| Summary: | SOCKS5 should respond with appropriate error reply in error situations | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jonas Berlin <mindrot.org> |
| Component: | ssh | Assignee: | Damien Miller <djm> |
| Status: | ASSIGNED --- | ||
| Severity: | enhancement | CC: | djm |
| Priority: | P5 | ||
| Version: | 6.8p1 | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugzilla.mindrot.org/show_bug.cgi?id=2250 | ||
| Bug Depends on: | |||
| Bug Blocks: | 2250 | ||
| Attachments: | |||
This bug complements bug #2250 which handles one additional error situation Created attachment 2657 [details] Initial implementation proposal with a few TODOs that I don't know how to implement removes #define that is already added by bug #2250 and not actually needed for this bug Created attachment 2744 [details]
tidied diff
I've tidied the diff up a bit, but I think we need some extra support in the channels code to allow the reply to connfailed requests to be sent in a timely manner.
|
Created attachment 2656 [details] Initial implementation proposal with a few TODOs that I don't know how to implement - report "bad address type" error if requested address type is not supported - report "ruleset block" error if requested hostname too long - report "ruleset block", "connection refused" or "generic error" if server-side connection attempt failure result is "administratively prohibited", "connect failed" or something else, respectively.