Commit cd34c46d authored by Mikio Hara's avatar Mikio Hara

go.net/proxy: fix desired destination address in SOCKS5 CONNECT

Both types IPv6 IPv4-mapped address and IPv4-compatible
address are not allowed to be used in wire protocols.

Fixes golang/go#4709.

Thank you raptium for original CL 6922050.

R=golang-dev, agl
CC=golang-dev, raptium
https://golang.org/cl/7220047
parent 61791144
...@@ -5,23 +5,26 @@ ...@@ -5,23 +5,26 @@
package proxy package proxy
import ( import (
"io"
"net" "net"
"net/url" "net/url"
"strconv"
"sync"
"testing" "testing"
) )
type testDialer struct { type testFromURLDialer struct {
network, addr string network, addr string
} }
func (t *testDialer) Dial(network, addr string) (net.Conn, error) { func (t *testFromURLDialer) Dial(network, addr string) (net.Conn, error) {
t.network = network t.network = network
t.addr = addr t.addr = addr
return nil, t return nil, t
} }
func (t *testDialer) Error() string { func (t *testFromURLDialer) Error() string {
return "testDialer " + t.network + " " + t.addr return "testFromURLDialer " + t.network + " " + t.addr
} }
func TestFromURL(t *testing.T) { func TestFromURL(t *testing.T) {
...@@ -30,7 +33,7 @@ func TestFromURL(t *testing.T) { ...@@ -30,7 +33,7 @@ func TestFromURL(t *testing.T) {
t.Fatalf("failed to parse URL: %s", err) t.Fatalf("failed to parse URL: %s", err)
} }
tp := &testDialer{} tp := &testFromURLDialer{}
proxy, err := FromURL(u, tp) proxy, err := FromURL(u, tp)
if err != nil { if err != nil {
t.Fatalf("FromURL failed: %s", err) t.Fatalf("FromURL failed: %s", err)
...@@ -40,7 +43,7 @@ func TestFromURL(t *testing.T) { ...@@ -40,7 +43,7 @@ func TestFromURL(t *testing.T) {
if conn != nil { if conn != nil {
t.Error("Dial unexpected didn't return an error") t.Error("Dial unexpected didn't return an error")
} }
if tp, ok := err.(*testDialer); ok { if tp, ok := err.(*testFromURLDialer); ok {
if tp.network != "tcp" || tp.addr != "1.2.3.4:5678" { if tp.network != "tcp" || tp.addr != "1.2.3.4:5678" {
t.Errorf("Dialer connected to wrong host. Wanted 1.2.3.4:5678, got: %v", tp) t.Errorf("Dialer connected to wrong host. Wanted 1.2.3.4:5678, got: %v", tp)
} }
...@@ -48,3 +51,70 @@ func TestFromURL(t *testing.T) { ...@@ -48,3 +51,70 @@ func TestFromURL(t *testing.T) {
t.Errorf("Unexpected error from Dial: %s", err) t.Errorf("Unexpected error from Dial: %s", err)
} }
} }
func TestSOCKS5(t *testing.T) {
endSystem, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("net.Listen failed: %v", err)
}
defer endSystem.Close()
gateway, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("net.Listen failed: %v", err)
}
defer gateway.Close()
wg := &sync.WaitGroup{}
go socks5Gateway(t, gateway, endSystem, wg)
wg.Add(1)
proxy, err := SOCKS5("tcp", gateway.Addr().String(), nil, Direct)
if err != nil {
t.Fatalf("SOCKS5 failed: %v", err)
}
if c, err := proxy.Dial("tcp", endSystem.Addr().String()); err != nil {
t.Fatalf("SOCKS5.Dial failed: %v", err)
} else {
c.Close()
}
wg.Wait()
}
func socks5Gateway(t *testing.T, gateway, endSystem net.Listener, wg *sync.WaitGroup) {
defer wg.Done()
c, err := gateway.Accept()
if err != nil {
t.Fatalf("net.Listener.Accept failed: %v", err)
}
defer c.Close()
b := make([]byte, 32)
if _, err := io.ReadFull(c, b[:3]); err != nil {
t.Fatalf("net.Conn.Read failed: %v", err)
}
if _, err := c.Write([]byte{socks5Version, socks5AuthNone}); err != nil {
t.Fatalf("net.Conn.Write failed: %v", err)
}
if _, err := io.ReadFull(c, b[:10]); err != nil {
t.Fatalf("net.Conn.Read failed: %v", err)
}
if b[0] != socks5Version || b[1] != socks5Connect || b[2] != 0x00 || b[3] != socks5IP4 {
t.Fatalf("got an unexpected packet: %v, %v, %v, %v", b[0], b[1], b[2], b[3])
}
copy(b[:4], []byte{socks5Version, 0x00, 0x00, socks5IP4})
host, port, err := net.SplitHostPort(endSystem.Addr().String())
if err != nil {
t.Fatalf("net.SplitHostPort failed: %v", err)
}
b = append(b, []byte(net.ParseIP(host).To4())...)
p, err := strconv.Atoi(port)
if err != nil {
t.Fatalf("strconv.Atoi failed: %v", err)
}
b = append(b, []byte{byte(p >> 8), byte(p)}...)
if _, err := c.Write(b); err != nil {
t.Fatalf("net.Conn.Write failed: %v", err)
}
}
...@@ -64,7 +64,6 @@ var socks5Errors = []string{ ...@@ -64,7 +64,6 @@ var socks5Errors = []string{
func (s *socks5) Dial(network, addr string) (net.Conn, error) { func (s *socks5) Dial(network, addr string) (net.Conn, error) {
switch network { switch network {
case "tcp", "tcp6", "tcp4": case "tcp", "tcp6", "tcp4":
break
default: default:
return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network) return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
} }
...@@ -103,11 +102,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { ...@@ -103,11 +102,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
buf = append(buf, 1 /* num auth methods */, socks5AuthNone) buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
} }
if _, err = conn.Write(buf); err != nil { if _, err := conn.Write(buf); err != nil {
return nil, errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
if _, err = io.ReadFull(conn, buf[:2]); err != nil { if _, err := io.ReadFull(conn, buf[:2]); err != nil {
return nil, errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
if buf[0] != 5 { if buf[0] != 5 {
...@@ -125,11 +124,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { ...@@ -125,11 +124,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
buf = append(buf, uint8(len(s.password))) buf = append(buf, uint8(len(s.password)))
buf = append(buf, s.password...) buf = append(buf, s.password...)
if _, err = conn.Write(buf); err != nil { if _, err := conn.Write(buf); err != nil {
return nil, errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
if _, err = io.ReadFull(conn, buf[:2]); err != nil { if _, err := io.ReadFull(conn, buf[:2]); err != nil {
return nil, errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
...@@ -142,12 +141,13 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { ...@@ -142,12 +141,13 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */) buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
if ip := net.ParseIP(host); ip != nil { if ip := net.ParseIP(host); ip != nil {
if ip.To4() != nil { if ip4 := ip.To4(); ip4 != nil {
buf = append(buf, socks5IP4) buf = append(buf, socks5IP4)
ip = ip4
} else { } else {
buf = append(buf, socks5IP6) buf = append(buf, socks5IP6)
} }
buf = append(buf, []byte(ip)...) buf = append(buf, ip...)
} else { } else {
buf = append(buf, socks5Domain) buf = append(buf, socks5Domain)
buf = append(buf, byte(len(host))) buf = append(buf, byte(len(host)))
...@@ -155,11 +155,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { ...@@ -155,11 +155,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
} }
buf = append(buf, byte(port>>8), byte(port)) buf = append(buf, byte(port>>8), byte(port))
if _, err = conn.Write(buf); err != nil { if _, err := conn.Write(buf); err != nil {
return nil, errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
if _, err = io.ReadFull(conn, buf[:4]); err != nil { if _, err := io.ReadFull(conn, buf[:4]); err != nil {
return nil, errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
...@@ -193,12 +193,12 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { ...@@ -193,12 +193,12 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
} else { } else {
buf = buf[:bytesToDiscard] buf = buf[:bytesToDiscard]
} }
if _, err = io.ReadFull(conn, buf); err != nil { if _, err := io.ReadFull(conn, buf); err != nil {
return nil, errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
// Also need to discard the port number // Also need to discard the port number
if _, err = io.ReadFull(conn, buf[:2]); err != nil { if _, err := io.ReadFull(conn, buf[:2]); err != nil {
return nil, errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error()) return nil, errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment