** Set the value of the key field of a tor_socksauth_keyval_t to a - * given NUL-terminated string. Return 0 on success; return -1 and set - * the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val); -/** Return the value of the vallen field of the tor_socksauth_keyval_t - * in 'inp' - */ -uint16_t tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp); -/** Set the value of the vallen field of the tor_socksauth_keyval_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the val field of - * the tor_socksauth_keyval_t in 'inp'. - */ -size_t tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * val of the tor_socksauth_keyval_t in 'inp'. - */ -char tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx); -/** As tor_socksauth_keyval_get_val, but take and return a const - * pointer - */ -char tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * val of the tor_socksauth_keyval_t in 'inp', so that it will hold - * the value 'elt'. - */ -int tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt); -/** Append a new element 'elt' to the dynamic array field val of the - * tor_socksauth_keyval_t in 'inp'. - */ -int tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt); -/** Return a pointer to the variable-length array field val of 'inp'. - */ -char * tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp); -/** As tor_socksauth_keyval_get_val, but take and return a const - * pointer - */ -const char * tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp); -/** Change the length of the variable-length array field val of 'inp' - * to 'newlen'.Fill extra elements with 0. Return 0 on success; return - * -1 and set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen); -/** Return the value of the val field of a tor_socksauth_keyval_t as a - * NUL-terminated string. - */ -const char * tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp); -/** Set the value of the val field of a tor_socksauth_keyval_t to a - * given string of length 'len'. Return 0 on success; return -1 and - * set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len); -/** Set the value of the val field of a tor_socksauth_keyval_t to a - * given NUL-terminated string. Return 0 on success; return -1 and set - * the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val); /** Return a newly allocated socks5_client_request with all elements * set to zero. */ @@ -1167,205 +990,6 @@ uint16_t socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp); * code on 'inp' on failure. */ int socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val); -/** Return a newly allocated tor_extended_socks_auth_request with all - * elements set to zero. - */ -tor_extended_socks_auth_request_t *tor_extended_socks_auth_request_new(void); -/** Release all storage held by the tor_extended_socks_auth_request in - * 'victim'. (Do nothing if 'victim' is NULL.) - */ -void tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *victim); -/** Try to parse a tor_extended_socks_auth_request from the buffer in - * 'input', using up to 'len_in' bytes from the input buffer. On - * success, return the number of bytes consumed and set *output to the - * newly allocated tor_extended_socks_auth_request_t. On failure, - * return -2 if the input appears truncated, and -1 if the input is - * otherwise invalid. - */ -ssize_t tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_extended_socks_auth_request in 'obj'. On failure, return a - * negative value. Note that this value may be an overestimate, and - * can even be an underestimate for certain unencodeable objects. - */ -ssize_t tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj); -/** Try to encode the tor_extended_socks_auth_request from 'input' - * into the buffer at 'output', using up to 'avail' bytes of the - * output buffer. On success, return the number of bytes used. On - * failure, return -2 if the buffer was not long enough, and -1 if the - * input was invalid. - */ -ssize_t tor_extended_socks_auth_request_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_request_t *input); -/** Check whether the internal state of the - * tor_extended_socks_auth_request in 'obj' is consistent. Return NULL - * if it is, and a short message if it is not. - */ -const char *tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj); -/** Return the value of the version field of the - * tor_extended_socks_auth_request_t in 'inp' - */ -uint8_t tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp); -/** Set the value of the version field of the - * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val); -/** Return the value of the npairs field of the - * tor_extended_socks_auth_request_t in 'inp' - */ -uint16_t tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp); -/** Set the value of the npairs field of the - * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the pairs field of - * the tor_extended_socks_auth_request_t in 'inp'. - */ -size_t tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_request_t in 'inp'. - */ -struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx); -/** As tor_extended_socks_auth_request_get_pairs, but take and return - * a const pointer - */ - const struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_request_t in 'inp', so that it - * will hold the value 'elt'. Free the previous value, if any. - */ -int tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** As tor_extended_socks_auth_request_set_pairs, but does not free - * the previous value. - */ -int tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** Append a new element 'elt' to the dynamic array field pairs of the - * tor_extended_socks_auth_request_t in 'inp'. - */ -int tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt); -/** Return a pointer to the variable-length array field pairs of - * 'inp'. - */ -struct tor_socksauth_keyval_st * * tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp); -/** As tor_extended_socks_auth_request_get_pairs, but take and return - * a const pointer - */ -const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp); -/** Change the length of the variable-length array field pairs of - * 'inp' to 'newlen'.Fill extra elements with NULL; free removed - * elements. Return 0 on success; return -1 and set the error code on - * 'inp' on failure. - */ -int tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen); -/** Return a newly allocated tor_extended_socks_auth_response with all - * elements set to zero. - */ -tor_extended_socks_auth_response_t *tor_extended_socks_auth_response_new(void); -/** Release all storage held by the tor_extended_socks_auth_response - * in 'victim'. (Do nothing if 'victim' is NULL.) - */ -void tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *victim); -/** Try to parse a tor_extended_socks_auth_response from the buffer in - * 'input', using up to 'len_in' bytes from the input buffer. On - * success, return the number of bytes consumed and set *output to the - * newly allocated tor_extended_socks_auth_response_t. On failure, - * return -2 if the input appears truncated, and -1 if the input is - * otherwise invalid. - */ -ssize_t tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_extended_socks_auth_response in 'obj'. On failure, return a - * negative value. Note that this value may be an overestimate, and - * can even be an underestimate for certain unencodeable objects. - */ -ssize_t tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj); -/** Try to encode the tor_extended_socks_auth_response from 'input' - * into the buffer at 'output', using up to 'avail' bytes of the - * output buffer. On success, return the number of bytes used. On - * failure, return -2 if the buffer was not long enough, and -1 if the - * input was invalid. - */ -ssize_t tor_extended_socks_auth_response_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_response_t *input); -/** Check whether the internal state of the - * tor_extended_socks_auth_response in 'obj' is consistent. Return - * NULL if it is, and a short message if it is not. - */ -const char *tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj); -/** Return the value of the version field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint8_t tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the version field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val); -/** Return the value of the status field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint8_t tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the status field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val); -/** Return the value of the npairs field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint16_t tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the npairs field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the pairs field of - * the tor_extended_socks_auth_response_t in 'inp'. - */ -size_t tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_response_t in 'inp'. - */ -struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx); -/** As tor_extended_socks_auth_response_get_pairs, but take and return - * a const pointer - */ - const struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_response_t in 'inp', so that - * it will hold the value 'elt'. Free the previous value, if any. - */ -int tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** As tor_extended_socks_auth_response_set_pairs, but does not free - * the previous value. - */ -int tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** Append a new element 'elt' to the dynamic array field pairs of the - * tor_extended_socks_auth_response_t in 'inp'. - */ -int tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt); -/** Return a pointer to the variable-length array field pairs of - * 'inp'. - */ -struct tor_socksauth_keyval_st * * tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp); -/** As tor_extended_socks_auth_response_get_pairs, but take and return - * a const pointer - */ -const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp); -/** Change the length of the variable-length array field pairs of - * 'inp' to 'newlen'.Fill extra elements with NULL; free removed - * elements. Return 0 on success; return -1 and set the error code on - * 'inp' on failure. - */ -int tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen); #endif diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index d70ad639e..b86ec03b9 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -92,25 +92,3 @@ struct socks4_server_reply { u32 addr; } -// And here's the extended stuff from proposal 229 - -struct tor_socksauth_keyval { - u16 keylen; - char key[keylen]; - u16 vallen; - char val[vallen]; -} - -struct tor_extended_socks_auth_request { - u8 version IN [1]; - u16 npairs; - struct tor_socksauth_keyval pairs[npairs]; -} - -struct tor_extended_socks_auth_response { - u8 version IN [1]; - u8 status; - u16 npairs; - struct tor_socksauth_keyval pairs[npairs]; -} -

1 0

[tor/master] Fix buf_t advancement in fetch_buf_from_socks
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit 58cb2ed24381d29458927c68e56aca0cae4b0f2e Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Wed May 23 11:44:43 2018 +0200 Fix buf_t advancement in fetch_buf_from_socks We pullup 512 bytes of input to make sure that at least one SOCKS message ends up in head of linked list --- src/or/proto_socks.c | 24 +++++++++++------------- src/test/test_socks.c | 4 ++-- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 0c48d597e..9f6073d2a 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -32,8 +32,7 @@ static socks_result_t parse_socks(const char *data, socks_request_t *req, int log_sockstype, int safe_socks, - size_t *drain_out, - size_t *want_length_out); + size_t *drain_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, ssize_t *drain_out); @@ -125,7 +124,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, goto end; } else if (parsed == -2) { res = SOCKS_RESULT_TRUNCATED; - if (datalen > 1024) { // XXX + if (datalen >= MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "socks4: parsing failed - invalid request."); res = SOCKS_RESULT_INVALID; } @@ -273,7 +272,7 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, goto end; } else if (parsed == -2) { res = SOCKS_RESULT_TRUNCATED; - if (datalen > 1024) { // XXX + if (datalen > MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); res = SOCKS_RESULT_INVALID; @@ -720,9 +719,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int res = 0; size_t datalen = buf_datalen(buf); size_t n_drain; - size_t want_length = 128; const char *head = NULL; socks_result_t socks_res; + size_t n_pullup; if (buf_datalen(buf) < 2) { /* version and another byte */ res = 0; @@ -731,13 +730,12 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, do { n_drain = 0; - buf_pullup(buf, MAX(want_length, buf_datalen(buf)), - &head, &datalen); + n_pullup = MIN(MAX_SOCKS_MESSAGE_LEN, buf_datalen(buf)); + buf_pullup(buf, n_pullup, &head, &datalen); tor_assert(head && datalen >= 2); - want_length = 0; socks_res = parse_socks(head, datalen, req, log_sockstype, - safe_socks, &n_drain, &want_length); + safe_socks, &n_drain); if (socks_res == SOCKS_RESULT_INVALID) buf_clear(buf); @@ -752,6 +750,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, res = 1; break; case SOCKS_RESULT_TRUNCATED: + if (datalen == n_pullup) + return 0; + /* FALLTHRU */ case SOCKS_RESULT_MORE_EXPECTED: res = 0; break; @@ -812,14 +813,12 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = * we'd like to see in the input buffer, if they're available. */ static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out, - size_t *want_length_out) + int log_sockstype, int safe_socks, size_t *drain_out) { uint8_t socksver; if (datalen < 2) { /* We always need at least 2 bytes. */ - *want_length_out = 2; return 0; } @@ -827,7 +826,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, if (socksver == 5 || socksver == 4 || socksver == 1) { // XXX: RFC 1929 - *want_length_out = 128; // TODO remove this arg later return handle_socks_message((const uint8_t *)data, datalen, req, log_sockstype, safe_socks, drain_out); } diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 9645ea32a..e1c5db6ee 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -142,7 +142,7 @@ test_socks_4_bad_arguments(void *ptr) get_options()->SafeSocks), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("Port or DestIP is zero."); // !!! + expect_log_msg_containing("Port or DestIP is zero."); mock_clean_saved_logs(); /* Try with 0 port */ @@ -164,7 +164,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("user name too long; rejecting."); + expect_log_msg_containing("socks4: parsing failed - invalid request."); mock_clean_saved_logs(); /* Try with 2000-byte hostname */

1 0

[tor/master] Rework socks_request_set_socks5_error() with trunnel
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit 4c845fcf9e5b009a5e8d29f4c54eb7a98513e436 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Wed May 23 14:38:13 2018 +0200 Rework socks_request_set_socks5_error() with trunnel --- src/or/proto_socks.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index dab349bbe..9dbd688b7 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -858,12 +858,31 @@ static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason) { - req->replylen = 10; - memset(req->reply,0,10); + socks5_server_reply_t *trunnel_resp = socks5_server_reply_new(); - req->reply[0] = 0x05; // VER field. - req->reply[1] = reason; // REP field. - req->reply[3] = 0x01; // ATYP field. + socks5_server_reply_set_version(trunnel_resp, 0x05); + socks5_server_reply_set_reply(trunnel_resp, reason); + socks5_server_reply_set_atype(trunnel_resp, 0x01); + + const char *errmsg = socks5_server_reply_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: reply validation failed: %s", + errmsg); + goto end; + } + + ssize_t encoded = socks5_server_reply_encode(req->reply, + sizeof(req->reply), + trunnel_resp); + if (encoded < 0) { + log_warn(LD_APP, "socks5: reply encoding failed: %d", + (int)encoded); + } else { + req->replylen = (size_t)encoded; + } + + end: + socks5_server_reply_free(trunnel_resp); } static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] =

1 0

[tor/master] Make a distinction between truncated message and expecting more messages
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit 01cf3007b56fdd53ecc757c54f30393c206458de Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue May 22 16:28:15 2018 +0200 Make a distinction between truncated message and expecting more messages --- src/or/proto_socks.c | 206 +++++++++++++++++++++++++++------------------------ 1 file changed, 108 insertions(+), 98 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 17589fad3..0c48d597e 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -17,12 +17,23 @@ #include "trunnel/socks5.h" #include "or/socks_request_st.h" +typedef enum { + SOCKS_RESULT_INVALID = -1, + SOCKS_RESULT_TRUNCATED = 0, + SOCKS_RESULT_DONE = 1, + SOCKS_RESULT_MORE_EXPECTED = 2, +} socks_result_t; + static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason); -static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out, - size_t *want_length_out); +static socks_result_t parse_socks(const char *data, + size_t datalen, + socks_request_t *req, + int log_sockstype, + int safe_socks, + size_t *drain_out, + size_t *want_length_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, ssize_t *drain_out); @@ -86,13 +97,13 @@ socks_request_free_(socks_request_t *req) tor_free(req); } -static int +static socks_result_t parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *is_socks4a, size_t *drain_out) { // http://ss5.sourceforge.net/socks4.protocol.txt // http://ss5.sourceforge.net/socks4A.protocol.txt - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; tor_addr_t destaddr; tor_assert(is_socks4a); @@ -110,13 +121,13 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks4: parsing failed - invalid request."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; if (datalen > 1024) { // XXX log_warn(LD_APP, "socks4: parsing failed - invalid request."); - res = -1; + res = SOCKS_RESULT_INVALID; } goto end; } @@ -133,7 +144,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if ((!req->port && req->command != SOCKS_COMMAND_RESOLVE) || dest_ip == 0) { log_warn(LD_APP, "socks4: Port or DestIP is zero. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -144,7 +155,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (username && usernamelen) { if (usernamelen > MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "Socks4 user name too long; rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -168,7 +179,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, strlcpy(req->address, trunnel_hostname, sizeof(req->address)); } else { log_warn(LD_APP, "socks4: Destaddr too long. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } else { @@ -176,7 +187,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (!tor_addr_to_str(req->address, &destaddr, MAX_SOCKS_ADDR_LEN, 0)) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } @@ -205,7 +216,7 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, log_unsafe_socks_warning(4, req->address, req->port, safe_socks); if (safe_socks) - return -1; + return SOCKS_RESULT_INVALID; } if (req->command != SOCKS_COMMAND_CONNECT && @@ -214,7 +225,7 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, * socks4.) */ log_warn(LD_APP, "socks4: command %d not recognized. Rejecting.", req->command); - return -1; + return SOCKS_RESULT_INVALID; } if (is_socks4a) { @@ -230,18 +241,18 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, "Your application (using socks4 to port %d) gave Tor " "a malformed hostname: %s. Rejecting the connection.", req->port, escaped_safe_str_client(req->address)); - return -1; + return SOCKS_RESULT_INVALID; } - return 1; + return SOCKS_RESULT_DONE; } -static int +static socks_result_t parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *have_user_pass, int *have_no_auth, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_client_version_t *trunnel_req; ssize_t parsed = socks5_client_version_parse(&trunnel_req, raw_data, @@ -258,14 +269,14 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; if (datalen > 1024) { // XXX log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); - res = -1; + res = SOCKS_RESULT_INVALID; } goto end; } @@ -275,7 +286,7 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req); if (n_methods == 0) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -299,11 +310,11 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_methods_request(socks_request_t *req, int have_user_pass, int have_no_auth) { - int res = 0; + socks_result_t res = SOCKS_RESULT_DONE; socks5_server_method_t *trunnel_resp = socks5_server_method_new(); socks5_server_method_set_version(trunnel_resp, 5); @@ -328,14 +339,14 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, "socks5: offered methods don't include 'no auth' or " "username/password. Rejecting."); socks5_server_method_set_method(trunnel_resp, 0xFF); // reject all - res = -1; + res = SOCKS_RESULT_INVALID; } const char *errmsg = socks5_server_method_check(trunnel_resp); if (errmsg) { log_warn(LD_APP, "socks5: method selection validation failed: %s", errmsg); - res = -1; + res = SOCKS_RESULT_INVALID; } else { ssize_t encoded = socks5_server_method_encode(req->reply, sizeof(req->reply), @@ -343,7 +354,7 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, if (encoded < 0) { log_warn(LD_APP, "socks5: method selection encoding failed"); - res = -1; + res = SOCKS_RESULT_INVALID; } else { req->replylen = (size_t)encoded; } @@ -353,11 +364,11 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } -static int +static socks_result_t parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_client_userpass_auth_t *trunnel_req = NULL; ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, datalen); @@ -367,10 +378,10 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid user/pass " "authentication message."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; goto end; } @@ -405,21 +416,21 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_userpass_auth(socks_request_t *req) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_server_userpass_auth_t *trunnel_resp = socks5_server_userpass_auth_new(); if (req->socks_version != 5) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } if (req->auth_type != SOCKS_USER_PASS && req->auth_type != SOCKS_NO_AUTH) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -430,7 +441,7 @@ process_socks5_userpass_auth(socks_request_t *req) if (errmsg) { log_warn(LD_APP, "socks5: server userpass auth validation failed: %s", errmsg); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -440,7 +451,7 @@ process_socks5_userpass_auth(socks_request_t *req) if (encoded < 0) { log_warn(LD_APP, "socks5: server userpass auth encoding failed"); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -451,21 +462,21 @@ process_socks5_userpass_auth(socks_request_t *req) return res; } -static int +static socks_result_t parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; tor_addr_t destaddr; socks5_client_request_t *trunnel_req = NULL; ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid client request"); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; goto end; } @@ -473,7 +484,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, *drain_out = (size_t)parsed; if (socks5_client_request_get_version(trunnel_req) != 5) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -517,18 +528,18 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_client_request(socks_request_t *req, int log_sockstype, int safe_socks) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; if (req->command != SOCKS_COMMAND_CONNECT && req->command != SOCKS_COMMAND_RESOLVE && req->command != SOCKS_COMMAND_RESOLVE_PTR) { socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -539,7 +550,7 @@ process_socks5_client_request(socks_request_t *req, log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " "hostname type. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -551,7 +562,7 @@ process_socks5_client_request(socks_request_t *req, "a malformed hostname: %s. Rejecting the connection.", req->port, escaped_safe_str_client(req->address)); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -561,7 +572,7 @@ process_socks5_client_request(socks_request_t *req, log_unsafe_socks_warning(5, req->address, req->port, safe_socks); if (safe_socks) { socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } @@ -577,12 +588,12 @@ process_socks5_client_request(socks_request_t *req, return res; } -static int +static socks_result_t handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; uint8_t socks_version = raw_data[0]; @@ -596,25 +607,20 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, } int is_socks4a = 0; - int parse_status = - parse_socks4_request((const uint8_t *)raw_data, req, datalen, - &is_socks4a, drain_out); + res = parse_socks4_request((const uint8_t *)raw_data, req, datalen, + &is_socks4a, drain_out); - if (parse_status != 1) { - res = parse_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks4_request(req, is_socks4a, - log_sockstype, - safe_socks); + res = process_socks4_request(req, is_socks4a,log_sockstype, + safe_socks); - if (process_status != 1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 1; goto end; } else if (socks_version == 5) { if (datalen < 2) { /* version and another byte */ @@ -624,68 +630,58 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, /* RFC1929 SOCKS5 username/password subnegotiation. */ if (!req->got_auth && (raw_data[0] == 1 || req->auth_type == SOCKS_USER_PASS)) { - int parse_status = parse_socks5_userpass_auth(raw_data, req, datalen, - drain_out); + res = parse_socks5_userpass_auth(raw_data, req, datalen, + drain_out); - if (parse_status != 1) { - res = parse_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks5_userpass_auth(req); - if (process_status != 1) { - res = process_status; + res = process_socks5_userpass_auth(req); + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 0; + res = SOCKS_RESULT_MORE_EXPECTED; goto end; } else if (req->socks_version != 5) { int have_user_pass, have_no_auth; - int parse_status = parse_socks5_methods_request(raw_data, - req, - datalen, - &have_user_pass, - &have_no_auth, - drain_out); - - if (parse_status != 1) { - res = parse_status; + res = parse_socks5_methods_request(raw_data, req, datalen, + &have_user_pass, + &have_no_auth, + drain_out); + + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks5_methods_request(req, - have_user_pass, - have_no_auth); + res = process_socks5_methods_request(req, have_user_pass, + have_no_auth); - if (process_status == -1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 0; + res = SOCKS_RESULT_MORE_EXPECTED; goto end; } else { - int parse_status = parse_socks5_client_request(raw_data, req, - datalen, drain_out); - if (parse_status != 1) { + res = parse_socks5_client_request(raw_data, req, + datalen, drain_out); + if (res != SOCKS_RESULT_DONE) { socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - res = parse_status; goto end; } - int process_status = process_socks5_client_request(req, - log_sockstype, - safe_socks); + res = process_socks5_client_request(req, log_sockstype, + safe_socks); - if (process_status != 1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } } } else { *drain_out = datalen; - res = -1; + res = SOCKS_RESULT_INVALID; } end: @@ -726,6 +722,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, size_t n_drain; size_t want_length = 128; const char *head = NULL; + socks_result_t socks_res; if (buf_datalen(buf) < 2) { /* version and another byte */ res = 0; @@ -739,13 +736,26 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, tor_assert(head && datalen >= 2); want_length = 0; - res = parse_socks(head, datalen, req, log_sockstype, - safe_socks, &n_drain, &want_length); + socks_res = parse_socks(head, datalen, req, log_sockstype, + safe_socks, &n_drain, &want_length); - if (res == -1) + if (socks_res == SOCKS_RESULT_INVALID) buf_clear(buf); - else if (n_drain > 0) + else if (socks_res != SOCKS_RESULT_TRUNCATED && n_drain > 0) buf_drain(buf, n_drain); + + switch (socks_res) { + case SOCKS_RESULT_INVALID: + res = -1; + break; + case SOCKS_RESULT_DONE: + res = 1; + break; + case SOCKS_RESULT_TRUNCATED: + case SOCKS_RESULT_MORE_EXPECTED: + res = 0; + break; + } } while (res == 0 && head && buf_datalen(buf) >= 2); end:

1 0

[tor/master] Document new code
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit a6af21c1b7f1751b96352a5080e0b3fb7e6201a9 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Wed May 23 13:08:47 2018 +0200 Document new code --- src/or/proto_socks.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 92 insertions(+), 4 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 9f6073d2a..dab349bbe 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -18,10 +18,10 @@ #include "or/socks_request_st.h" typedef enum { - SOCKS_RESULT_INVALID = -1, - SOCKS_RESULT_TRUNCATED = 0, - SOCKS_RESULT_DONE = 1, - SOCKS_RESULT_MORE_EXPECTED = 2, + SOCKS_RESULT_INVALID = -1, /* Message invalid. */ + SOCKS_RESULT_TRUNCATED = 0, /* Message incomplete/truncated. */ + SOCKS_RESULT_DONE = 1, /* OK, we're done. */ + SOCKS_RESULT_MORE_EXPECTED = 2, /* OK, more messages expected. */ } socks_result_t; static void socks_request_set_socks5_error(socks_request_t *req, @@ -96,6 +96,16 @@ socks_request_free_(socks_request_t *req) tor_free(req); } +/** + * Parse a single SOCKS4 request from buffer raw_data of length + * datalen and update relevant fields of req. If SOCKS4a + * request is detected, set *is_socks4a to true. Set *drain_out + * to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *is_socks4a, size_t *drain_out) @@ -246,6 +256,17 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, return SOCKS_RESULT_DONE; } +/** Parse a single SOCKS5 version identifier/method selection message + * from buffer raw_data (of length datalen). Update + * relevant fields of req (if any). Set *have_user_pass to + * true if username/password method is found. Set *have_no_auth + * if no-auth method is found. Set *drain_out to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *have_user_pass, @@ -309,6 +330,16 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to version identifier/method selection message + * we parsed in parse_socks5_methods_request (corresponding to req + * and having user/pass method if have_user_pass is true, no-auth + * method if have_no_auth is true). Set req->reply to + * an appropriate response (in SOCKS5 wire format). + * + * On success, return SOCKS_RESULT_DONE. On failure, return + * SOCKS_RESULT_INVALID. + */ static socks_result_t process_socks5_methods_request(socks_request_t *req, int have_user_pass, int have_no_auth) @@ -363,6 +394,16 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } +/** + * Parse SOCKS5/RFC1929 username/password request from buffer + * raw_data of length datalen and update relevant + * fields of req. Set *drain_out to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) @@ -415,6 +456,12 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to SOCKS5 username/password request we + * parsed in parse_socks5_userpass_auth (corresponding to req. + * Set req->reply to appropriate responsed. Return + * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure. + */ static socks_result_t process_socks5_userpass_auth(socks_request_t *req) { @@ -461,6 +508,15 @@ process_socks5_userpass_auth(socks_request_t *req) return res; } +/** + * Parse a single SOCKS5 client request (RFC 1928 section 4) from buffer + * raw_data of length datalen and update relevant field of + * req. Set *drain_out to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) @@ -527,6 +583,16 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to SOCKS5 request we parsed in + * parse_socks5_client_request (corresponding to req. + * Write appropriate response to req->reply (in + * SOCKS5 wire format). If log_sockstype is true, log a + * notice about possible DNS leaks on local system. If + * safe_socks is true, disallow insecure usage of SOCKS + * protocol. Return SOCKS_RESULT_DONE on success or + * SOCKS_RESULT_INVALID on failure. + */ static socks_result_t process_socks5_client_request(socks_request_t *req, int log_sockstype, @@ -587,6 +653,28 @@ process_socks5_client_request(socks_request_t *req, return res; } +/** + * Handle (parse, validate, process, respond) a single SOCKS + * message in buffer raw_data of length datalen. + * Update relevant fields of req. If log_sockstype + * is true, log a warning about possible DNS leaks on local + * system. If safe_socks is true, disallow insecure + * usage of SOCKS protocol. Set *drain_out to number + * of bytes in raw_data that we processed so far and + * that can be safely drained from buffer. + * + * Return: + * - SOCKS_RESULT_DONE if succeeded and not expecting further + * messages from client. + * - SOCKS_RESULT_INVALID if any of the steps failed due to + * request being invalid or unexpected given current state. + * - SOCKS_RESULT_TRUNCATED if we do not found an expected + * SOCKS message in its entirety (more stuff has to arrive + * from client). + * - SOCKS_RESULT_MORE_EXPECTED if we handled current message + * successfully, but we expect more messages from the + * client. + */ static socks_result_t handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype,

1 0

[tor/master] Merge branch 'socks_trunnel4_squashed' into socks_trunnel4_squashed_merged
by nickm＠torproject.org 15 Jul '18

15 Jul '18

commit 7556933537b5777a9bef21230bb91a08aa70d60e Merge: 0317eb143 ba3121191 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 12 11:47:25 2018 -0400 Merge branch 'socks_trunnel4_squashed' into socks_trunnel4_squashed_merged changes/ticket3569_part1 | 6 + src/core/or/socks_request_st.h | 2 + src/core/proto/proto_socks.c | 1124 ++++++++---- src/test/test_socks.c | 11 +- src/trunnel/include.am | 9 +- src/trunnel/socks5.c | 3978 ++++++++++++++++++++++++++++++++++++++++ src/trunnel/socks5.h | 995 ++++++++++ src/trunnel/socks5.trunnel | 94 + 8 files changed, 5854 insertions(+), 365 deletions(-) diff --cc src/core/proto/proto_socks.c index 691244147,998fd72ba..530436c41 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@@ -4,19 -4,30 +4,32 @@@ * Copyright (c) 2007-2018, The Tor Project, Inc. */ /* See LICENSE for licensing information */ -#include "or/or.h" -#include "or/addressmap.h" -#include "common/buffers.h" -#include "or/control.h" -#include "or/config.h" +#include "core/or/or.h" +#include "feature/client/addressmap.h" +#include "lib/container/buffers.h" +#include "core/mainloop/connection.h" +#include "feature/control/control.h" +#include "app/config/config.h" #include "lib/crypt_ops/crypto_util.h" -#include "or/ext_orport.h" -#include "or/proto_socks.h" -#include "or/reasons.h" +#include "feature/relay/ext_orport.h" +#include "core/proto/proto_socks.h" +#include "core/or/reasons.h" + +#include "core/or/socks_request_st.h" + #include "trunnel/socks5.h" -#include "or/socks_request_st.h" + + #define SOCKS_VER_5 0x05 /* First octet of non-auth SOCKS5 messages */ + #define SOCKS_VER_4 0x04 /* SOCKS4 messages */ + #define SOCKS_AUTH 0x01 /* SOCKS5 auth messages */ + + typedef enum { + SOCKS_RESULT_INVALID = -1, /* Message invalid. */ + SOCKS_RESULT_TRUNCATED = 0, /* Message incomplete/truncated. */ + SOCKS_RESULT_DONE = 1, /* OK, we're done. */ + SOCKS_RESULT_MORE_EXPECTED = 2, /* OK, more messages expected. */ + } socks_result_t; + static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason);

1 0