summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Hogan <robert@roberthogan.net>2010-12-14 19:59:42 +0000
committerRobert Hogan <robert@roberthogan.net>2010-12-14 19:59:42 +0000
commit02c2d9a4aa2a7ce339e87be9c0c0dc23a6881c14 (patch)
treea52f037d79319d865647a0722e06677ad638f03d
parent8a2f7ef66ac3bee0d6885ec3ca16937fed0703bb (diff)
downloadtor-02c2d9a4aa2a7ce339e87be9c0c0dc23a6881c14.tar.gz
tor-02c2d9a4aa2a7ce339e87be9c0c0dc23a6881c14.zip
bug1666 - Pass-through support for SOCKS5 authentication(4)
Implement nickm's suggestion that we tolerate SOCKS5 clients that send authentication credentials and SOCKS commands all in one go.
-rw-r--r--src/or/buffers.c5
-rw-r--r--src/test/test.c49
2 files changed, 49 insertions, 5 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 5cd76fa0d6..445376f60e 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1658,11 +1658,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
*want_length_out = 2u+usernamelen;
return 0;
}
- if (datalen > 2u + usernamelen + 1u + passlen) {
- log_warn(LD_APP,
- "socks5: Malformed username/password. Rejecting.");
- return -1;
- }
req->replylen = 2; /* 2 bytes of response */
req->reply[0] = 5;
req->reply[1] = 0; /* authentication successful */
diff --git a/src/test/test.c b/src/test/test.c
index 8155c3f790..bac73f2709 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -398,6 +398,46 @@ done:
;
}
+/** Helper: Perform SOCKS 5 authentication and send data all in one go */
+static void
+test_buffers_socks5_authenticate_with_data_helper(const char *cp, buf_t *buf,
+ socks_request_t *socks)
+{
+ /* SOCKS 5 Negotiate username/password authentication */
+ cp = "\x05\x01\x02";
+ write_to_buf(cp, 3, buf);
+ test_assert(!fetch_from_buf_socks(buf, socks,
+ get_options()->TestSocks,
+ get_options()->SafeSocks));
+ test_eq(2, socks->replylen);
+ test_eq(5, socks->reply[0]);
+ test_eq(SOCKS_USER_PASS, socks->reply[1]);
+ test_eq(5, socks->socks_version);
+
+ /* SOCKS 5 Send username/password */
+ /* SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369 */
+ cp = "\x01\x02me\x02me\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11";
+ write_to_buf(cp, 17, buf);
+ test_assert(!fetch_from_buf_socks(buf, socks,
+ get_options()->TestSocks,
+ get_options()->SafeSocks));
+ test_eq(5, socks->socks_version);
+ test_eq(2, socks->replylen);
+ test_eq(5, socks->reply[0]);
+ test_eq(0, socks->reply[1]);
+
+ test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+ get_options()->SafeSocks) == 1);
+ test_eq(5, socks->socks_version);
+ test_eq(2, socks->replylen);
+ test_eq(5, socks->reply[0]);
+ test_eq(0, socks->reply[1]);
+ test_streq("2.2.2.2", socks->address);
+ test_eq(4369, socks->port);
+done:
+ ;
+}
+
/** Helper: Perform SOCKS 5 authentication before method negotiated */
static void
test_buffers_socks5_auth_before_negotiation_helper(const char *cp, buf_t *buf,
@@ -610,6 +650,15 @@ test_buffers(void)
buf = buf_new_with_capacity(256);
socks = tor_malloc_zero(sizeof(socks_request_t));;
+ /* A SOCKS 5 client that sends credentials and data in one go */
+ test_buffers_socks5_authenticate_with_data_helper(cp, buf, socks);
+
+ tor_free(socks);
+ buf_free(buf);
+ buf = NULL;
+ buf = buf_new_with_capacity(256);
+ socks = tor_malloc_zero(sizeof(socks_request_t));;
+
/* A SOCKS 5 client that doesn't want authentication */
test_buffers_socks5_no_authenticate_helper(cp, buf, socks);
test_buffers_socks5_supported_commands_helper(cp, buf, socks);