socks5: use appropriate ATYP for numerical IP address host names

When not resolving the address locallly (known as socks5h).

Add test 719 and 720 to verify.

Reported-by: Peter Piekarski
Fixes #8216
Closes #8217

5 files changed, 143 insertions, 7 deletions

diff --git a/lib/socks.c b/lib/socks.c
index db4c80834..a014aa668 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -38,6 +38,7 @@
 #include "timeval.h"
 #include "socks.h"
 #include "multiif.h" /* for getsock macros */
+#include "inet_pton.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -856,10 +857,32 @@ CURLproxycode Curl_SOCKS5(const char *proxy_user,
     socksreq[len++] = 0; /* must be zero */
 
     if(!socks5_resolve_local) {
-      socksreq[len++] = 3; /* ATYP: domain name = 3 */
-      socksreq[len++] = (char) hostname_len; /* one byte address length */
-      memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
-      len += hostname_len;
+      /* ATYP: domain name = 3,
+         IPv6 == 4,
+         IPv4 == 1 */
+      unsigned char ip4[4];
+#ifdef ENABLE_IPV6
+      if(conn->bits.ipv6_ip) {
+        char ip6[16];
+        if(1 != Curl_inet_pton(AF_INET6, hostname, ip6))
+          return CURLPX_BAD_ADDRESS_TYPE;
+        socksreq[len++] = 4;
+        memcpy(&socksreq[len], ip6, sizeof(ip6));
+        len += sizeof(ip6);
+      }
+      else
+#endif
+      if(1 == Curl_inet_pton(AF_INET, hostname, ip4)) {
+        socksreq[len++] = 1;
+        memcpy(&socksreq[len], ip4, sizeof(ip4));
+        len += sizeof(ip4);
+      }
+      else {
+        socksreq[len++] = 3;
+        socksreq[len++] = (char) hostname_len; /* one byte address length */
+        memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
+        len += hostname_len;
+      }
       infof(data, "SOCKS5 connect to %s:%d (remotely resolved)",
             hostname, remote_port);
     }
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index dad423258..60930664d 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -95,7 +95,7 @@ test670 test671 test672 test673 test674 test675 test676 test677 test678 \
 \
 test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 test716 test717 \
-test718 \
+test718 test719 test720 \
 \
 test800 test801 test802 test803 test804 test805 test806 test807 test808 \
 test809 test810 test811 test812 test813 test814 test815 test816 test817 \
diff --git a/tests/data/test719 b/tests/data/test719
new file mode 100644
index 000000000..3c242b1f6
--- /dev/null
+++ b/tests/data/test719
@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+SOCKS5
+SOCKS5h
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http-ipv6
+socks5
+</server>
+ <name>
+HTTP GET with IPv6 numerical via SOCKS5h set with --proxy
+ </name>
+ <command>
+http://%HOST6IP:%HTTP6PORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT 
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1

+Host: %HOST6IP:%HTTP6PORT

+User-Agent: curl/%VERSION

+Accept: */*

+

+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test720 b/tests/data/test720
new file mode 100644
index 000000000..876a7a326
--- /dev/null
+++ b/tests/data/test720
@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+SOCKS5
+SOCKS5h
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+socks5
+</server>
+ <name>
+HTTP GET with IPv4 numerical via SOCKS5h set with --proxy
+ </name>
+ <command>
+http://12.34.56.78:%HTTPPORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT 
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1

+Host: 12.34.56.78:%HTTPPORT

+User-Agent: curl/%VERSION

+Accept: */*

+

+</protocol>
+</verify>
+</testcase>
diff --git a/tests/server/socksd.c b/tests/server/socksd.c
index b09f5793b..869d86506 100644
--- a/tests/server/socksd.c
+++ b/tests/server/socksd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -513,6 +513,7 @@ static curl_socket_t sockit(curl_socket_t fd)
     logmsg("Request too short: %d, expected %d", rc, 4 + len + 2);
     return CURL_SOCKET_BAD;
   }
+  logmsg("Received ATYP %d", type);
 
   if(!config.port) {
     unsigned char *portp = &buffer[SOCKS5_DSTADDR + len];