commit a2caf0477a51840f266f7f026bf3fdf6da81f8b2 Author: David Fifield <david@bamsoftware.com> Date: Thu Dec 12 22:29:20 2013 -0800 Put a timeout on waiting for SOCKS requests. This is just to stymie attacks or bugs that have a client keeping a TCP connectino open forever. --- socks.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/socks.go b/socks.go index bd57f40..7a2b1c8 100644 --- a/socks.go +++ b/socks.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "net" + "time" ) const ( @@ -16,6 +17,9 @@ const ( socksRequestRejected = 0x5b ) +// Put a sanity timeout on how long we wait for a SOCKS request. +const socksRequestTimeout = 5 * time.Second + // SocksRequest describes a SOCKS request. type SocksRequest struct { // The endpoint requested by the client as a "host:port" string. @@ -108,11 +112,19 @@ func (ln *SocksListener) AcceptSocks() (*SocksConn, error) { } conn := new(SocksConn) conn.Conn = c + err = conn.SetDeadline(time.Now().Add(socksRequestTimeout)) + if err != nil { + return nil, err + } conn.Req, err = readSocks4aConnect(conn) if err != nil { conn.Close() return nil, err } + err = conn.SetDeadline(time.Time{}) + if err != nil { + return nil, err + } return conn, nil }