diff options
Diffstat (limited to 'app/openvpn/src/openvpn/socks.c')
-rw-r--r-- | app/openvpn/src/openvpn/socks.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/app/openvpn/src/openvpn/socks.c b/app/openvpn/src/openvpn/socks.c index 804c9836..72bdf550 100644 --- a/app/openvpn/src/openvpn/socks.c +++ b/app/openvpn/src/openvpn/socks.c @@ -38,8 +38,6 @@ #include "syshead.h" -#ifdef ENABLE_SOCKS - #include "common.h" #include "misc.h" #include "win32.h" @@ -189,10 +187,15 @@ socks_handshake (struct socks_proxy_info *p, char buf[2]; int len = 0; const int timeout_sec = 5; + ssize_t size; + + /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */ + char method_sel[3] = { 0x05, 0x01, 0x00 }; + if (p->authfile[0]) + method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */ - /* VER = 5, NMETHODS = 2, METHODS = [0 (no auth), 2 (plain login)] */ - const ssize_t size = send (sd, "\x05\x02\x00\x02", 4, MSG_NOSIGNAL); - if (size != 4) + size = send (sd, method_sel, sizeof (method_sel), MSG_NOSIGNAL); + if (size != sizeof (method_sel)) { msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()"); return false; @@ -252,6 +255,13 @@ socks_handshake (struct socks_proxy_info *p, return false; } + /* validate that the auth method returned is the one sent */ + if (buf[1] != method_sel[2]) + { + msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned unexpected auth"); + return false; + } + /* select the appropriate authentication method */ switch (buf[1]) { @@ -396,7 +406,7 @@ port_from_servname(const char* servname) port = atoi(servname); if(port >0 && port < 65536) return port; - + struct servent* service; service = getservbyname(servname, NULL); if(service) @@ -436,7 +446,7 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p, msg (D_LINK_ERRORS, "establish_socks_proxy_passthrough: Cannot convert %s to port number", servname); goto error; } - + buf[5 + len] = (char) (port >> 8); buf[5 + len + 1] = (char) (port & 0xff); @@ -448,7 +458,7 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p, goto error; } } - + /* receive reply from Socks proxy and discard */ if (!recv_socks_reply (sd, NULL, signal_received)) @@ -562,7 +572,3 @@ socks_process_outgoing_udp (struct buffer *buf, return 10; } - -#else -static void dummy(void) {} -#endif /* ENABLE_SOCKS */ |