Attachment 2657 Details for Bug 2417 – Initial implementation proposal with a few TODOs that I don't know how to implement

[patch] Initial implementation proposal with a few TODOs that I don't know how to implement

openssh-6.8-socks5-error-reporting-fixes.patch (text/plain), 3.22 KB, created by Jonas Berlin on 2015-06-25 22:22:59 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Jonas Berlin

Created: 2015-06-25 22:22:59 AEST

Size: 3.22 KB

patch

obsolete

>--- channels.c.orig-6.8	2015-02-07 00:21:59.000000000 +0100
>+++ channels.c	2015-06-25 14:20:43.748020805 +0200
>@@ -1141,6 +1141,10 @@
> #define SSH_SOCKS5_IPV6		0x04
> #define SSH_SOCKS5_CONNECT	0x01
> #define SSH_SOCKS5_SUCCESS	0x00
>+#define SSH_SOCKS5_GENERICERROR	0x01
>+#define SSH_SOCKS5_RULESETBLOCK	0x02
>+#define SSH_SOCKS5_CONNREFUSED	0x05
>+#define SSH_SOCKS5_BADATYP	0x08
> 
> /* ARGSUSED */
> static int
>@@ -1214,6 +1218,17 @@
> 		break;
> 	default:
> 		debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
>+		s5_rsp.version = 0x05;
>+		s5_rsp.command = SSH_SOCKS5_BADATYP;
>+		s5_rsp.reserved = 0;			/* ignored */
>+		s5_rsp.atyp = SSH_SOCKS5_DOMAIN;
>+		dest_port = 0;				/* ignored */
>+
>+		buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
>+		buffer_put_char(&c->output, 0x00);	/* fake fqdn length = 0 */
>+		buffer_append(&c->output, &dest_port, sizeof(dest_port));
>+		FD_SET(c->sock, writeset);
>+		/* TODO ensure the bytes buffered by above function are sent, which might require changing the return value below */
> 		return -1;
> 	}
> 	need = sizeof(s5_req) + addrlen + 2;
>@@ -1233,6 +1248,18 @@
> 		if (addrlen >= NI_MAXHOST) {
> 			error("channel %d: dynamic request: socks5 hostname "
> 			    "\"%.100s\" too long", c->self, dest_addr);
>+
>+			s5_rsp.version = 0x05;
>+			s5_rsp.command = SSH_SOCKS5_RULESETBLOCK;
>+			s5_rsp.reserved = 0;			/* ignored */
>+			s5_rsp.atyp = SSH_SOCKS5_DOMAIN;
>+			dest_port = 0;				/* ignored */
>+
>+			buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
>+			buffer_put_char(&c->output, 0x00);	/* fake fqdn length = 0 */
>+			buffer_append(&c->output, &dest_port, sizeof(dest_port));
>+			FD_SET(c->sock, writeset);
>+			/* TODO ensure the bytes buffered by above function are sent, which might require changing the return value below */
> 			return -1;
> 		}
> 		c->path = xstrdup(dest_addr);
>@@ -2572,6 +2599,18 @@
> 	return "unknown reason";
> }
> 
>+static int
>+reason2socks5(int reason)
>+{
>+	switch (reason) {
>+	case SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED:
>+		return SSH_SOCKS5_RULESETBLOCK;
>+	case SSH2_OPEN_CONNECT_FAILED:
>+		return SSH_SOCKS5_CONNREFUSED;
>+	}
>+	return SSH_SOCKS5_GENERICERROR;
>+}
>+
> /* ARGSUSED */
> int
> channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
>@@ -2596,6 +2635,30 @@
> 		    reason2txt(reason), msg ? ": ": "", msg ? msg : "");
> 		free(msg);
> 		free(lang);
>+		/* TODO should this perhaps occur after open_confirm? */
>+		if (c->remote_name && strcmp(c->remote_name, "dynamic-tcpip") == 0 && (c->flags & SSH_SOCKS5_AUTHDONE)) {
>+			/* struct copied from channel_decode_socks5() */
>+			struct {
>+				u_int8_t version;
>+				u_int8_t command;
>+				u_int8_t reserved;
>+				u_int8_t atyp;
>+			} s5_rsp;
>+			u_int16_t dest_port;
>+
>+			s5_rsp.version = 0x05;
>+			s5_rsp.command = reason2socks5(reason);
>+			s5_rsp.reserved = 0;			/* ignored */
>+			s5_rsp.atyp = SSH_SOCKS5_DOMAIN;
>+			dest_port = 0;				/* ignored */
>+
>+			buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
>+			buffer_put_char(&c->output, 0x00);	/* fake fqdn length = 0 */
>+			buffer_append(&c->output, &dest_port, sizeof(dest_port));
>+			FD_SET(c->sock, writeset);
>+
>+			/* TODO will the data above get sent despite the chan_mark_dead() below? */
>+		}
> 		if (c->open_confirm) {
> 			debug2("callback start");
> 			c->open_confirm(c->self, 0, c->open_confirm_ctx);

Actions: View | Diff

Attachments on bug 2417: 2656 | 2657 | 2744