Menu
▾
▴
#904 SOCKS5 forward with socks server returning ipv6 socks reply failure
SOCKS5 with IPV6-address socksreply causes SSL_failures.
With a SOCKS5 Proxy that actually return the bind ip in the socks5_reply, an ipv6 reply causes a problem since privoxy only reads 10 bytes no matter ipv4 or ipv6, this cause on an actual socks reply with ipv6 that 12 bytes are not read, but read as host reply, and thus sent to the client.
ref: https://www.ietf.org/rfc/rfc1928.txt
The server evaluates the request, and
returns a reply formed as follows:
+----+-----+-------+------+----------+----------+
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
+----+-----+-------+------+----------+----------+
| 1 | 1 | X'00' | 1 | Variable | 2 |
+----+-----+-------+------+----------+----------+
with ATYP set to IPV6, that results in 22 bytes.
On http that is not really visible, but on https, that results in ERR bad SSL reply... etc.
I patched the gateway.c as below, which seems to be a solution.
+++ b/gateway.c
@@ -1,4 +1,4 @@
-const char gateway_rcs[] = "$Id: gateway.c,v 1.96 2016/01/16 12:30:43 fabiankeil Exp $";
+const char gateway_rcs[] = "$Id: gateway.c,v 1.97 2016/11/15 12:30:43 dgoo2308 Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/gateway.c,v $
@@ -129,6 +129,10 @@ struct socks_reply {
unsigned char dstip[4]; /* destination address */
};
+
+#define SIZE_SOCKS5_REPLY_IPV6 22
+#define SIZE_SOCKS5_REPLY_IPV4 10
+
static const char socks_userid[] = "anonymous";
#ifdef FEATURE_CONNECTION_SHARING
@@ -937,7 +941,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
{
int err = 0;
char cbuf[300];
- char sbuf[10];
+ char sbuf[SIZE_SOCKS5_REPLY_IPV6];
size_t client_pos = 0;
int server_size = 0;
size_t hostlen = 0;
@@ -1135,7 +1139,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd,
}
server_size = read_socket(sfd, sbuf, sizeof(sbuf));
- if (server_size != sizeof(sbuf))
+ if ( !(server_size == SIZE_SOCKS5_REPLY_IPV6 || server_size == SIZE_SOCKS5_REPLY_IPV4) )
{
errstr = "SOCKS5 negotiation read failed";
}
Thanks a lot for the report and the proposed patch.
I'll look into this in the next days.
Always reading up to SIZE_SOCKS5_REPLY_IPV6 isn't an
option as it will cause problems in case of socks5t.
Please try the attached patch.
Parts of it aren't tested yet as I currently have no
SOCKS5 server that returns IPv6 addresses.
Fabien,
Yes,you're right should only read the amount of bytes needed,
I was a bit too hasty after a couple of days trouble, sorry.
I just did prelimary test, looks good, no tcpdump testing yet.
I'll email you a dockercointainer with socks proxy for testing.
The fix got committed in 2016.