From effd2bd7ba2a5fd24487bddbaa1f7803c59f935d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 3 Jan 2022 11:29:21 +0100 Subject: socks5: use appropriate ATYP for numerical IP address host names When not resolving the address locallly (known as socks5h). Add test 719 and 720 to verify. Reported-by: Peter Piekarski Fixes #8216 Closes #8217 --- lib/socks.c | 33 ++++++++++++++++++++++++----- tests/data/Makefile.inc | 2 +- tests/data/test719 | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ tests/data/test720 | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ tests/server/socksd.c | 3 ++- 5 files changed, 143 insertions(+), 7 deletions(-) create mode 100644 tests/data/test719 create mode 100644 tests/data/test720 diff --git a/lib/socks.c b/lib/socks.c index db4c80834..a014aa668 100644 --- a/lib/socks.c +++ b/lib/socks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -38,6 +38,7 @@ #include "timeval.h" #include "socks.h" #include "multiif.h" /* for getsock macros */ +#include "inet_pton.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -856,10 +857,32 @@ CURLproxycode Curl_SOCKS5(const char *proxy_user, socksreq[len++] = 0; /* must be zero */ if(!socks5_resolve_local) { - socksreq[len++] = 3; /* ATYP: domain name = 3 */ - socksreq[len++] = (char) hostname_len; /* one byte address length */ - memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */ - len += hostname_len; + /* ATYP: domain name = 3, + IPv6 == 4, + IPv4 == 1 */ + unsigned char ip4[4]; +#ifdef ENABLE_IPV6 + if(conn->bits.ipv6_ip) { + char ip6[16]; + if(1 != Curl_inet_pton(AF_INET6, hostname, ip6)) + return CURLPX_BAD_ADDRESS_TYPE; + socksreq[len++] = 4; + memcpy(&socksreq[len], ip6, sizeof(ip6)); + len += sizeof(ip6); + } + else +#endif + if(1 == Curl_inet_pton(AF_INET, hostname, ip4)) { + socksreq[len++] = 1; + memcpy(&socksreq[len], ip4, sizeof(ip4)); + len += sizeof(ip4); + } + else { + socksreq[len++] = 3; + socksreq[len++] = (char) hostname_len; /* one byte address length */ + memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */ + len += hostname_len; + } infof(data, "SOCKS5 connect to %s:%d (remotely resolved)", hostname, remote_port); } diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index dad423258..60930664d 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -95,7 +95,7 @@ test670 test671 test672 test673 test674 test675 test676 test677 test678 \ \ test700 test701 test702 test703 test704 test705 test706 test707 test708 \ test709 test710 test711 test712 test713 test714 test715 test716 test717 \ -test718 \ +test718 test719 test720 \ \ test800 test801 test802 test803 test804 test805 test806 test807 test808 \ test809 test810 test811 test812 test813 test814 test815 test816 test817 \ diff --git a/tests/data/test719 b/tests/data/test719 new file mode 100644 index 000000000..3c242b1f6 --- /dev/null +++ b/tests/data/test719 @@ -0,0 +1,56 @@ + + + +HTTP +HTTP GET +SOCKS5 +SOCKS5h + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http-ipv6 +socks5 + + +HTTP GET with IPv6 numerical via SOCKS5h set with --proxy + + +http://%HOST6IP:%HTTP6PORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOST6IP:%HTTP6PORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test720 b/tests/data/test720 new file mode 100644 index 000000000..876a7a326 --- /dev/null +++ b/tests/data/test720 @@ -0,0 +1,56 @@ + + + +HTTP +HTTP GET +SOCKS5 +SOCKS5h + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http +socks5 + + +HTTP GET with IPv4 numerical via SOCKS5h set with --proxy + + +http://12.34.56.78:%HTTPPORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: 12.34.56.78:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/server/socksd.c b/tests/server/socksd.c index b09f5793b..869d86506 100644 --- a/tests/server/socksd.c +++ b/tests/server/socksd.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -513,6 +513,7 @@ static curl_socket_t sockit(curl_socket_t fd) logmsg("Request too short: %d, expected %d", rc, 4 + len + 2); return CURL_SOCKET_BAD; } + logmsg("Received ATYP %d", type); if(!config.port) { unsigned char *portp = &buffer[SOCKS5_DSTADDR + len]; -- cgit v1.2.1