2417 – SOCKS5 should respond with appropriate error reply in error situations

Bug 2417 - SOCKS5 should respond with appropriate error reply in error situations

Summary: SOCKS5 should respond with appropriate error reply in error situations

Status:	ASSIGNED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	6.8p1
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Damien Miller

URL:
Keywords:

Depends on:
Blocks:	2250
	Show dependency tree / graph

Reported:	2015-06-25 22:15 AEST by Jonas Berlin
Modified:	2016-06-17 14:52 AEST (History)
CC List:	1 user (show)

See Also:	2250

Attachments
Initial implementation proposal with a few TODOs that I don't know how to implement (3.43 KB, patch) 2015-06-25 22:15 AEST, Jonas Berlin	no flags	Details \| Diff
Initial implementation proposal with a few TODOs that I don't know how to implement (3.22 KB, patch) 2015-06-25 22:22 AEST, Jonas Berlin	no flags	Details \| Diff
tidied diff (8.07 KB, patch) 2015-10-31 09:18 AEDT, Damien Miller	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonas Berlin 2015-06-25 22:15:34 AEST

Created attachment 2656 [details]
Initial implementation proposal with a few TODOs that I don't know how to implement

- report "bad address type" error if requested address type is not supported
- report "ruleset block" error if requested hostname too long
- report "ruleset block", "connection refused" or "generic error" if server-side connection attempt failure result is "administratively prohibited", "connect failed" or something else, respectively.

Comment 1 Jonas Berlin 2015-06-25 22:17:12 AEST

This bug complements bug #2250 which handles one additional error situation

Comment 2 Jonas Berlin 2015-06-25 22:22:59 AEST

Created attachment 2657 [details]
Initial implementation proposal with a few TODOs that I don't know how to implement

removes #define that is already added by bug #2250 and not actually needed for this bug

Comment 3 Damien Miller 2015-10-31 09:18:27 AEDT

Created attachment 2744 [details]
tidied diff

I've tidied the diff up a bit, but I think we need some extra support in the channels code to allow the reply to connfailed requests to be sent in a timely manner.

Comment 4 Damien Miller 2016-06-17 14:52:18 AEST

Fixing this is required for Bug 2250 too, but I'm not going to attempt it until the channels code has been refactored a bit.