socks5: use appropriate ATYP for numerical IP address host names

When not resolving the address locallly (known as socks5h).

Add test 719 and 720 to verify.

Reported-by: Peter Piekarski
Fixes #8216
Closes #8217
This commit is contained in:
Daniel Stenberg 2022-01-03 11:29:21 +01:00
parent 53a3e90e06
commit effd2bd7ba
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
5 changed files with 143 additions and 7 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -38,6 +38,7 @@
#include "timeval.h"
#include "socks.h"
#include "multiif.h" /* for getsock macros */
#include "inet_pton.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@ -856,10 +857,32 @@ CURLproxycode Curl_SOCKS5(const char *proxy_user,
socksreq[len++] = 0; /* must be zero */
if(!socks5_resolve_local) {
socksreq[len++] = 3; /* ATYP: domain name = 3 */
socksreq[len++] = (char) hostname_len; /* one byte address length */
memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
len += hostname_len;
/* ATYP: domain name = 3,
IPv6 == 4,
IPv4 == 1 */
unsigned char ip4[4];
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip) {
char ip6[16];
if(1 != Curl_inet_pton(AF_INET6, hostname, ip6))
return CURLPX_BAD_ADDRESS_TYPE;
socksreq[len++] = 4;
memcpy(&socksreq[len], ip6, sizeof(ip6));
len += sizeof(ip6);
}
else
#endif
if(1 == Curl_inet_pton(AF_INET, hostname, ip4)) {
socksreq[len++] = 1;
memcpy(&socksreq[len], ip4, sizeof(ip4));
len += sizeof(ip4);
}
else {
socksreq[len++] = 3;
socksreq[len++] = (char) hostname_len; /* one byte address length */
memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
len += hostname_len;
}
infof(data, "SOCKS5 connect to %s:%d (remotely resolved)",
hostname, remote_port);
}

View File

@ -95,7 +95,7 @@ test670 test671 test672 test673 test674 test675 test676 test677 test678 \
\
test700 test701 test702 test703 test704 test705 test706 test707 test708 \
test709 test710 test711 test712 test713 test714 test715 test716 test717 \
test718 \
test718 test719 test720 \
\
test800 test801 test802 test803 test804 test805 test806 test807 test808 \
test809 test810 test811 test812 test813 test814 test815 test816 test817 \

56
tests/data/test719 Normal file
View File

@ -0,0 +1,56 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
SOCKS5
SOCKS5h
</keywords>
</info>
#
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
ETag: "21025-dc7-39462498"
Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html
Funny-head: yesyes
-foo-
</data>
</reply>
#
# Client-side
<client>
<server>
http-ipv6
socks5
</server>
<name>
HTTP GET with IPv6 numerical via SOCKS5h set with --proxy
</name>
<command>
http://%HOST6IP:%HTTP6PORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET /%TESTNUMBER HTTP/1.1
Host: %HOST6IP:%HTTP6PORT
User-Agent: curl/%VERSION
Accept: */*
</protocol>
</verify>
</testcase>

56
tests/data/test720 Normal file
View File

@ -0,0 +1,56 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
SOCKS5
SOCKS5h
</keywords>
</info>
#
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
ETag: "21025-dc7-39462498"
Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html
Funny-head: yesyes
-foo-
</data>
</reply>
#
# Client-side
<client>
<server>
http
socks5
</server>
<name>
HTTP GET with IPv4 numerical via SOCKS5h set with --proxy
</name>
<command>
http://12.34.56.78:%HTTPPORT/%TESTNUMBER --proxy socks5h://%HOSTIP:%SOCKSPORT
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET /%TESTNUMBER HTTP/1.1
Host: 12.34.56.78:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
</protocol>
</verify>
</testcase>

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -513,6 +513,7 @@ static curl_socket_t sockit(curl_socket_t fd)
logmsg("Request too short: %d, expected %d", rc, 4 + len + 2);
return CURL_SOCKET_BAD;
}
logmsg("Received ATYP %d", type);
if(!config.port) {
unsigned char *portp = &buffer[SOCKS5_DSTADDR + len];