diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-07-12 11:47:25 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-07-12 11:47:25 -0400 |
| commit | 7556933537b5777a9bef21230bb91a08aa70d60e (patch) | |
| tree | a23d84b861cd801d1c805804efc3cd1881252582 | |
| parent | 0317eb143ec6869e5a27c1ffc6d3d89be4c35c32 (diff) | |
| parent | ba3121191b59ea254e3ebab697430bdc03857b6d (diff) | |
| download | tor-7556933537b5777a9bef21230bb91a08aa70d60e.tar.gz tor-7556933537b5777a9bef21230bb91a08aa70d60e.zip | |
Merge branch 'socks_trunnel4_squashed' into socks_trunnel4_squashed_merged
| -rw-r--r-- | changes/ticket3569_part1 | 6 | ||||
| -rw-r--r-- | src/core/or/socks_request_st.h | 2 | ||||
| -rw-r--r-- | src/core/proto/proto_socks.c | 1124 | ||||
| -rw-r--r-- | src/test/test_socks.c | 11 | ||||
| -rw-r--r-- | src/trunnel/include.am | 9 | ||||
| -rw-r--r-- | src/trunnel/socks5.c | 3978 | ||||
| -rw-r--r-- | src/trunnel/socks5.h | 995 | ||||
| -rw-r--r-- | src/trunnel/socks5.trunnel | 94 |
8 files changed, 5854 insertions, 365 deletions
diff --git a/changes/ticket3569_part1 b/changes/ticket3569_part1 new file mode 100644 index 0000000000..4032aff4d2 --- /dev/null +++ b/changes/ticket3569_part1 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Rework Tor SOCKS server code to use Trunnel and benefit from + autogenerated functions for parsing and generating SOCKS wire + format. New implementation is cleaner, more maintainable and + should be less prone to heartbleed-style vulnerabilities. + Implements a significant fraction of ticket 3569. diff --git a/src/core/or/socks_request_st.h b/src/core/or/socks_request_st.h index d7b979c3eb..17b668e179 100644 --- a/src/core/or/socks_request_st.h +++ b/src/core/or/socks_request_st.h @@ -70,6 +70,8 @@ struct socks_request_t { /** The negotiated password value if any (for socks5). This value is NOT * nul-terminated; see passwordlen for its length. */ char *password; + + uint8_t socks5_atyp; /* SOCKS5 address type */ }; #endif diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 6912441472..530436c41b 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -17,12 +17,28 @@ #include "core/or/socks_request_st.h" +#include "trunnel/socks5.h" + +#define SOCKS_VER_5 0x05 /* First octet of non-auth SOCKS5 messages */ +#define SOCKS_VER_4 0x04 /* SOCKS4 messages */ +#define SOCKS_AUTH 0x01 /* SOCKS5 auth messages */ + +typedef enum { + SOCKS_RESULT_INVALID = -1, /* Message invalid. */ + SOCKS_RESULT_TRUNCATED = 0, /* Message incomplete/truncated. */ + SOCKS_RESULT_DONE = 1, /* OK, we're done. */ + SOCKS_RESULT_MORE_EXPECTED = 2, /* OK, more messages expected. */ +} socks_result_t; + static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason); -static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, ssize_t *drain_out, - size_t *want_length_out); +static socks_result_t parse_socks(const char *data, + size_t datalen, + socks_request_t *req, + int log_sockstype, + int safe_socks, + size_t *drain_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, ssize_t *drain_out); @@ -86,6 +102,686 @@ socks_request_free_(socks_request_t *req) tor_free(req); } +/** + * Parse a single SOCKS4 request from buffer <b>raw_data</b> of length + * <b>datalen</b> and update relevant fields of <b>req</b>. If SOCKS4a + * request is detected, set <b>*is_socks4a<b> to true. Set <b>*drain_out</b> + * to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ +static socks_result_t +parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, int *is_socks4a, size_t *drain_out) +{ + // http://ss5.sourceforge.net/socks4.protocol.txt + // http://ss5.sourceforge.net/socks4A.protocol.txt + socks_result_t res = SOCKS_RESULT_DONE; + tor_addr_t destaddr; + + tor_assert(is_socks4a); + tor_assert(drain_out); + + *is_socks4a = 0; + *drain_out = 0; + + req->socks_version = SOCKS_VER_4; + + socks4_client_request_t *trunnel_req; + + ssize_t parsed = + socks4_client_request_parse(&trunnel_req, raw_data, datalen); + + if (parsed == -1) { + log_warn(LD_APP, "socks4: parsing failed - invalid request."); + res = SOCKS_RESULT_INVALID; + goto end; + } else if (parsed == -2) { + res = SOCKS_RESULT_TRUNCATED; + if (datalen >= MAX_SOCKS_MESSAGE_LEN) { + log_warn(LD_APP, "socks4: parsing failed - invalid request."); + res = SOCKS_RESULT_INVALID; + } + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + uint8_t command = socks4_client_request_get_command(trunnel_req); + req->command = command; + + req->port = socks4_client_request_get_port(trunnel_req); + uint32_t dest_ip = socks4_client_request_get_addr(trunnel_req); + + if ((!req->port && req->command != SOCKS_COMMAND_RESOLVE) || + dest_ip == 0) { + log_warn(LD_APP, "socks4: Port or DestIP is zero. Rejecting."); + res = SOCKS_RESULT_INVALID; + goto end; + } + + *is_socks4a = (dest_ip >> 8) == 0; + + const char *username = socks4_client_request_get_username(trunnel_req); + size_t usernamelen = username ? strlen(username) : 0; + if (username && usernamelen) { + if (usernamelen > MAX_SOCKS_MESSAGE_LEN) { + log_warn(LD_APP, "Socks4 user name too long; rejecting."); + res = SOCKS_RESULT_INVALID; + goto end; + } + + req->got_auth = 1; + req->username = tor_strdup(username); + req->usernamelen = usernamelen; + } + + if (*is_socks4a) { + // We cannot rely on trunnel here, as we want to detect if + // we have abnormally long hostname field. + const char *hostname = (char *)raw_data + SOCKS4_NETWORK_LEN + + strlen(username) + 1; + size_t hostname_len = (char *)raw_data + datalen - hostname; + + if (hostname_len <= sizeof(req->address)) { + const char *trunnel_hostname = + socks4_client_request_get_socks4a_addr_hostname(trunnel_req); + + if (trunnel_hostname) + strlcpy(req->address, trunnel_hostname, sizeof(req->address)); + } else { + log_warn(LD_APP, "socks4: Destaddr too long. Rejecting."); + res = SOCKS_RESULT_INVALID; + goto end; + } + } else { + tor_addr_from_ipv4h(&destaddr, dest_ip); + + if (!tor_addr_to_str(req->address, &destaddr, + MAX_SOCKS_ADDR_LEN, 0)) { + res = SOCKS_RESULT_INVALID; + goto end; + } + } + + end: + socks4_client_request_free(trunnel_req); + + return res; +} + +/** + * Validate SOCKS4/4a related fields in <b>req</b>. Expect SOCKS4a + * if <b>is_socks4a</b> is true. If <b>log_sockstype</b> is true, + * log a notice about possible DNS leaks on local system. If + * <b>safe_socks</b> is true, reject insecure usage of SOCKS + * protocol. + * + * Return SOCKS_RESULT_DONE if validation passed or + * SOCKS_RESULT_INVALID if it failed. + */ +static socks_result_t +process_socks4_request(const socks_request_t *req, int is_socks4a, + int log_sockstype, int safe_socks) +{ + if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { + log_unsafe_socks_warning(4, req->address, req->port, safe_socks); + + if (safe_socks) + return SOCKS_RESULT_INVALID; + } + + if (req->command != SOCKS_COMMAND_CONNECT && + req->command != SOCKS_COMMAND_RESOLVE) { + /* not a connect or resolve? we don't support it. (No resolve_ptr with + * socks4.) */ + log_warn(LD_APP, "socks4: command %d not recognized. Rejecting.", + req->command); + return SOCKS_RESULT_INVALID; + } + + if (is_socks4a) { + if (log_sockstype) + log_notice(LD_APP, + "Your application (using socks4a to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); + } + + if (!string_is_valid_dest(req->address)) { + log_warn(LD_PROTOCOL, + "Your application (using socks4 to port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped_safe_str_client(req->address)); + return SOCKS_RESULT_INVALID; + } + + return SOCKS_RESULT_DONE; +} + +/** Parse a single SOCKS5 version identifier/method selection message + * from buffer <b>raw_data</b> (of length <b>datalen</b>). Update + * relevant fields of <b>req</b> (if any). Set <b>*have_user_pass</b> to + * true if username/password method is found. Set <b>*have_no_auth</b> + * if no-auth method is found. Set <b>*drain_out</b> to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ +static socks_result_t +parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, int *have_user_pass, + int *have_no_auth, size_t *drain_out) +{ + socks_result_t res = SOCKS_RESULT_DONE; + socks5_client_version_t *trunnel_req; + + ssize_t parsed = socks5_client_version_parse(&trunnel_req, raw_data, + datalen); + + (void)req; + + tor_assert(have_no_auth); + tor_assert(have_user_pass); + tor_assert(drain_out); + + *drain_out = 0; + + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid version " + "id/method selection message."); + res = SOCKS_RESULT_INVALID; + goto end; + } else if (parsed == -2) { + res = SOCKS_RESULT_TRUNCATED; + if (datalen > MAX_SOCKS_MESSAGE_LEN) { + log_warn(LD_APP, "socks5: parsing failed - invalid version " + "id/method selection message."); + res = SOCKS_RESULT_INVALID; + } + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req); + if (n_methods == 0) { + res = SOCKS_RESULT_INVALID; + goto end; + } + + *have_no_auth = 0; + *have_user_pass = 0; + + for (size_t i = 0; i < n_methods; i++) { + uint8_t method = socks5_client_version_get_methods(trunnel_req, + i); + + if (method == SOCKS_USER_PASS) { + *have_user_pass = 1; + } else if (method == SOCKS_NO_AUTH) { + *have_no_auth = 1; + } + } + + end: + socks5_client_version_free(trunnel_req); + + return res; +} + +/** + * Validate and respond to version identifier/method selection message + * we parsed in parse_socks5_methods_request (corresponding to <b>req</b> + * and having user/pass method if <b>have_user_pass</b> is true, no-auth + * method if <b>have_no_auth</b> is true). Set <b>req->reply</b> to + * an appropriate response (in SOCKS5 wire format). + * + * On success, return SOCKS_RESULT_DONE. On failure, return + * SOCKS_RESULT_INVALID. + */ +static socks_result_t +process_socks5_methods_request(socks_request_t *req, int have_user_pass, + int have_no_auth) +{ + socks_result_t res = SOCKS_RESULT_DONE; + socks5_server_method_t *trunnel_resp = socks5_server_method_new(); + + socks5_server_method_set_version(trunnel_resp, SOCKS_VER_5); + + if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) { + req->auth_type = SOCKS_USER_PASS; + socks5_server_method_set_method(trunnel_resp, SOCKS_USER_PASS); + + req->socks_version = SOCKS_VER_5; + // FIXME: come up with better way to remember + // that we negotiated auth + + log_debug(LD_APP,"socks5: accepted method 2 (username/password)"); + } else if (have_no_auth) { + req->auth_type = SOCKS_NO_AUTH; + socks5_server_method_set_method(trunnel_resp, SOCKS_NO_AUTH); + + req->socks_version = SOCKS_VER_5; + + log_debug(LD_APP,"socks5: accepted method 0 (no authentication)"); + } else { + log_warn(LD_APP, + "socks5: offered methods don't include 'no auth' or " + "username/password. Rejecting."); + socks5_server_method_set_method(trunnel_resp, 0xFF); // reject all + res = SOCKS_RESULT_INVALID; + } + + const char *errmsg = socks5_server_method_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: method selection validation failed: %s", + errmsg); + res = SOCKS_RESULT_INVALID; + } else { + ssize_t encoded = + socks5_server_method_encode(req->reply, sizeof(req->reply), + trunnel_resp); + + if (encoded < 0) { + log_warn(LD_APP, "socks5: method selection encoding failed"); + res = SOCKS_RESULT_INVALID; + } else { + req->replylen = (size_t)encoded; + } + } + + socks5_server_method_free(trunnel_resp); + return res; +} + +/** + * Parse SOCKS5/RFC1929 username/password request from buffer + * <b>raw_data</b> of length <b>datalen</b> and update relevant + * fields of <b>req</b>. Set <b>*drain_out</b> to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ +static socks_result_t +parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, size_t *drain_out) +{ + socks_result_t res = SOCKS_RESULT_DONE; + socks5_client_userpass_auth_t *trunnel_req = NULL; + ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, + datalen); + tor_assert(drain_out); + *drain_out = 0; + + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid user/pass " + "authentication message."); + res = SOCKS_RESULT_INVALID; + goto end; + } else if (parsed == -2) { + res = SOCKS_RESULT_TRUNCATED; + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + uint8_t usernamelen = + socks5_client_userpass_auth_get_username_len(trunnel_req); + uint8_t passwordlen = + socks5_client_userpass_auth_get_passwd_len(trunnel_req); + const char *username = + socks5_client_userpass_auth_getconstarray_username(trunnel_req); + const char *password = + socks5_client_userpass_auth_getconstarray_passwd(trunnel_req); + + if (usernamelen && username) { + req->username = tor_memdup_nulterm(username, usernamelen); + req->usernamelen = usernamelen; + + req->got_auth = 1; + } + + if (passwordlen && password) { + req->password = tor_memdup_nulterm(password, passwordlen); + req->passwordlen = passwordlen; + + req->got_auth = 1; + } + + end: + socks5_client_userpass_auth_free(trunnel_req); + return res; +} + +/** + * Validate and respond to SOCKS5 username/password request we + * parsed in parse_socks5_userpass_auth (corresponding to <b>req</b>. + * Set <b>req->reply</b> to appropriate responsed. Return + * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure. + */ +static socks_result_t +process_socks5_userpass_auth(socks_request_t *req) +{ + socks_result_t res = SOCKS_RESULT_DONE; + socks5_server_userpass_auth_t *trunnel_resp = + socks5_server_userpass_auth_new(); + + if (req->socks_version != SOCKS_VER_5) { + res = SOCKS_RESULT_INVALID; + goto end; + } + + if (req->auth_type != SOCKS_USER_PASS && + req->auth_type != SOCKS_NO_AUTH) { + res = SOCKS_RESULT_INVALID; + goto end; + } + + socks5_server_userpass_auth_set_version(trunnel_resp, SOCKS_AUTH); + socks5_server_userpass_auth_set_status(trunnel_resp, 0); // auth OK + + const char *errmsg = socks5_server_userpass_auth_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: server userpass auth validation failed: %s", + errmsg); + res = SOCKS_RESULT_INVALID; + goto end; + } + + ssize_t encoded = socks5_server_userpass_auth_encode(req->reply, + sizeof(req->reply), + trunnel_resp); + + if (encoded < 0) { + log_warn(LD_APP, "socks5: server userpass auth encoding failed"); + res = SOCKS_RESULT_INVALID; + goto end; + } + + req->replylen = (size_t)encoded; + + end: + socks5_server_userpass_auth_free(trunnel_resp); + return res; +} + +/** + * Parse a single SOCKS5 client request (RFC 1928 section 4) from buffer + * <b>raw_data</b> of length <b>datalen</b> and update relevant field of + * <b>req</b>. Set <b>*drain_out</b> to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ +static socks_result_t +parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, size_t *drain_out) +{ + socks_result_t res = SOCKS_RESULT_DONE; + tor_addr_t destaddr; + socks5_client_request_t *trunnel_req = NULL; + ssize_t parsed = + socks5_client_request_parse(&trunnel_req, raw_data, datalen); + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid client request"); + res = SOCKS_RESULT_INVALID; + goto end; + } else if (parsed == -2) { + res = SOCKS_RESULT_TRUNCATED; + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + if (socks5_client_request_get_version(trunnel_req) != 5) { + res = SOCKS_RESULT_INVALID; + goto end; + } + + req->command = socks5_client_request_get_command(trunnel_req); + + req->port = socks5_client_request_get_dest_port(trunnel_req); + + uint8_t atype = socks5_client_request_get_atype(trunnel_req); + req->socks5_atyp = atype; + + switch (atype) { + case 1: { + uint32_t ipv4 = socks5_client_request_get_dest_addr_ipv4(trunnel_req); + tor_addr_from_ipv4h(&destaddr, ipv4); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + case 3: { + const struct domainname_st *dns_name = + socks5_client_request_getconst_dest_addr_domainname(trunnel_req); + + const char *hostname = domainname_getconstarray_name(dns_name); + + strlcpy(req->address, hostname, sizeof(req->address)); + } break; + case 4: { + const char *ipv6 = + (const char *)socks5_client_request_getarray_dest_addr_ipv6( + trunnel_req); + tor_addr_from_ipv6_bytes(&destaddr, ipv6); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + default: { + res = -1; + } break; + } + + end: + socks5_client_request_free(trunnel_req); + return res; +} + +/** + * Validate and respond to SOCKS5 request we parsed in + * parse_socks5_client_request (corresponding to <b>req</b>. + * Write appropriate response to <b>req->reply</b> (in + * SOCKS5 wire format). If <b>log_sockstype</b> is true, log a + * notice about possible DNS leaks on local system. If + * <b>safe_socks</b> is true, disallow insecure usage of SOCKS + * protocol. Return SOCKS_RESULT_DONE on success or + * SOCKS_RESULT_INVALID on failure. + */ +static socks_result_t +process_socks5_client_request(socks_request_t *req, + int log_sockstype, + int safe_socks) +{ + socks_result_t res = SOCKS_RESULT_DONE; + + if (req->command != SOCKS_COMMAND_CONNECT && + req->command != SOCKS_COMMAND_RESOLVE && + req->command != SOCKS_COMMAND_RESOLVE_PTR) { + socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); + res = SOCKS_RESULT_INVALID; + goto end; + } + + if (req->command == SOCKS_COMMAND_RESOLVE_PTR && + !string_is_valid_ipv4_address(req->address) && + !string_is_valid_ipv6_address(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); + log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " + "hostname type. Rejecting."); + + res = SOCKS_RESULT_INVALID; + goto end; + } + + if (!string_is_valid_dest(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + + log_warn(LD_PROTOCOL, + "Your application (using socks5 to port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped_safe_str_client(req->address)); + + res = SOCKS_RESULT_INVALID; + goto end; + } + + if (req->socks5_atyp == 1 || req->socks5_atyp == 4) { + if (req->command != SOCKS_COMMAND_RESOLVE_PTR && + !addressmap_have_mapping(req->address,0)) { + log_unsafe_socks_warning(5, req->address, req->port, safe_socks); + if (safe_socks) { + socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); + res = SOCKS_RESULT_INVALID; + goto end; + } + } + } + + if (log_sockstype) + log_notice(LD_APP, + "Your application (using socks5 to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); + + end: + return res; +} + +/** + * Handle (parse, validate, process, respond) a single SOCKS + * message in buffer <b>raw_data</b> of length <b>datalen</b>. + * Update relevant fields of <b>req</b>. If <b>log_sockstype</b> + * is true, log a warning about possible DNS leaks on local + * system. If <b>safe_socks</b> is true, disallow insecure + * usage of SOCKS protocol. Set <b>*drain_out</b> to number + * of bytes in <b>raw_data</b> that we processed so far and + * that can be safely drained from buffer. + * + * Return: + * - SOCKS_RESULT_DONE if succeeded and not expecting further + * messages from client. + * - SOCKS_RESULT_INVALID if any of the steps failed due to + * request being invalid or unexpected given current state. + * - SOCKS_RESULT_TRUNCATED if we do not found an expected + * SOCKS message in its entirety (more stuff has to arrive + * from client). + * - SOCKS_RESULT_MORE_EXPECTED if we handled current message + * successfully, but we expect more messages from the + * client. + */ +static socks_result_t +handle_socks_message(const uint8_t *raw_data, size_t datalen, + socks_request_t *req, int log_sockstype, + int safe_socks, size_t *drain_out) +{ + socks_result_t res = SOCKS_RESULT_DONE; + + uint8_t socks_version = raw_data[0]; + + if (socks_version == SOCKS_AUTH) + socks_version = SOCKS_VER_5; // SOCKS5 username/pass subnegotiation + + if (socks_version == SOCKS_VER_4) { + if (datalen < SOCKS4_NETWORK_LEN) { + res = 0; + goto end; + } + + int is_socks4a = 0; + res = parse_socks4_request((const uint8_t *)raw_data, req, datalen, + &is_socks4a, drain_out); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + res = process_socks4_request(req, is_socks4a,log_sockstype, + safe_socks); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + goto end; + } else if (socks_version == SOCKS_VER_5) { + if (datalen < 2) { /* version and another byte */ + res = 0; + goto end; + } + /* RFC1929 SOCKS5 username/password subnegotiation. */ + if (!req->got_auth && (raw_data[0] == 1 || + req->auth_type == SOCKS_USER_PASS)) { + res = parse_socks5_userpass_auth(raw_data, req, datalen, + drain_out); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + res = process_socks5_userpass_auth(req); + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + res = SOCKS_RESULT_MORE_EXPECTED; + goto end; + } else if (req->socks_version != SOCKS_VER_5) { + int have_user_pass, have_no_auth; + res = parse_socks5_methods_request(raw_data, req, datalen, + &have_user_pass, + &have_no_auth, + drain_out); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + res = process_socks5_methods_request(req, have_user_pass, + have_no_auth); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + + res = SOCKS_RESULT_MORE_EXPECTED; + goto end; + } else { + res = parse_socks5_client_request(raw_data, req, + datalen, drain_out); + if (res != SOCKS_RESULT_DONE) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + goto end; + } + + res = process_socks5_client_request(req, log_sockstype, + safe_socks); + + if (res != SOCKS_RESULT_DONE) { + goto end; + } + } + } else { + *drain_out = datalen; + res = SOCKS_RESULT_INVALID; + } + + end: + return res; +} + /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one * of the forms * - socks4: "socksheader username\\0" @@ -115,32 +811,50 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype, int safe_socks) { - int res; - ssize_t n_drain; - size_t want_length = 128; + int res = 0; + size_t datalen = buf_datalen(buf); + size_t n_drain; const char *head = NULL; - size_t datalen = 0; + socks_result_t socks_res; + size_t n_pullup; - if (buf_datalen(buf) < 2) /* version and another byte */ - return 0; + if (buf_datalen(buf) < 2) { /* version and another byte */ + res = 0; + goto end; + } do { n_drain = 0; - buf_pullup(buf, want_length, &head, &datalen); + n_pullup = MIN(MAX_SOCKS_MESSAGE_LEN, buf_datalen(buf)); + buf_pullup(buf, n_pullup, &head, &datalen); tor_assert(head && datalen >= 2); - want_length = 0; - res = parse_socks(head, datalen, req, log_sockstype, - safe_socks, &n_drain, &want_length); + socks_res = parse_socks(head, datalen, req, log_sockstype, + safe_socks, &n_drain); - if (n_drain < 0) + if (socks_res == SOCKS_RESULT_INVALID) buf_clear(buf); - else if (n_drain > 0) + else if (socks_res != SOCKS_RESULT_TRUNCATED && n_drain > 0) buf_drain(buf, n_drain); - } while (res == 0 && head && want_length < buf_datalen(buf) && - buf_datalen(buf) >= 2); + switch (socks_res) { + case SOCKS_RESULT_INVALID: + res = -1; + break; + case SOCKS_RESULT_DONE: + res = 1; + break; + case SOCKS_RESULT_TRUNCATED: + if (datalen == n_pullup) + return 0; + /* FALLTHRU */ + case SOCKS_RESULT_MORE_EXPECTED: + res = 0; + break; + } + } while (res == 0 && head && buf_datalen(buf) >= 2); + end: return res; } @@ -151,12 +865,31 @@ static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason) { - req->replylen = 10; - memset(req->reply,0,10); + socks5_server_reply_t *trunnel_resp = socks5_server_reply_new(); - req->reply[0] = 0x05; // VER field. - req->reply[1] = reason; // REP field. - req->reply[3] = 0x01; // ATYP field. + socks5_server_reply_set_version(trunnel_resp, SOCKS_VER_5); + socks5_server_reply_set_reply(trunnel_resp, reason); + socks5_server_reply_set_atype(trunnel_resp, 0x01); + + const char *errmsg = socks5_server_reply_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: reply validation failed: %s", + errmsg); + goto end; + } + + ssize_t encoded = socks5_server_reply_encode(req->reply, + sizeof(req->reply), + trunnel_resp); + if (encoded < 0) { + log_warn(LD_APP, "socks5: reply encoding failed: %d", + (int)encoded); + } else { + req->replylen = (size_t)encoded; + } + + end: + socks5_server_reply_free(trunnel_resp); } static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = @@ -194,350 +927,24 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = * we'd like to see in the input buffer, if they're available. */ static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, ssize_t *drain_out, - size_t *want_length_out) + int log_sockstype, int safe_socks, size_t *drain_out) { - unsigned int len; - char tmpbuf[TOR_ADDR_BUF_LEN+1]; - tor_addr_t destaddr; - uint32_t destip; - uint8_t socksver; - char *next, *startaddr; - unsigned char usernamelen, passlen; - struct in_addr in; + uint8_t first_octet; if (datalen < 2) { /* We always need at least 2 bytes. */ - *want_length_out = 2; return 0; } - if (req->socks_version == 5 && !req->got_auth) { - /* See if we have received authentication. Strictly speaking, we should - also check whether we actually negotiated username/password - authentication. But some broken clients will send us authentication - even if we negotiated SOCKS_NO_AUTH. */ - if (*data == 1) { /* username/pass version 1 */ - /* Format is: authversion [1 byte] == 1 - usernamelen [1 byte] - username [usernamelen bytes] - passlen [1 byte] - password [passlen bytes] */ - usernamelen = (unsigned char)*(data + 1); - if (datalen < 2u + usernamelen + 1u) { - *want_length_out = 2u + usernamelen + 1u; - return 0; - } - passlen = (unsigned char)*(data + 2u + usernamelen); - if (datalen < 2u + usernamelen + 1u + passlen) { - *want_length_out = 2u + usernamelen + 1u + passlen; - return 0; - } - req->replylen = 2; /* 2 bytes of response */ - req->reply[0] = 1; /* authversion == 1 */ - req->reply[1] = 0; /* authentication successful */ - log_debug(LD_APP, - "socks5: Accepted username/password without checking."); - if (usernamelen) { - req->username = tor_memdup(data+2u, usernamelen); - req->usernamelen = usernamelen; - } - if (passlen) { - req->password = tor_memdup(data+3u+usernamelen, passlen); - req->passwordlen = passlen; - } - *drain_out = 2u + usernamelen + 1u + passlen; - req->got_auth = 1; - *want_length_out = 7; /* Minimal socks5 command. */ - return 0; - } else if (req->auth_type == SOCKS_USER_PASS) { - /* unknown version byte */ - log_warn(LD_APP, "Socks5 username/password version %d not recognized; " - "rejecting.", (int)*data); - return -1; - } - } + first_octet = get_uint8(data); - socksver = *data; - - switch (socksver) { /* which version of socks? */ - case 5: /* socks5 */ - - if (req->socks_version != 5) { /* we need to negotiate a method */ - unsigned char nummethods = (unsigned char)*(data+1); - int have_user_pass, have_no_auth; - int r=0; - tor_assert(!req->socks_version); - if (datalen < 2u+nummethods) { - *want_length_out = 2u+nummethods; - return 0; - } - if (!nummethods) - return -1; - req->replylen = 2; /* 2 bytes of response */ - req->reply[0] = 5; /* socks5 reply */ - have_user_pass = (memchr(data+2, SOCKS_USER_PASS, nummethods) !=NULL); - have_no_auth = (memchr(data+2, SOCKS_NO_AUTH, nummethods) !=NULL); - if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) { - req->auth_type = SOCKS_USER_PASS; - req->reply[1] = SOCKS_USER_PASS; /* tell client to use "user/pass" - auth method */ - req->socks_version = 5; /* remember we've already negotiated auth */ - log_debug(LD_APP,"socks5: accepted method 2 (username/password)"); - r=0; - } else if (have_no_auth) { - req->reply[1] = SOCKS_NO_AUTH; /* tell client to use "none" auth - method */ - req->socks_version = 5; /* remember we've already negotiated auth */ - log_debug(LD_APP,"socks5: accepted method 0 (no authentication)"); - r=0; - } else { - log_warn(LD_APP, - "socks5: offered methods don't include 'no auth' or " - "username/password. Rejecting."); - req->reply[1] = '\xFF'; /* reject all methods */ - r=-1; - } - /* Remove packet from buf. Some SOCKS clients will have sent extra - * junk at this point; let's hope it's an authentication message. */ - *drain_out = 2u + nummethods; - - return r; - } - if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) { - log_warn(LD_APP, - "socks5: negotiated authentication, but none provided"); - return -1; - } - /* we know the method; read in the request */ - log_debug(LD_APP,"socks5: checking request"); - if (datalen < 7) {/* basic info plus >=1 for addr plus 2 for port */ - *want_length_out = 7; - return 0; /* not yet */ - } - req->command = (unsigned char) *(data+1); - if (req->command != SOCKS_COMMAND_CONNECT && - req->command != SOCKS_COMMAND_RESOLVE && - req->command != SOCKS_COMMAND_RESOLVE_PTR) { - /* not a connect or resolve or a resolve_ptr? we don't support it. */ - socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); - - log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.", - req->command); - return -1; - } - switch (*(data+3)) { /* address type */ - case 1: /* IPv4 address */ - case 4: /* IPv6 address */ { - const int is_v6 = *(data+3) == 4; - const unsigned addrlen = is_v6 ? 16 : 4; - log_debug(LD_APP,"socks5: ipv4 address type"); - if (datalen < 6+addrlen) {/* ip/port there? */ - *want_length_out = 6+addrlen; - return 0; /* not yet */ - } - - if (is_v6) - tor_addr_from_ipv6_bytes(&destaddr, data+4); - else - tor_addr_from_ipv4n(&destaddr, get_uint32(data+4)); - - tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1); - - if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- This branch is unreachable, given the - * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 IP takes %d bytes, which doesn't fit in %d. " - "Rejecting.", - (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - strlcpy(req->address,tmpbuf,sizeof(req->address)); - req->port = ntohs(get_uint16(data+4+addrlen)); - *drain_out = 6+addrlen; - if (req->command != SOCKS_COMMAND_RESOLVE_PTR && - !addressmap_have_mapping(req->address,0)) { - log_unsafe_socks_warning(5, req->address, req->port, safe_socks); - if (safe_socks) { - socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); - return -1; - } - } - return 1; - } - case 3: /* fqdn */ - log_debug(LD_APP,"socks5: fqdn address type"); - if (req->command == SOCKS_COMMAND_RESOLVE_PTR) { - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " - "hostname type. Rejecting."); - return -1; - } - len = (unsigned char)*(data+4); - if (datalen < 7+len) { /* addr/port there? */ - *want_length_out = 7+len; - return 0; /* not yet */ - } - if (BUG(len+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- unreachable, since len is at most 255, - * and MAX_SOCKS_ADDR_LEN is 256. */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 hostname is %d bytes, which doesn't fit in " - "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - memcpy(req->address,data+5,len); - req->address[len] = 0; - req->port = ntohs(get_uint16(data+5+len)); - *drain_out = 5+len+2; - - if (!string_is_valid_dest(req->address)) { - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - - log_warn(LD_PROTOCOL, - "Your application (using socks5 to port %d) gave Tor " - "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped_safe_str_client(req->address)); - return -1; - } - if (log_sockstype) - log_notice(LD_APP, - "Your application (using socks5 to port %d) instructed " - "Tor to take care of the DNS resolution itself if " - "necessary. This is good.", req->port); - return 1; - default: /* unsupported */ - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.", - (int) *(data+3)); - return -1; - } - tor_assert(0); - break; - case 4: { /* socks4 */ - enum {socks4, socks4a} socks4_prot = socks4a; - const char *authstart, *authend; - /* http://ss5.sourceforge.net/socks4.protocol.txt */ - /* http://ss5.sourceforge.net/socks4A.protocol.txt */ - - req->socks_version = 4; - if (datalen < SOCKS4_NETWORK_LEN) {/* basic info available? */ - *want_length_out = SOCKS4_NETWORK_LEN; - return 0; /* not yet */ - } - // buf_pullup(buf, 1280); - req->command = (unsigned char) *(data+1); - if (req->command != SOCKS_COMMAND_CONNECT && - req->command != SOCKS_COMMAND_RESOLVE) { - /* not a connect or resolve? we don't support it. (No resolve_ptr with - * socks4.) */ - log_warn(LD_APP,"socks4: command %d not recognized. Rejecting.", - req->command); - return -1; - } - - req->port = ntohs(get_uint16(data+2)); - destip = ntohl(get_uint32(data+4)); - if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) { - log_warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting."); - return -1; - } - if (destip >> 8) { - log_debug(LD_APP,"socks4: destip not in form 0.0.0.x."); - in.s_addr = htonl(destip); - tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf)); - if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- This branch is unreachable, given the - * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */ - log_debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.", - (int)strlen(tmpbuf)); - return -1; - /* LCOV_EXCL_STOP */ - } - log_debug(LD_APP, - "socks4: successfully read destip (%s)", - safe_str_client(tmpbuf)); - socks4_prot = socks4; - } - - authstart = data + SOCKS4_NETWORK_LEN; - next = memchr(authstart, 0, - datalen-SOCKS4_NETWORK_LEN); - if (!next) { - if (datalen >= 1024) { - log_debug(LD_APP, "Socks4 user name too long; rejecting."); - return -1; - } - log_debug(LD_APP,"socks4: Username not here yet."); - *want_length_out = datalen+1024; /* More than we need, but safe */ - return 0; - } - authend = next; - tor_assert(next < data+datalen); - - startaddr = NULL; - if (socks4_prot != socks4a && - !addressmap_have_mapping(tmpbuf,0)) { - log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks); + if (first_octet == SOCKS_VER_5 || first_octet == SOCKS_VER_4 || + first_octet == SOCKS_AUTH) { // XXX: RFC 1929 + return handle_socks_message((const uint8_t *)data, datalen, req, + log_sockstype, safe_socks, drain_out); + } - if (safe_socks) - return -1; - } - if (socks4_prot == socks4a) { - if (next+1 == data+datalen) { - log_debug(LD_APP,"socks4: No part of destaddr here yet."); - *want_length_out = datalen + 1024; /* More than we need, but safe */ - return 0; - } - startaddr = next+1; - next = memchr(startaddr, 0, data + datalen - startaddr); - if (!next) { - if (datalen >= 1024) { - log_debug(LD_APP,"socks4: Destaddr too long."); - return -1; - } - log_debug(LD_APP,"socks4: Destaddr not all here yet."); - *want_length_out = datalen + 1024; /* More than we need, but safe */ - return 0; - } - if (MAX_SOCKS_ADDR_LEN <= next-startaddr) { - log_warn(LD_APP,"socks4: Destaddr too long. Rejecting."); - return -1; - } - // tor_assert(next < buf->cur+buf_datalen(buf)); - - if (log_sockstype) - log_notice(LD_APP, - "Your application (using socks4a to port %d) instructed " - "Tor to take care of the DNS resolution itself if " - "necessary. This is good.", req->port); - } - log_debug(LD_APP,"socks4: Everything is here. Success."); - strlcpy(req->address, startaddr ? startaddr : tmpbuf, - sizeof(req->address)); - if (!string_is_valid_dest(req->address)) { - log_warn(LD_PROTOCOL, - "Your application (using socks4 to port %d) gave Tor " - "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped_safe_str_client(req->address)); - return -1; - } - if (authend != authstart) { - req->got_auth = 1; - req->usernamelen = authend - authstart; - req->username = tor_memdup(authstart, authend - authstart); - } - /* next points to the final \0 on inbuf */ - *drain_out = next - data + 1; - return 1; - } + switch (first_octet) { /* which version of socks? */ case 'G': /* get */ case 'H': /* head */ case 'P': /* put/post */ @@ -561,6 +968,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } return -1; } + + tor_assert_unreached(); + return -1; } /** Inspect a reply from SOCKS server stored in <b>buf</b> according diff --git a/src/test/test_socks.c b/src/test/test_socks.c index e064cc8db1..7f6d8a48f1 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -84,7 +84,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */ + /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, get_options()->SafeSocks), @@ -100,7 +100,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); socks_request_clear(socks); - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ + /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, 1); @@ -166,7 +166,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("user name too long; rejecting."); + expect_log_msg_containing("socks4: parsing failed - invalid request."); mock_clean_saved_logs(); /* Try with 2000-byte hostname */ @@ -194,7 +194,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("Destaddr too long."); + expect_log_msg_containing("parsing failed - invalid request."); mock_clean_saved_logs(); /* Socks4, bogus hostname */ @@ -648,7 +648,8 @@ test_socks_5_malformed_commands(void *ptr) tt_int_op(5,OP_EQ,socks->socks_version); tt_int_op(10,OP_EQ,socks->replylen); tt_int_op(5,OP_EQ,socks->reply[0]); - tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]); + /* trunnel parsing will fail with -1 */ + tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]); tt_int_op(1,OP_EQ,socks->reply[3]); done: diff --git a/src/trunnel/include.am b/src/trunnel/include.am index 5a0a79c3a0..03c1753e96 100644 --- a/src/trunnel/include.am +++ b/src/trunnel/include.am @@ -10,7 +10,8 @@ TRUNNELINPUTS = \ src/trunnel/ed25519_cert.trunnel \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ - src/trunnel/channelpadding_negotiation.trunnel + src/trunnel/channelpadding_negotiation.trunnel \ + src/trunner/socks5.trunnel TRUNNELSOURCES = \ src/ext/trunnel/trunnel.c \ @@ -21,7 +22,8 @@ TRUNNELSOURCES = \ src/trunnel/hs/cell_establish_intro.c \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ - src/trunnel/channelpadding_negotiation.c + src/trunnel/channelpadding_negotiation.c \ + src/trunnel/socks5.c TRUNNELHEADERS = \ src/ext/trunnel/trunnel.h \ @@ -34,7 +36,8 @@ TRUNNELHEADERS = \ src/trunnel/hs/cell_establish_intro.h \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ - src/trunnel/channelpadding_negotiation.h + src/trunnel/channelpadding_negotiation.h \ + src/trunnel/socks5.h src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES) src_trunnel_libor_trunnel_a_CPPFLAGS = \ diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c new file mode 100644 index 0000000000..9e5f6fcfed --- /dev/null +++ b/src/trunnel/socks5.c @@ -0,0 +1,3978 @@ +/* socks5.c -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include <stdlib.h> +#include "trunnel-impl.h" + +#include "socks5.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int socks_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || socks_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +domainname_t * +domainname_new(void) +{ + domainname_t *val = trunnel_calloc(1, sizeof(domainname_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +domainname_clear(domainname_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->name); + TRUNNEL_DYNARRAY_CLEAR(&obj->name); +} + +void +domainname_free(domainname_t *obj) +{ + if (obj == NULL) + return; + domainname_clear(obj); + trunnel_memwipe(obj, sizeof(domainname_t)); + trunnel_free_(obj); +} + +uint8_t +domainname_get_len(const domainname_t *inp) +{ + return inp->len; +} +int +domainname_set_len(domainname_t *inp, uint8_t val) +{ + inp->len = val; + return 0; +} +size_t +domainname_getlen_name(const domainname_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->name); +} + +char +domainname_get_name(domainname_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->name, idx); +} + +char +domainname_getconst_name(const domainname_t *inp, size_t idx) +{ + return domainname_get_name((domainname_t*)inp, idx); +} +int +domainname_set_name(domainname_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->name, idx, elt); + return 0; +} +int +domainname_add_name(domainname_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->name.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->name, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +domainname_getarray_name(domainname_t *inp) +{ + return inp->name.elts_; +} +const char * +domainname_getconstarray_name(const domainname_t *inp) +{ + return (const char *)domainname_getarray_name((domainname_t*)inp); +} +int +domainname_setlen_name(domainname_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->name, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +domainname_getstr_name(domainname_t *inp) +{ + return trunnel_string_getstr(&inp->name); +} +int +domainname_setstr0_name(domainname_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->name, val, len, &inp->trunnel_error_code_); +} +int +domainname_setstr_name(domainname_t *inp, const char *val) +{ + return domainname_setstr0_name(inp, val, strlen(val)); +} +const char * +domainname_check(const domainname_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (TRUNNEL_DYNARRAY_LEN(&obj->name) != obj->len) + return "Length mismatch for name"; + return NULL; +} + +ssize_t +domainname_encoded_len(const domainname_t *obj) +{ + ssize_t result = 0; + + if (NULL != domainname_check(obj)) + return -1; + + + /* Length of u8 len */ + result += 1; + + /* Length of char name[len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->name); + return result; +} +int +domainname_clear_errors(domainname_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +domainname_encode(uint8_t *output, const size_t avail, const domainname_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = domainname_encoded_len(obj); +#endif + + if (NULL != (msg = domainname_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->len)); + written += 1; ptr += 1; + + /* Encode char name[len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->name); + trunnel_assert(obj->len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->name.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As domainname_parse(), but do not allocate the output object. + */ +static ssize_t +domainname_parse_into(domainname_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 len */ + CHECK_REMAINING(1, truncated); + obj->len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char name[len] */ + CHECK_REMAINING(obj->len, truncated); + if (domainname_setstr0_name(obj, (const char*)ptr, obj->len)) + goto fail; + ptr += obj->len; remaining -= obj->len; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = domainname_new(); + if (NULL == *output) + return -1; + result = domainname_parse_into(*output, input, len_in); + if (result < 0) { + domainname_free(*output); + *output = NULL; + } + return result; +} +socks4_client_request_t * +socks4_client_request_new(void) +{ + socks4_client_request_t *val = trunnel_calloc(1, sizeof(socks4_client_request_t)); + if (NULL == val) + return NULL; + val->version = 4; + val->command = CMD_BIND; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks4_client_request_clear(socks4_client_request_t *obj) +{ + (void) obj; + trunnel_wipestr(obj->username); + trunnel_free(obj->username); + trunnel_wipestr(obj->socks4a_addr_hostname); + trunnel_free(obj->socks4a_addr_hostname); +} + +void +socks4_client_request_free(socks4_client_request_t *obj) +{ + if (obj == NULL) + return; + socks4_client_request_clear(obj); + trunnel_memwipe(obj, sizeof(socks4_client_request_t)); + trunnel_free_(obj); +} + +uint8_t +socks4_client_request_get_version(const socks4_client_request_t *inp) +{ + return inp->version; +} +int +socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val) +{ + if (! ((val == 4))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks4_client_request_get_command(const socks4_client_request_t *inp) +{ + return inp->command; +} +int +socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val) +{ + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->command = val; + return 0; +} +uint16_t +socks4_client_request_get_port(const socks4_client_request_t *inp) +{ + return inp->port; +} +int +socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val) +{ + inp->port = val; + return 0; +} +uint32_t +socks4_client_request_get_addr(const socks4_client_request_t *inp) +{ + return inp->addr; +} +int +socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val) +{ + inp->addr = val; + return 0; +} +const char * +socks4_client_request_get_username(const socks4_client_request_t *inp) +{ + return inp->username; +} +int +socks4_client_request_set_username(socks4_client_request_t *inp, const char *val) +{ + trunnel_free(inp->username); + if (NULL == (inp->username = trunnel_strdup(val))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + return 0; +} +const char * +socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp) +{ + return inp->socks4a_addr_hostname; +} +int +socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val) +{ + trunnel_free(inp->socks4a_addr_hostname); + if (NULL == (inp->socks4a_addr_hostname = trunnel_strdup(val))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + return 0; +} +const char * +socks4_client_request_check(const socks4_client_request_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 4)) + return "Integer out of bounds"; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR)) + return "Integer out of bounds"; + if (NULL == obj->username) + return "Missing username"; + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + if (NULL == obj->socks4a_addr_hostname) + return "Missing socks4a_addr_hostname"; + break; + + default: + break; + } + return NULL; +} + +ssize_t +socks4_client_request_encoded_len(const socks4_client_request_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks4_client_request_check(obj)) + return -1; + + + /* Length of u8 version IN [4] */ + result += 1; + + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ + result += 1; + + /* Length of u16 port */ + result += 2; + + /* Length of u32 addr */ + result += 4; + + /* Length of nulterm username */ + result += strlen(obj->username) + 1; + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Length of nulterm socks4a_addr_hostname */ + result += strlen(obj->socks4a_addr_hostname) + 1; + break; + + default: + break; + } + return result; +} +int +socks4_client_request_clear_errors(socks4_client_request_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks4_client_request_encode(uint8_t *output, const size_t avail, const socks4_client_request_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks4_client_request_encoded_len(obj); +#endif + + if (NULL != (msg = socks4_client_request_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [4] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->command)); + written += 1; ptr += 1; + + /* Encode u16 port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->port)); + written += 2; ptr += 2; + + /* Encode u32 addr */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->addr)); + written += 4; ptr += 4; + + /* Encode nulterm username */ + { + size_t len = strlen(obj->username); + trunnel_assert(written <= avail); + if (avail - written < len + 1) + goto truncated; + memcpy(ptr, obj->username, len + 1); + ptr += len + 1; written += len + 1; + } + + /* Encode union socks4a_addr[addr] */ + trunnel_assert(written <= avail); + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Encode nulterm socks4a_addr_hostname */ + { + size_t len = strlen(obj->socks4a_addr_hostname); + trunnel_assert(written <= avail); + if (avail - written < len + 1) + goto truncated; + memcpy(ptr, obj->socks4a_addr_hostname, len + 1); + ptr += len + 1; written += len + 1; + } + break; + + default: + break; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks4_client_request_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks4_client_request_parse_into(socks4_client_request_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [4] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 4)) + goto fail; + + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ + CHECK_REMAINING(1, truncated); + obj->command = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR)) + goto fail; + + /* Parse u16 port */ + CHECK_REMAINING(2, truncated); + obj->port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse u32 addr */ + CHECK_REMAINING(4, truncated); + obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + + /* Parse nulterm username */ + { + uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining); + size_t memlen; + if (eos == NULL) + goto truncated; + trunnel_assert(eos >= ptr); + trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1); + memlen = ((size_t)(eos - ptr)) + 1; + if (!(obj->username = trunnel_malloc(memlen))) + goto fail; + memcpy(obj->username, ptr, memlen); + remaining -= memlen; ptr += memlen; + } + + /* Parse union socks4a_addr[addr] */ + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Parse nulterm socks4a_addr_hostname */ + { + uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining); + size_t memlen; + if (eos == NULL) + goto truncated; + trunnel_assert(eos >= ptr); + trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1); + memlen = ((size_t)(eos - ptr)) + 1; + if (!(obj->socks4a_addr_hostname = trunnel_malloc(memlen))) + goto fail; + memcpy(obj->socks4a_addr_hostname, ptr, memlen); + remaining -= memlen; ptr += memlen; + } + break; + + default: + break; + } + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks4_client_request_new(); + if (NULL == *output) + return -1; + result = socks4_client_request_parse_into(*output, input, len_in); + if (result < 0) { + socks4_client_request_free(*output); + *output = NULL; + } + return result; +} +socks4_server_reply_t * +socks4_server_reply_new(void) +{ + socks4_server_reply_t *val = trunnel_calloc(1, sizeof(socks4_server_reply_t)); + if (NULL == val) + return NULL; + val->version = 4; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks4_server_reply_clear(socks4_server_reply_t *obj) +{ + (void) obj; +} + +void +socks4_server_reply_free(socks4_server_reply_t *obj) +{ + if (obj == NULL) + return; + socks4_server_reply_clear(obj); + trunnel_memwipe(obj, sizeof(socks4_server_reply_t)); + trunnel_free_(obj); +} + +uint8_t +socks4_server_reply_get_version(const socks4_server_reply_t *inp) +{ + return inp->version; +} +int +socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 4))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks4_server_reply_get_status(const socks4_server_reply_t *inp) +{ + return inp->status; +} +int +socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val) +{ + inp->status = val; + return 0; +} +uint16_t +socks4_server_reply_get_port(const socks4_server_reply_t *inp) +{ + return inp->port; +} +int +socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val) +{ + inp->port = val; + return 0; +} +uint32_t +socks4_server_reply_get_addr(const socks4_server_reply_t *inp) +{ + return inp->addr; +} +int +socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val) +{ + inp->addr = val; + return 0; +} +const char * +socks4_server_reply_check(const socks4_server_reply_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 4)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks4_server_reply_encoded_len(const socks4_server_reply_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks4_server_reply_check(obj)) + return -1; + + + /* Length of u8 version IN [4] */ + result += 1; + + /* Length of u8 status */ + result += 1; + + /* Length of u16 port */ + result += 2; + + /* Length of u32 addr */ + result += 4; + return result; +} +int +socks4_server_reply_clear_errors(socks4_server_reply_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks4_server_reply_encode(uint8_t *output, const size_t avail, const socks4_server_reply_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks4_server_reply_encoded_len(obj); +#endif + + if (NULL != (msg = socks4_server_reply_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [4] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 status */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->status)); + written += 1; ptr += 1; + + /* Encode u16 port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->port)); + written += 2; ptr += 2; + + /* Encode u32 addr */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->addr)); + written += 4; ptr += 4; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks4_server_reply_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks4_server_reply_parse_into(socks4_server_reply_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [4] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 4)) + goto fail; + + /* Parse u8 status */ + CHECK_REMAINING(1, truncated); + obj->status = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u16 port */ + CHECK_REMAINING(2, truncated); + obj->port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse u32 addr */ + CHECK_REMAINING(4, truncated); + obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks4_server_reply_new(); + if (NULL == *output) + return -1; + result = socks4_server_reply_parse_into(*output, input, len_in); + if (result < 0) { + socks4_server_reply_free(*output); + *output = NULL; + } + return result; +} +socks5_client_userpass_auth_t * +socks5_client_userpass_auth_new(void) +{ + socks5_client_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_client_userpass_auth_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_userpass_auth_clear(socks5_client_userpass_auth_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->username); + TRUNNEL_DYNARRAY_CLEAR(&obj->username); + TRUNNEL_DYNARRAY_WIPE(&obj->passwd); + TRUNNEL_DYNARRAY_CLEAR(&obj->passwd); +} + +void +socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *obj) +{ + if (obj == NULL) + return; + socks5_client_userpass_auth_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_userpass_auth_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp) +{ + return inp->version; +} +int +socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp) +{ + return inp->username_len; +} +int +socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + inp->username_len = val; + return 0; +} +size_t +socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->username); +} + +char +socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->username, idx); +} + +char +socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx) +{ + return socks5_client_userpass_auth_get_username((socks5_client_userpass_auth_t*)inp, idx); +} +int +socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->username, idx, elt); + return 0; +} +int +socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->username.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->username, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp) +{ + return inp->username.elts_; +} +const char * +socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp) +{ + return (const char *)socks5_client_userpass_auth_getarray_username((socks5_client_userpass_auth_t*)inp); +} +int +socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->username, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp) +{ + return trunnel_string_getstr(&inp->username); +} +int +socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->username, val, len, &inp->trunnel_error_code_); +} +int +socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val) +{ + return socks5_client_userpass_auth_setstr0_username(inp, val, strlen(val)); +} +uint8_t +socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp) +{ + return inp->passwd_len; +} +int +socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + inp->passwd_len = val; + return 0; +} +size_t +socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->passwd); +} + +char +socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->passwd, idx); +} + +char +socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx) +{ + return socks5_client_userpass_auth_get_passwd((socks5_client_userpass_auth_t*)inp, idx); +} +int +socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->passwd, idx, elt); + return 0; +} +int +socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->passwd.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->passwd, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp) +{ + return inp->passwd.elts_; +} +const char * +socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp) +{ + return (const char *)socks5_client_userpass_auth_getarray_passwd((socks5_client_userpass_auth_t*)inp); +} +int +socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->passwd, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp) +{ + return trunnel_string_getstr(&inp->passwd); +} +int +socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->passwd, val, len, &inp->trunnel_error_code_); +} +int +socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val) +{ + return socks5_client_userpass_auth_setstr0_passwd(inp, val, strlen(val)); +} +const char * +socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + if (TRUNNEL_DYNARRAY_LEN(&obj->username) != obj->username_len) + return "Length mismatch for username"; + if (TRUNNEL_DYNARRAY_LEN(&obj->passwd) != obj->passwd_len) + return "Length mismatch for passwd"; + return NULL; +} + +ssize_t +socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_userpass_auth_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u8 username_len */ + result += 1; + + /* Length of char username[username_len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->username); + + /* Length of u8 passwd_len */ + result += 1; + + /* Length of char passwd[passwd_len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->passwd); + return result; +} +int +socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_client_userpass_auth_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_userpass_auth_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_userpass_auth_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 username_len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->username_len)); + written += 1; ptr += 1; + + /* Encode char username[username_len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->username); + trunnel_assert(obj->username_len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->username.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + /* Encode u8 passwd_len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->passwd_len)); + written += 1; ptr += 1; + + /* Encode char passwd[passwd_len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->passwd); + trunnel_assert(obj->passwd_len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->passwd.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_userpass_auth_parse(), but do not allocate the + * output object. + */ +static ssize_t +socks5_client_userpass_auth_parse_into(socks5_client_userpass_auth_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u8 username_len */ + CHECK_REMAINING(1, truncated); + obj->username_len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char username[username_len] */ + CHECK_REMAINING(obj->username_len, truncated); + if (socks5_client_userpass_auth_setstr0_username(obj, (const char*)ptr, obj->username_len)) + goto fail; + ptr += obj->username_len; remaining -= obj->username_len; + + /* Parse u8 passwd_len */ + CHECK_REMAINING(1, truncated); + obj->passwd_len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char passwd[passwd_len] */ + CHECK_REMAINING(obj->passwd_len, truncated); + if (socks5_client_userpass_auth_setstr0_passwd(obj, (const char*)ptr, obj->passwd_len)) + goto fail; + ptr += obj->passwd_len; remaining -= obj->passwd_len; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_userpass_auth_new(); + if (NULL == *output) + return -1; + result = socks5_client_userpass_auth_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_userpass_auth_free(*output); + *output = NULL; + } + return result; +} +socks5_client_version_t * +socks5_client_version_new(void) +{ + socks5_client_version_t *val = trunnel_calloc(1, sizeof(socks5_client_version_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_version_clear(socks5_client_version_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->methods); + TRUNNEL_DYNARRAY_CLEAR(&obj->methods); +} + +void +socks5_client_version_free(socks5_client_version_t *obj) +{ + if (obj == NULL) + return; + socks5_client_version_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_version_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_version_get_version(const socks5_client_version_t *inp) +{ + return inp->version; +} +int +socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_version_get_n_methods(const socks5_client_version_t *inp) +{ + return inp->n_methods; +} +int +socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val) +{ + inp->n_methods = val; + return 0; +} +size_t +socks5_client_version_getlen_methods(const socks5_client_version_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->methods); +} + +uint8_t +socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->methods, idx); +} + +uint8_t +socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx) +{ + return socks5_client_version_get_methods((socks5_client_version_t*)inp, idx); +} +int +socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->methods, idx, elt); + return 0; +} +int +socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->methods.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->methods, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +uint8_t * +socks5_client_version_getarray_methods(socks5_client_version_t *inp) +{ + return inp->methods.elts_; +} +const uint8_t * +socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp) +{ + return (const uint8_t *)socks5_client_version_getarray_methods((socks5_client_version_t*)inp); +} +int +socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen) +{ + uint8_t *newptr; +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + newptr = trunnel_dynarray_setlen(&inp->methods.allocated_, + &inp->methods.n_, inp->methods.elts_, newlen, + sizeof(inp->methods.elts_[0]), (trunnel_free_fn_t) NULL, + &inp->trunnel_error_code_); + if (newlen != 0 && newptr == NULL) + goto trunnel_alloc_failed; + inp->methods.elts_ = newptr; + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_version_check(const socks5_client_version_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (TRUNNEL_DYNARRAY_LEN(&obj->methods) != obj->n_methods) + return "Length mismatch for methods"; + return NULL; +} + +ssize_t +socks5_client_version_encoded_len(const socks5_client_version_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_version_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 n_methods */ + result += 1; + + /* Length of u8 methods[n_methods] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->methods); + return result; +} +int +socks5_client_version_clear_errors(socks5_client_version_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_version_encode(uint8_t *output, const size_t avail, const socks5_client_version_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_version_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_version_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 n_methods */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->n_methods)); + written += 1; ptr += 1; + + /* Encode u8 methods[n_methods] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->methods); + trunnel_assert(obj->n_methods == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->methods.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_version_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_client_version_parse_into(socks5_client_version_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 n_methods */ + CHECK_REMAINING(1, truncated); + obj->n_methods = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u8 methods[n_methods] */ + CHECK_REMAINING(obj->n_methods, truncated); + TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->methods, obj->n_methods, {}); + obj->methods.n_ = obj->n_methods; + if (obj->n_methods) + memcpy(obj->methods.elts_, ptr, obj->n_methods); + ptr += obj->n_methods; remaining -= obj->n_methods; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + trunnel_alloc_failed: + return -1; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_version_new(); + if (NULL == *output) + return -1; + result = socks5_client_version_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_version_free(*output); + *output = NULL; + } + return result; +} +socks5_server_method_t * +socks5_server_method_new(void) +{ + socks5_server_method_t *val = trunnel_calloc(1, sizeof(socks5_server_method_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_method_clear(socks5_server_method_t *obj) +{ + (void) obj; +} + +void +socks5_server_method_free(socks5_server_method_t *obj) +{ + if (obj == NULL) + return; + socks5_server_method_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_method_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_method_get_version(const socks5_server_method_t *inp) +{ + return inp->version; +} +int +socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_method_get_method(const socks5_server_method_t *inp) +{ + return inp->method; +} +int +socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val) +{ + inp->method = val; + return 0; +} +const char * +socks5_server_method_check(const socks5_server_method_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks5_server_method_encoded_len(const socks5_server_method_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_method_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 method */ + result += 1; + return result; +} +int +socks5_server_method_clear_errors(socks5_server_method_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_method_encode(uint8_t *output, const size_t avail, const socks5_server_method_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_method_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_method_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 method */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->method)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_method_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_server_method_parse_into(socks5_server_method_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 method */ + CHECK_REMAINING(1, truncated); + obj->method = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_method_new(); + if (NULL == *output) + return -1; + result = socks5_server_method_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_method_free(*output); + *output = NULL; + } + return result; +} +socks5_server_userpass_auth_t * +socks5_server_userpass_auth_new(void) +{ + socks5_server_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpass_auth_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_userpass_auth_clear(socks5_server_userpass_auth_t *obj) +{ + (void) obj; +} + +void +socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *obj) +{ + if (obj == NULL) + return; + socks5_server_userpass_auth_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_userpass_auth_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp) +{ + return inp->version; +} +int +socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp) +{ + return inp->status; +} +int +socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val) +{ + inp->status = val; + return 0; +} +const char * +socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_userpass_auth_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u8 status */ + result += 1; + return result; +} +int +socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpass_auth_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_userpass_auth_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_userpass_auth_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 status */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->status)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_userpass_auth_parse(), but do not allocate the + * output object. + */ +static ssize_t +socks5_server_userpass_auth_parse_into(socks5_server_userpass_auth_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u8 status */ + CHECK_REMAINING(1, truncated); + obj->status = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_userpass_auth_new(); + if (NULL == *output) + return -1; + result = socks5_server_userpass_auth_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_userpass_auth_free(*output); + *output = NULL; + } + return result; +} +socks5_client_request_t * +socks5_client_request_new(void) +{ + socks5_client_request_t *val = trunnel_calloc(1, sizeof(socks5_client_request_t)); + if (NULL == val) + return NULL; + val->version = 5; + val->command = CMD_BIND; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_request_clear(socks5_client_request_t *obj) +{ + (void) obj; + domainname_free(obj->dest_addr_domainname); + obj->dest_addr_domainname = NULL; +} + +void +socks5_client_request_free(socks5_client_request_t *obj) +{ + if (obj == NULL) + return; + socks5_client_request_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_request_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_request_get_version(const socks5_client_request_t *inp) +{ + return inp->version; +} +int +socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_request_get_command(const socks5_client_request_t *inp) +{ + return inp->command; +} +int +socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->command = val; + return 0; +} +uint8_t +socks5_client_request_get_reserved(const socks5_client_request_t *inp) +{ + return inp->reserved; +} +int +socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; +} +uint8_t +socks5_client_request_get_atype(const socks5_client_request_t *inp) +{ + return inp->atype; +} +int +socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val) +{ + inp->atype = val; + return 0; +} +uint32_t +socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp) +{ + return inp->dest_addr_ipv4; +} +int +socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val) +{ + inp->dest_addr_ipv4 = val; + return 0; +} +size_t +socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp) +{ + (void)inp; return 16; +} + +uint8_t +socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx) +{ + trunnel_assert(idx < 16); + return inp->dest_addr_ipv6[idx]; +} + +uint8_t +socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx) +{ + return socks5_client_request_get_dest_addr_ipv6((socks5_client_request_t*)inp, idx); +} +int +socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt) +{ + trunnel_assert(idx < 16); + inp->dest_addr_ipv6[idx] = elt; + return 0; +} + +uint8_t * +socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp) +{ + return inp->dest_addr_ipv6; +} +const uint8_t * +socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp) +{ + return (const uint8_t *)socks5_client_request_getarray_dest_addr_ipv6((socks5_client_request_t*)inp); +} +struct domainname_st * +socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp) +{ + return inp->dest_addr_domainname; +} +const struct domainname_st * +socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp) +{ + return socks5_client_request_get_dest_addr_domainname((socks5_client_request_t*) inp); +} +int +socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) +{ + if (inp->dest_addr_domainname && inp->dest_addr_domainname != val) + domainname_free(inp->dest_addr_domainname); + return socks5_client_request_set0_dest_addr_domainname(inp, val); +} +int +socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) +{ + inp->dest_addr_domainname = val; + return 0; +} +uint16_t +socks5_client_request_get_dest_port(const socks5_client_request_t *inp) +{ + return inp->dest_port; +} +int +socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val) +{ + inp->dest_port = val; + return 0; +} +const char * +socks5_client_request_check(const socks5_client_request_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + return "Integer out of bounds"; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->dest_addr_domainname))) + return msg; + } + break; + + default: + return "Bad tag for union"; + break; + } + return NULL; +} + +ssize_t +socks5_client_request_encoded_len(const socks5_client_request_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_request_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + result += 1; + + /* Length of u8 reserved IN [0] */ + result += 1; + + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 dest_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 dest_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname dest_addr_domainname */ + result += domainname_encoded_len(obj->dest_addr_domainname); + break; + + default: + trunnel_assert(0); + break; + } + + /* Length of u16 dest_port */ + result += 2; + return result; +} +int +socks5_client_request_clear_errors(socks5_client_request_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_client_request_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_request_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_request_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->command)); + written += 1; ptr += 1; + + /* Encode u8 reserved IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; + + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union dest_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 dest_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->dest_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 dest_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->dest_addr_ipv6, 16); + written += 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Encode struct domainname dest_addr_domainname */ + trunnel_assert(written <= avail); + result = domainname_encode(ptr, avail - written, obj->dest_addr_domainname); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + break; + + default: + trunnel_assert(0); + break; + } + + /* Encode u16 dest_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->dest_port)); + written += 2; ptr += 2; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_request_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + CHECK_REMAINING(1, truncated); + obj->command = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + goto fail; + + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; + + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union dest_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 dest_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->dest_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 dest_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->dest_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname dest_addr_domainname */ + result = domainname_parse(&obj->dest_addr_domainname, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + break; + + default: + goto fail; + break; + } + + /* Parse u16 dest_port */ + CHECK_REMAINING(2, truncated); + obj->dest_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_request_new(); + if (NULL == *output) + return -1; + result = socks5_client_request_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_request_free(*output); + *output = NULL; + } + return result; +} +socks5_server_reply_t * +socks5_server_reply_new(void) +{ + socks5_server_reply_t *val = trunnel_calloc(1, sizeof(socks5_server_reply_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_reply_clear(socks5_server_reply_t *obj) +{ + (void) obj; + domainname_free(obj->bind_addr_domainname); + obj->bind_addr_domainname = NULL; +} + +void +socks5_server_reply_free(socks5_server_reply_t *obj) +{ + if (obj == NULL) + return; + socks5_server_reply_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_reply_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_reply_get_version(const socks5_server_reply_t *inp) +{ + return inp->version; +} +int +socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_reply_get_reply(const socks5_server_reply_t *inp) +{ + return inp->reply; +} +int +socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val) +{ + inp->reply = val; + return 0; +} +uint8_t +socks5_server_reply_get_reserved(const socks5_server_reply_t *inp) +{ + return inp->reserved; +} +int +socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; +} +uint8_t +socks5_server_reply_get_atype(const socks5_server_reply_t *inp) +{ + return inp->atype; +} +int +socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val) +{ + inp->atype = val; + return 0; +} +uint32_t +socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp) +{ + return inp->bind_addr_ipv4; +} +int +socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val) +{ + inp->bind_addr_ipv4 = val; + return 0; +} +size_t +socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp) +{ + (void)inp; return 16; +} + +uint8_t +socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx) +{ + trunnel_assert(idx < 16); + return inp->bind_addr_ipv6[idx]; +} + +uint8_t +socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx) +{ + return socks5_server_reply_get_bind_addr_ipv6((socks5_server_reply_t*)inp, idx); +} +int +socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt) +{ + trunnel_assert(idx < 16); + inp->bind_addr_ipv6[idx] = elt; + return 0; +} + +uint8_t * +socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp) +{ + return inp->bind_addr_ipv6; +} +const uint8_t * +socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp) +{ + return (const uint8_t *)socks5_server_reply_getarray_bind_addr_ipv6((socks5_server_reply_t*)inp); +} +struct domainname_st * +socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp) +{ + return inp->bind_addr_domainname; +} +const struct domainname_st * +socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp) +{ + return socks5_server_reply_get_bind_addr_domainname((socks5_server_reply_t*) inp); +} +int +socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) +{ + if (inp->bind_addr_domainname && inp->bind_addr_domainname != val) + domainname_free(inp->bind_addr_domainname); + return socks5_server_reply_set0_bind_addr_domainname(inp, val); +} +int +socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) +{ + inp->bind_addr_domainname = val; + return 0; +} +uint16_t +socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp) +{ + return inp->bind_port; +} +int +socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val) +{ + inp->bind_port = val; + return 0; +} +const char * +socks5_server_reply_check(const socks5_server_reply_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->bind_addr_domainname))) + return msg; + } + break; + + default: + return "Bad tag for union"; + break; + } + return NULL; +} + +ssize_t +socks5_server_reply_encoded_len(const socks5_server_reply_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_reply_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 reply */ + result += 1; + + /* Length of u8 reserved IN [0] */ + result += 1; + + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 bind_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 bind_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname bind_addr_domainname */ + result += domainname_encoded_len(obj->bind_addr_domainname); + break; + + default: + trunnel_assert(0); + break; + } + + /* Length of u16 bind_port */ + result += 2; + return result; +} +int +socks5_server_reply_clear_errors(socks5_server_reply_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_reply_encode(uint8_t *output, const size_t avail, const socks5_server_reply_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_reply_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_reply_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 reply */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reply)); + written += 1; ptr += 1; + + /* Encode u8 reserved IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; + + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union bind_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 bind_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->bind_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 bind_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->bind_addr_ipv6, 16); + written += 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Encode struct domainname bind_addr_domainname */ + trunnel_assert(written <= avail); + result = domainname_encode(ptr, avail - written, obj->bind_addr_domainname); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + break; + + default: + trunnel_assert(0); + break; + } + + /* Encode u16 bind_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->bind_port)); + written += 2; ptr += 2; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_reply_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_server_reply_parse_into(socks5_server_reply_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 reply */ + CHECK_REMAINING(1, truncated); + obj->reply = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; + + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union bind_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 bind_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->bind_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 bind_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->bind_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname bind_addr_domainname */ + result = domainname_parse(&obj->bind_addr_domainname, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + break; + + default: + goto fail; + break; + } + + /* Parse u16 bind_port */ + CHECK_REMAINING(2, truncated); + obj->bind_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_reply_new(); + if (NULL == *output) + return -1; + result = socks5_server_reply_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_reply_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h new file mode 100644 index 0000000000..d3bea152e7 --- /dev/null +++ b/src/trunnel/socks5.h @@ -0,0 +1,995 @@ +/* socks5.h -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_SOCKS5_H +#define TRUNNEL_SOCKS5_H + +#include <stdint.h> +#include "trunnel.h" + +#define CMD_CONNECT 1 +#define CMD_BIND 2 +#define CMD_UDP_ASSOCIATE 3 +#define CMD_RESOLVE 240 +#define CMD_RESOLVE_PTR 241 +#define ATYPE_IPV4 1 +#define ATYPE_IPV6 4 +#define ATYPE_DOMAINNAME 3 +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_DOMAINNAME) +struct domainname_st { + uint8_t len; + trunnel_string_t name; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct domainname_st domainname_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_CLIENT_REQUEST) +struct socks4_client_request_st { + uint8_t version; + uint8_t command; + uint16_t port; + uint32_t addr; + char *username; + char *socks4a_addr_hostname; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks4_client_request_st socks4_client_request_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_SERVER_REPLY) +struct socks4_server_reply_st { + uint8_t version; + uint8_t status; + uint16_t port; + uint32_t addr; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks4_server_reply_st socks4_server_reply_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_USERPASS_AUTH) +struct socks5_client_userpass_auth_st { + uint8_t version; + uint8_t username_len; + trunnel_string_t username; + uint8_t passwd_len; + trunnel_string_t passwd; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_userpass_auth_st socks5_client_userpass_auth_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_VERSION) +struct socks5_client_version_st { + uint8_t version; + uint8_t n_methods; + TRUNNEL_DYNARRAY_HEAD(, uint8_t) methods; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_version_st socks5_client_version_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_METHOD) +struct socks5_server_method_st { + uint8_t version; + uint8_t method; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_method_st socks5_server_method_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPASS_AUTH) +struct socks5_server_userpass_auth_st { + uint8_t version; + uint8_t status; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_userpass_auth_st socks5_server_userpass_auth_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_REQUEST) +struct socks5_client_request_st { + uint8_t version; + uint8_t command; + uint8_t reserved; + uint8_t atype; + uint32_t dest_addr_ipv4; + uint8_t dest_addr_ipv6[16]; + struct domainname_st *dest_addr_domainname; + uint16_t dest_port; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_request_st socks5_client_request_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_REPLY) +struct socks5_server_reply_st { + uint8_t version; + uint8_t reply; + uint8_t reserved; + uint8_t atype; + uint32_t bind_addr_ipv4; + uint8_t bind_addr_ipv6[16]; + struct domainname_st *bind_addr_domainname; + uint16_t bind_port; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_reply_st socks5_server_reply_t; +/** Return a newly allocated domainname with all elements set to zero. + */ +domainname_t *domainname_new(void); +/** Release all storage held by the domainname in 'victim'. (Do + * nothing if 'victim' is NULL.) + */ +void domainname_free(domainname_t *victim); +/** Try to parse a domainname from the buffer in 'input', using up to + * 'len_in' bytes from the input buffer. On success, return the number + * of bytes consumed and set *output to the newly allocated + * domainname_t. On failure, return -2 if the input appears truncated, + * and -1 if the input is otherwise invalid. + */ +ssize_t domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * domainname in 'obj'. On failure, return a negative value. Note that + * this value may be an overestimate, and can even be an underestimate + * for certain unencodeable objects. + */ +ssize_t domainname_encoded_len(const domainname_t *obj); +/** Try to encode the domainname from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t domainname_encode(uint8_t *output, size_t avail, const domainname_t *input); +/** Check whether the internal state of the domainname in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *domainname_check(const domainname_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int domainname_clear_errors(domainname_t *obj); +/** Return the value of the len field of the domainname_t in 'inp' + */ +uint8_t domainname_get_len(const domainname_t *inp); +/** Set the value of the len field of the domainname_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int domainname_set_len(domainname_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the name field of + * the domainname_t in 'inp'. + */ +size_t domainname_getlen_name(const domainname_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * name of the domainname_t in 'inp'. + */ +char domainname_get_name(domainname_t *inp, size_t idx); +/** As domainname_get_name, but take and return a const pointer + */ +char domainname_getconst_name(const domainname_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * name of the domainname_t in 'inp', so that it will hold the value + * 'elt'. + */ +int domainname_set_name(domainname_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field name of the + * domainname_t in 'inp'. + */ +int domainname_add_name(domainname_t *inp, char elt); +/** Return a pointer to the variable-length array field name of 'inp'. + */ +char * domainname_getarray_name(domainname_t *inp); +/** As domainname_get_name, but take and return a const pointer + */ +const char * domainname_getconstarray_name(const domainname_t *inp); +/** Change the length of the variable-length array field name of 'inp' + * to 'newlen'.Fill extra elements with 0. Return 0 on success; return + * -1 and set the error code on 'inp' on failure. + */ +int domainname_setlen_name(domainname_t *inp, size_t newlen); +/** Return the value of the name field of a domainname_t as a NUL- + * terminated string. + */ +const char * domainname_getstr_name(domainname_t *inp); +/** Set the value of the name field of a domainname_t to a given + * string of length 'len'. Return 0 on success; return -1 and set the + * error code on 'inp' on failure. + */ +int domainname_setstr0_name(domainname_t *inp, const char *val, size_t len); +/** Set the value of the name field of a domainname_t to a given NUL- + * terminated string. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int domainname_setstr_name(domainname_t *inp, const char *val); +/** Return a newly allocated socks4_client_request with all elements + * set to zero. + */ +socks4_client_request_t *socks4_client_request_new(void); +/** Release all storage held by the socks4_client_request in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks4_client_request_free(socks4_client_request_t *victim); +/** Try to parse a socks4_client_request from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks4_client_request_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks4_client_request in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks4_client_request_encoded_len(const socks4_client_request_t *obj); +/** Try to encode the socks4_client_request from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks4_client_request_encode(uint8_t *output, size_t avail, const socks4_client_request_t *input); +/** Check whether the internal state of the socks4_client_request in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks4_client_request_check(const socks4_client_request_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks4_client_request_clear_errors(socks4_client_request_t *obj); +/** Return the value of the version field of the + * socks4_client_request_t in 'inp' + */ +uint8_t socks4_client_request_get_version(const socks4_client_request_t *inp); +/** Set the value of the version field of the socks4_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val); +/** Return the value of the command field of the + * socks4_client_request_t in 'inp' + */ +uint8_t socks4_client_request_get_command(const socks4_client_request_t *inp); +/** Set the value of the command field of the socks4_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val); +/** Return the value of the port field of the socks4_client_request_t + * in 'inp' + */ +uint16_t socks4_client_request_get_port(const socks4_client_request_t *inp); +/** Set the value of the port field of the socks4_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val); +/** Return the value of the addr field of the socks4_client_request_t + * in 'inp' + */ +uint32_t socks4_client_request_get_addr(const socks4_client_request_t *inp); +/** Set the value of the addr field of the socks4_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val); +/** Return the value of the username field of the + * socks4_client_request_t in 'inp' + */ +const char * socks4_client_request_get_username(const socks4_client_request_t *inp); +/** Set the value of the username field of the socks4_client_request_t + * in 'inp' to 'val'. Free the old value if any. Does not steal the + * reference to 'val'.Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_username(socks4_client_request_t *inp, const char *val); +/** Return the value of the socks4a_addr_hostname field of the + * socks4_client_request_t in 'inp' + */ +const char * socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp); +/** Set the value of the socks4a_addr_hostname field of the + * socks4_client_request_t in 'inp' to 'val'. Free the old value if + * any. Does not steal the reference to 'val'.Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val); +/** Return a newly allocated socks4_server_reply with all elements set + * to zero. + */ +socks4_server_reply_t *socks4_server_reply_new(void); +/** Release all storage held by the socks4_server_reply in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks4_server_reply_free(socks4_server_reply_t *victim); +/** Try to parse a socks4_server_reply from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks4_server_reply_t. On failure, return -2 if the input + * appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks4_server_reply in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks4_server_reply_encoded_len(const socks4_server_reply_t *obj); +/** Try to encode the socks4_server_reply from 'input' into the buffer + * at 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks4_server_reply_encode(uint8_t *output, size_t avail, const socks4_server_reply_t *input); +/** Check whether the internal state of the socks4_server_reply in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks4_server_reply_check(const socks4_server_reply_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks4_server_reply_clear_errors(socks4_server_reply_t *obj); +/** Return the value of the version field of the socks4_server_reply_t + * in 'inp' + */ +uint8_t socks4_server_reply_get_version(const socks4_server_reply_t *inp); +/** Set the value of the version field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val); +/** Return the value of the status field of the socks4_server_reply_t + * in 'inp' + */ +uint8_t socks4_server_reply_get_status(const socks4_server_reply_t *inp); +/** Set the value of the status field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val); +/** Return the value of the port field of the socks4_server_reply_t in + * 'inp' + */ +uint16_t socks4_server_reply_get_port(const socks4_server_reply_t *inp); +/** Set the value of the port field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val); +/** Return the value of the addr field of the socks4_server_reply_t in + * 'inp' + */ +uint32_t socks4_server_reply_get_addr(const socks4_server_reply_t *inp); +/** Set the value of the addr field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val); +/** Return a newly allocated socks5_client_userpass_auth with all + * elements set to zero. + */ +socks5_client_userpass_auth_t *socks5_client_userpass_auth_new(void); +/** Release all storage held by the socks5_client_userpass_auth in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *victim); +/** Try to parse a socks5_client_userpass_auth from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated socks5_client_userpass_auth_t. On failure, return + * -2 if the input appears truncated, and -1 if the input is otherwise + * invalid. + */ +ssize_t socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_userpass_auth in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj); +/** Try to encode the socks5_client_userpass_auth from 'input' into + * the buffer at 'output', using up to 'avail' bytes of the output + * buffer. On success, return the number of bytes used. On failure, + * return -2 if the buffer was not long enough, and -1 if the input + * was invalid. + */ +ssize_t socks5_client_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_client_userpass_auth_t *input); +/** Check whether the internal state of the + * socks5_client_userpass_auth in 'obj' is consistent. Return NULL if + * it is, and a short message if it is not. + */ +const char *socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj); +/** Return the value of the version field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp); +/** Set the value of the version field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the value of the username_len field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp); +/** Set the value of the username_len field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the username field + * of the socks5_client_userpass_auth_t in 'inp'. + */ +size_t socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * username of the socks5_client_userpass_auth_t in 'inp'. + */ +char socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx); +/** As socks5_client_userpass_auth_get_username, but take and return a + * const pointer + */ +char socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * username of the socks5_client_userpass_auth_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field username of + * the socks5_client_userpass_auth_t in 'inp'. + */ +int socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt); +/** Return a pointer to the variable-length array field username of + * 'inp'. + */ +char * socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp); +/** As socks5_client_userpass_auth_get_username, but take and return a + * const pointer + */ +const char * socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp); +/** Change the length of the variable-length array field username of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen); +/** Return the value of the username field of a + * socks5_client_userpass_auth_t as a NUL-terminated string. + */ +const char * socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp); +/** Set the value of the username field of a + * socks5_client_userpass_auth_t to a given string of length 'len'. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len); +/** Set the value of the username field of a + * socks5_client_userpass_auth_t to a given NUL-terminated string. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val); +/** Return the value of the passwd_len field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp); +/** Set the value of the passwd_len field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the passwd field of + * the socks5_client_userpass_auth_t in 'inp'. + */ +size_t socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * passwd of the socks5_client_userpass_auth_t in 'inp'. + */ +char socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx); +/** As socks5_client_userpass_auth_get_passwd, but take and return a + * const pointer + */ +char socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * passwd of the socks5_client_userpass_auth_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field passwd of + * the socks5_client_userpass_auth_t in 'inp'. + */ +int socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt); +/** Return a pointer to the variable-length array field passwd of + * 'inp'. + */ +char * socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp); +/** As socks5_client_userpass_auth_get_passwd, but take and return a + * const pointer + */ +const char * socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp); +/** Change the length of the variable-length array field passwd of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen); +/** Return the value of the passwd field of a + * socks5_client_userpass_auth_t as a NUL-terminated string. + */ +const char * socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp); +/** Set the value of the passwd field of a + * socks5_client_userpass_auth_t to a given string of length 'len'. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len); +/** Set the value of the passwd field of a + * socks5_client_userpass_auth_t to a given NUL-terminated string. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val); +/** Return a newly allocated socks5_client_version with all elements + * set to zero. + */ +socks5_client_version_t *socks5_client_version_new(void); +/** Release all storage held by the socks5_client_version in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_client_version_free(socks5_client_version_t *victim); +/** Try to parse a socks5_client_version from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_client_version_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_version in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_version_encoded_len(const socks5_client_version_t *obj); +/** Try to encode the socks5_client_version from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_client_version_encode(uint8_t *output, size_t avail, const socks5_client_version_t *input); +/** Check whether the internal state of the socks5_client_version in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_client_version_check(const socks5_client_version_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_version_clear_errors(socks5_client_version_t *obj); +/** Return the value of the version field of the + * socks5_client_version_t in 'inp' + */ +uint8_t socks5_client_version_get_version(const socks5_client_version_t *inp); +/** Set the value of the version field of the socks5_client_version_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val); +/** Return the value of the n_methods field of the + * socks5_client_version_t in 'inp' + */ +uint8_t socks5_client_version_get_n_methods(const socks5_client_version_t *inp); +/** Set the value of the n_methods field of the + * socks5_client_version_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the methods field + * of the socks5_client_version_t in 'inp'. + */ +size_t socks5_client_version_getlen_methods(const socks5_client_version_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * methods of the socks5_client_version_t in 'inp'. + */ +uint8_t socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx); +/** As socks5_client_version_get_methods, but take and return a const + * pointer + */ +uint8_t socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * methods of the socks5_client_version_t in 'inp', so that it will + * hold the value 'elt'. + */ +int socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt); +/** Append a new element 'elt' to the dynamic array field methods of + * the socks5_client_version_t in 'inp'. + */ +int socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt); +/** Return a pointer to the variable-length array field methods of + * 'inp'. + */ +uint8_t * socks5_client_version_getarray_methods(socks5_client_version_t *inp); +/** As socks5_client_version_get_methods, but take and return a const + * pointer + */ +const uint8_t * socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp); +/** Change the length of the variable-length array field methods of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen); +/** Return a newly allocated socks5_server_method with all elements + * set to zero. + */ +socks5_server_method_t *socks5_server_method_new(void); +/** Release all storage held by the socks5_server_method in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_server_method_free(socks5_server_method_t *victim); +/** Try to parse a socks5_server_method from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_server_method_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_method in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_method_encoded_len(const socks5_server_method_t *obj); +/** Try to encode the socks5_server_method from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_server_method_encode(uint8_t *output, size_t avail, const socks5_server_method_t *input); +/** Check whether the internal state of the socks5_server_method in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_server_method_check(const socks5_server_method_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_method_clear_errors(socks5_server_method_t *obj); +/** Return the value of the version field of the + * socks5_server_method_t in 'inp' + */ +uint8_t socks5_server_method_get_version(const socks5_server_method_t *inp); +/** Set the value of the version field of the socks5_server_method_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val); +/** Return the value of the method field of the socks5_server_method_t + * in 'inp' + */ +uint8_t socks5_server_method_get_method(const socks5_server_method_t *inp); +/** Set the value of the method field of the socks5_server_method_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val); +/** Return a newly allocated socks5_server_userpass_auth with all + * elements set to zero. + */ +socks5_server_userpass_auth_t *socks5_server_userpass_auth_new(void); +/** Release all storage held by the socks5_server_userpass_auth in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *victim); +/** Try to parse a socks5_server_userpass_auth from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated socks5_server_userpass_auth_t. On failure, return + * -2 if the input appears truncated, and -1 if the input is otherwise + * invalid. + */ +ssize_t socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_userpass_auth in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj); +/** Try to encode the socks5_server_userpass_auth from 'input' into + * the buffer at 'output', using up to 'avail' bytes of the output + * buffer. On success, return the number of bytes used. On failure, + * return -2 if the buffer was not long enough, and -1 if the input + * was invalid. + */ +ssize_t socks5_server_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpass_auth_t *input); +/** Check whether the internal state of the + * socks5_server_userpass_auth in 'obj' is consistent. Return NULL if + * it is, and a short message if it is not. + */ +const char *socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj); +/** Return the value of the version field of the + * socks5_server_userpass_auth_t in 'inp' + */ +uint8_t socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp); +/** Set the value of the version field of the + * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val); +/** Return the value of the status field of the + * socks5_server_userpass_auth_t in 'inp' + */ +uint8_t socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp); +/** Set the value of the status field of the + * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val); +/** Return a newly allocated socks5_client_request with all elements + * set to zero. + */ +socks5_client_request_t *socks5_client_request_new(void); +/** Release all storage held by the socks5_client_request in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_client_request_free(socks5_client_request_t *victim); +/** Try to parse a socks5_client_request from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_client_request_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_request in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_request_encoded_len(const socks5_client_request_t *obj); +/** Try to encode the socks5_client_request from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_client_request_encode(uint8_t *output, size_t avail, const socks5_client_request_t *input); +/** Check whether the internal state of the socks5_client_request in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_client_request_check(const socks5_client_request_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_request_clear_errors(socks5_client_request_t *obj); +/** Return the value of the version field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_version(const socks5_client_request_t *inp); +/** Set the value of the version field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the command field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_command(const socks5_client_request_t *inp); +/** Set the value of the command field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the reserved field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_reserved(const socks5_client_request_t *inp); +/** Set the value of the reserved field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the atype field of the socks5_client_request_t + * in 'inp' + */ +uint8_t socks5_client_request_get_atype(const socks5_client_request_t *inp); +/** Set the value of the atype field of the socks5_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the dest_addr_ipv4 field of the + * socks5_client_request_t in 'inp' + */ +uint32_t socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp); +/** Set the value of the dest_addr_ipv4 field of the + * socks5_client_request_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val); +/** Return the (constant) length of the array holding the + * dest_addr_ipv6 field of the socks5_client_request_t in 'inp'. + */ +size_t socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp); +/** Return the element at position 'idx' of the fixed array field + * dest_addr_ipv6 of the socks5_client_request_t in 'inp'. + */ +uint8_t socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx); +/** As socks5_client_request_get_dest_addr_ipv6, but take and return a + * const pointer + */ +uint8_t socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx); +/** Change the element at position 'idx' of the fixed array field + * dest_addr_ipv6 of the socks5_client_request_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt); +/** Return a pointer to the 16-element array field dest_addr_ipv6 of + * 'inp'. + */ +uint8_t * socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp); +/** As socks5_client_request_get_dest_addr_ipv6, but take and return a + * const pointer + */ +const uint8_t * socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp); +/** Return the value of the dest_addr_domainname field of the + * socks5_client_request_t in 'inp' + */ +struct domainname_st * socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp); +/** As socks5_client_request_get_dest_addr_domainname, but take and + * return a const pointer + */ +const struct domainname_st * socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp); +/** Set the value of the dest_addr_domainname field of the + * socks5_client_request_t in 'inp' to 'val'. Free the old value if + * any. Steals the referenceto 'val'.Return 0 on success; return -1 + * and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val); +/** As socks5_client_request_set_dest_addr_domainname, but does not + * free the previous value. + */ +int socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val); +/** Return the value of the dest_port field of the + * socks5_client_request_t in 'inp' + */ +uint16_t socks5_client_request_get_dest_port(const socks5_client_request_t *inp); +/** Set the value of the dest_port field of the + * socks5_client_request_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val); +/** Return a newly allocated socks5_server_reply with all elements set + * to zero. + */ +socks5_server_reply_t *socks5_server_reply_new(void); +/** Release all storage held by the socks5_server_reply in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_server_reply_free(socks5_server_reply_t *victim); +/** Try to parse a socks5_server_reply from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_server_reply_t. On failure, return -2 if the input + * appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_reply in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_reply_encoded_len(const socks5_server_reply_t *obj); +/** Try to encode the socks5_server_reply from 'input' into the buffer + * at 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_server_reply_encode(uint8_t *output, size_t avail, const socks5_server_reply_t *input); +/** Check whether the internal state of the socks5_server_reply in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_server_reply_check(const socks5_server_reply_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_reply_clear_errors(socks5_server_reply_t *obj); +/** Return the value of the version field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_version(const socks5_server_reply_t *inp); +/** Set the value of the version field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the reply field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_reply(const socks5_server_reply_t *inp); +/** Set the value of the reply field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the reserved field of the + * socks5_server_reply_t in 'inp' + */ +uint8_t socks5_server_reply_get_reserved(const socks5_server_reply_t *inp); +/** Set the value of the reserved field of the socks5_server_reply_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the atype field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_atype(const socks5_server_reply_t *inp); +/** Set the value of the atype field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the bind_addr_ipv4 field of the + * socks5_server_reply_t in 'inp' + */ +uint32_t socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp); +/** Set the value of the bind_addr_ipv4 field of the + * socks5_server_reply_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val); +/** Return the (constant) length of the array holding the + * bind_addr_ipv6 field of the socks5_server_reply_t in 'inp'. + */ +size_t socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp); +/** Return the element at position 'idx' of the fixed array field + * bind_addr_ipv6 of the socks5_server_reply_t in 'inp'. + */ +uint8_t socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx); +/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a + * const pointer + */ +uint8_t socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx); +/** Change the element at position 'idx' of the fixed array field + * bind_addr_ipv6 of the socks5_server_reply_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt); +/** Return a pointer to the 16-element array field bind_addr_ipv6 of + * 'inp'. + */ +uint8_t * socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp); +/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a + * const pointer + */ +const uint8_t * socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp); +/** Return the value of the bind_addr_domainname field of the + * socks5_server_reply_t in 'inp' + */ +struct domainname_st * socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp); +/** As socks5_server_reply_get_bind_addr_domainname, but take and + * return a const pointer + */ +const struct domainname_st * socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp); +/** Set the value of the bind_addr_domainname field of the + * socks5_server_reply_t in 'inp' to 'val'. Free the old value if any. + * Steals the referenceto 'val'.Return 0 on success; return -1 and set + * the error code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val); +/** As socks5_server_reply_set_bind_addr_domainname, but does not free + * the previous value. + */ +int socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val); +/** Return the value of the bind_port field of the + * socks5_server_reply_t in 'inp' + */ +uint16_t socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp); +/** Set the value of the bind_port field of the socks5_server_reply_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val); + + +#endif diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel new file mode 100644 index 0000000000..b86ec03b9d --- /dev/null +++ b/src/trunnel/socks5.trunnel @@ -0,0 +1,94 @@ +// Example: here's a quickie implementation of the messages in the +// socks5 protocol. + +struct socks5_client_version { + u8 version IN [5]; + u8 n_methods; + u8 methods[n_methods]; +} + +struct socks5_server_method { + u8 version IN [5]; + u8 method; +} + +const CMD_CONNECT = 1; +const CMD_BIND = 2; +const CMD_UDP_ASSOCIATE = 3; +// This is a tor extension +const CMD_RESOLVE = 0xF0; +const CMD_RESOLVE_PTR = 0xF1; + +const ATYPE_IPV4 = 1; +const ATYPE_IPV6 = 4; +const ATYPE_DOMAINNAME = 3; + +struct domainname { + u8 len; + char name[len]; +} + +struct socks5_client_request { + u8 version IN [5]; + u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE, CMD_RESOLVE_PTR]; + u8 reserved IN [0]; + u8 atype; + union dest_addr[atype] { + ATYPE_IPV4: u32 ipv4; + ATYPE_IPV6: u8 ipv6[16]; + ATYPE_DOMAINNAME: struct domainname domainname; + default: fail; + }; + u16 dest_port; +} + +struct socks5_server_reply { + u8 version IN [5]; + u8 reply; + u8 reserved IN [0]; + u8 atype; + union bind_addr[atype] { + ATYPE_IPV4: u32 ipv4; + ATYPE_IPV6: u8 ipv6[16]; + ATYPE_DOMAINNAME: struct domainname domainname; + default: fail; + }; + u16 bind_port; +} + +struct socks5_client_userpass_auth { + u8 version IN [1]; + u8 username_len; + char username[username_len]; + u8 passwd_len; + char passwd[passwd_len]; +} + +struct socks5_server_userpass_auth { + u8 version IN [1]; + u8 status; +} + +// Oh why not. Here's socks4 and socks4a. + +struct socks4_client_request { + u8 version IN [4]; + u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE,CMD_RESOLVE_PTR]; + u16 port; + u32 addr; + nulterm username; + union socks4a_addr[addr] { + 1..255: + nulterm hostname; + default: + ; + }; +} + +struct socks4_server_reply { + u8 version IN [4]; + u8 status; + u16 port; + u32 addr; +} + |