Implement proposal 351

This proposal adds new syntax to the SOCKS5 username/password extension scheme,
so that requests with usernames starting with <torS0X> are now reserved.

For C tor, all we need to do is reject every username starting with <torS0X>
unless it is exactly "<torS0X>0".

2 files changed, 20 insertions, 0 deletions

diff --git a/changes/prop351 b/changes/prop351
new file mode 100644
index 0000000000..fca604f1a1
--- /dev/null
+++ b/changes/prop351
@@ -0,0 +1,7 @@
+  o Minor features (SOCKS):
+    - Detect invalid SOCKS5 username/password combinations according to
+      new extended parameters syntax.  (Currently, this rejects any
+      SOCKS5 username beginning with "<torS0X>", except for the username
+      "<torS0X>0". Such usernames are now reserved to communicate additional
+      parameters with other Tor implementations.)
+      Implements proposal 351.
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index 78767a94ff..90ec3a9636 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -451,6 +451,19 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req,
   const char *password =
    socks5_client_userpass_auth_getconstarray_passwd(trunnel_req);
 
+  /* Detect invalid SOCKS5 extended-parameter requests. */
+  if (usernamelen >= 8 &&
+      tor_memeq(username, "<torS0X>", 8)) {
+    /* This is indeed an extended-parameter request. */
+    if (usernamelen != 9 ||
+        tor_memneq(username, "<torS0X>0", 9)) {
+      /* This request is an unrecognized version, or it includes an Arti RPC
+       * object ID (which we do not recognize). */
+      res = SOCKS_RESULT_INVALID;
+      goto end;
+    }
+  }
+
   if (usernamelen && username) {
     tor_free(req->username);
     req->username = tor_memdup_nulterm(username, usernamelen);