From adbe6a25215b5f2c626a0801a49d596c0e478b5c Mon Sep 17 00:00:00 2001 From: rl1987 Date: Sun, 13 May 2018 14:06:43 +0200 Subject: [PATCH 01/24] Copy socks5.trunnel from trunnel examples dir --- src/trunnel/socks5.trunnel | 115 +++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 src/trunnel/socks5.trunnel diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel new file mode 100644 index 0000000000..ab53a4315f --- /dev/null +++ b/src/trunnel/socks5.trunnel @@ -0,0 +1,115 @@ +// Example: here's a quickie implementation of the messages in the +// socks5 protocol. + +struct socks5_client_version { + u8 version IN [5]; + u8 n_methods; + u8 methods[n_methods]; +} + +struct socks5_server_method { + u8 version IN [5]; + u8 method; +} + +const CMD_CONNECT = 1; +const CMD_BIND = 2; +const CMD_UDP_ASSOCIATE = 3; +// This is a tor extension +const CMD_RESOLVE_PTR = 0xF1; + +const ATYPE_IPV4 = 1; +const ATYPE_IPV6 = 4; +const ATYPE_DOMAINNAME = 3; + +struct domainname { + u8 len; + char name[len]; +} + +struct socks5_client_request { + u8 version IN [5]; + u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE_PTR]; + u8 reserved IN [0]; + u8 atype; + union dest_addr[atype] { + ATYPE_IPV4: u32 ipv4; + ATYPE_IPV6: u8 ipv6[16]; + ATYPE_DOMAINNAME: struct domainname domainname; + default: fail; + }; + u16 dest_port; +} + +struct socks5_server_reply { + u8 version IN [5]; + u8 reply; + u8 reserved IN [0]; + u8 atype; + union bind_addr[atype] { + ATYPE_IPV4: u32 ipv4; + ATYPE_IPV6: u8 ipv6[16]; + ATYPE_DOMAINNAME: struct domainname domainname; + default: fail; + }; + u16 bind_port; +} + +struct socks5_client_userpass_auth { + u8 version IN [1]; + u8 username_len; + char username[username_len]; + u8 passwd_len; + char passwd[passwd_len]; +} + +struct socks5_server_userpath_auth { + u8 version IN [1]; + u8 status; +} + +// Oh why not. Here's socks4 and socks4a. + +struct socks4_client_request { + u8 version IN [4]; + u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE_PTR]; + u16 port; + u32 addr; + nulterm username; + union socks4a_addr[addr] { + 1..255: + nulterm hostname; + default: + ; + }; +} + +struct socks4_server_reply { + u8 version IN [4]; + u8 status; + u16 port; + u32 addr; +} + +// And here's the extended stuff from proposal 229 + +struct tor_socksauth_keyval { + u16 keylen; + char key[keylen]; + u16 vallen; + char val[vallen]; +} + +struct tor_extended_socks_auth_request { + u8 version IN [1]; + u16 npairs; + struct tor_socksauth_keyval pairs[npairs]; +} + +struct tor_extended_socks_auth_response { + u8 version IN [1]; + u8 status; + u16 npairs; + struct tor_socksauth_keyval pairs[npairs]; +} + From 240f33e3274fd0e9c2f97f6d3cb1e0f99263e9c7 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Sun, 13 May 2018 14:13:15 +0200 Subject: [PATCH 02/24] Generate trunnel impls and include into build --- src/trunnel/include.am | 9 +- src/trunnel/socks5.c | 5054 ++++++++++++++++++++++++++++++++++++++++ src/trunnel/socks5.h | 1370 +++++++++++ 3 files changed, 6430 insertions(+), 3 deletions(-) create mode 100644 src/trunnel/socks5.c create mode 100644 src/trunnel/socks5.h diff --git a/src/trunnel/include.am b/src/trunnel/include.am index 5a0a79c3a0..03c1753e96 100644 --- a/src/trunnel/include.am +++ b/src/trunnel/include.am @@ -10,7 +10,8 @@ TRUNNELINPUTS = \ src/trunnel/ed25519_cert.trunnel \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ - src/trunnel/channelpadding_negotiation.trunnel + src/trunnel/channelpadding_negotiation.trunnel \ + src/trunner/socks5.trunnel TRUNNELSOURCES = \ src/ext/trunnel/trunnel.c \ @@ -21,7 +22,8 @@ TRUNNELSOURCES = \ src/trunnel/hs/cell_establish_intro.c \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ - src/trunnel/channelpadding_negotiation.c + src/trunnel/channelpadding_negotiation.c \ + src/trunnel/socks5.c TRUNNELHEADERS = \ src/ext/trunnel/trunnel.h \ @@ -34,7 +36,8 @@ TRUNNELHEADERS = \ src/trunnel/hs/cell_establish_intro.h \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ - src/trunnel/channelpadding_negotiation.h + src/trunnel/channelpadding_negotiation.h \ + src/trunnel/socks5.h src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES) src_trunnel_libor_trunnel_a_CPPFLAGS = \ diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c new file mode 100644 index 0000000000..7bc6e5fe7c --- /dev/null +++ b/src/trunnel/socks5.c @@ -0,0 +1,5054 @@ +/* socks5.c -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include +#include "trunnel-impl.h" + +#include "socks5.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int socks_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || socks_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +domainname_t * +domainname_new(void) +{ + domainname_t *val = trunnel_calloc(1, sizeof(domainname_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +domainname_clear(domainname_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->name); + TRUNNEL_DYNARRAY_CLEAR(&obj->name); +} + +void +domainname_free(domainname_t *obj) +{ + if (obj == NULL) + return; + domainname_clear(obj); + trunnel_memwipe(obj, sizeof(domainname_t)); + trunnel_free_(obj); +} + +uint8_t +domainname_get_len(const domainname_t *inp) +{ + return inp->len; +} +int +domainname_set_len(domainname_t *inp, uint8_t val) +{ + inp->len = val; + return 0; +} +size_t +domainname_getlen_name(const domainname_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->name); +} + +char +domainname_get_name(domainname_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->name, idx); +} + +char +domainname_getconst_name(const domainname_t *inp, size_t idx) +{ + return domainname_get_name((domainname_t*)inp, idx); +} +int +domainname_set_name(domainname_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->name, idx, elt); + return 0; +} +int +domainname_add_name(domainname_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->name.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->name, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +domainname_getarray_name(domainname_t *inp) +{ + return inp->name.elts_; +} +const char * +domainname_getconstarray_name(const domainname_t *inp) +{ + return (const char *)domainname_getarray_name((domainname_t*)inp); +} +int +domainname_setlen_name(domainname_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->name, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +domainname_getstr_name(domainname_t *inp) +{ + return trunnel_string_getstr(&inp->name); +} +int +domainname_setstr0_name(domainname_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->name, val, len, &inp->trunnel_error_code_); +} +int +domainname_setstr_name(domainname_t *inp, const char *val) +{ + return domainname_setstr0_name(inp, val, strlen(val)); +} +const char * +domainname_check(const domainname_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (TRUNNEL_DYNARRAY_LEN(&obj->name) != obj->len) + return "Length mismatch for name"; + return NULL; +} + +ssize_t +domainname_encoded_len(const domainname_t *obj) +{ + ssize_t result = 0; + + if (NULL != domainname_check(obj)) + return -1; + + + /* Length of u8 len */ + result += 1; + + /* Length of char name[len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->name); + return result; +} +int +domainname_clear_errors(domainname_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +domainname_encode(uint8_t *output, const size_t avail, const domainname_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = domainname_encoded_len(obj); +#endif + + if (NULL != (msg = domainname_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->len)); + written += 1; ptr += 1; + + /* Encode char name[len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->name); + trunnel_assert(obj->len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->name.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As domainname_parse(), but do not allocate the output object. + */ +static ssize_t +domainname_parse_into(domainname_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 len */ + CHECK_REMAINING(1, truncated); + obj->len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char name[len] */ + CHECK_REMAINING(obj->len, truncated); + if (domainname_setstr0_name(obj, (const char*)ptr, obj->len)) + goto fail; + ptr += obj->len; remaining -= obj->len; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = domainname_new(); + if (NULL == *output) + return -1; + result = domainname_parse_into(*output, input, len_in); + if (result < 0) { + domainname_free(*output); + *output = NULL; + } + return result; +} +socks4_client_request_t * +socks4_client_request_new(void) +{ + socks4_client_request_t *val = trunnel_calloc(1, sizeof(socks4_client_request_t)); + if (NULL == val) + return NULL; + val->version = 4; + val->command = CMD_BIND; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks4_client_request_clear(socks4_client_request_t *obj) +{ + (void) obj; + trunnel_wipestr(obj->username); + trunnel_free(obj->username); + trunnel_wipestr(obj->socks4a_addr_hostname); + trunnel_free(obj->socks4a_addr_hostname); +} + +void +socks4_client_request_free(socks4_client_request_t *obj) +{ + if (obj == NULL) + return; + socks4_client_request_clear(obj); + trunnel_memwipe(obj, sizeof(socks4_client_request_t)); + trunnel_free_(obj); +} + +uint8_t +socks4_client_request_get_version(const socks4_client_request_t *inp) +{ + return inp->version; +} +int +socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val) +{ + if (! ((val == 4))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks4_client_request_get_command(const socks4_client_request_t *inp) +{ + return inp->command; +} +int +socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val) +{ + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->command = val; + return 0; +} +uint16_t +socks4_client_request_get_port(const socks4_client_request_t *inp) +{ + return inp->port; +} +int +socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val) +{ + inp->port = val; + return 0; +} +uint32_t +socks4_client_request_get_addr(const socks4_client_request_t *inp) +{ + return inp->addr; +} +int +socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val) +{ + inp->addr = val; + return 0; +} +const char * +socks4_client_request_get_username(const socks4_client_request_t *inp) +{ + return inp->username; +} +int +socks4_client_request_set_username(socks4_client_request_t *inp, const char *val) +{ + trunnel_free(inp->username); + if (NULL == (inp->username = trunnel_strdup(val))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + return 0; +} +const char * +socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp) +{ + return inp->socks4a_addr_hostname; +} +int +socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val) +{ + trunnel_free(inp->socks4a_addr_hostname); + if (NULL == (inp->socks4a_addr_hostname = trunnel_strdup(val))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + return 0; +} +const char * +socks4_client_request_check(const socks4_client_request_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 4)) + return "Integer out of bounds"; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR)) + return "Integer out of bounds"; + if (NULL == obj->username) + return "Missing username"; + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + if (NULL == obj->socks4a_addr_hostname) + return "Missing socks4a_addr_hostname"; + break; + + default: + break; + } + return NULL; +} + +ssize_t +socks4_client_request_encoded_len(const socks4_client_request_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks4_client_request_check(obj)) + return -1; + + + /* Length of u8 version IN [4] */ + result += 1; + + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + result += 1; + + /* Length of u16 port */ + result += 2; + + /* Length of u32 addr */ + result += 4; + + /* Length of nulterm username */ + result += strlen(obj->username) + 1; + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Length of nulterm socks4a_addr_hostname */ + result += strlen(obj->socks4a_addr_hostname) + 1; + break; + + default: + break; + } + return result; +} +int +socks4_client_request_clear_errors(socks4_client_request_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks4_client_request_encode(uint8_t *output, const size_t avail, const socks4_client_request_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks4_client_request_encoded_len(obj); +#endif + + if (NULL != (msg = socks4_client_request_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [4] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->command)); + written += 1; ptr += 1; + + /* Encode u16 port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->port)); + written += 2; ptr += 2; + + /* Encode u32 addr */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->addr)); + written += 4; ptr += 4; + + /* Encode nulterm username */ + { + size_t len = strlen(obj->username); + trunnel_assert(written <= avail); + if (avail - written < len + 1) + goto truncated; + memcpy(ptr, obj->username, len + 1); + ptr += len + 1; written += len + 1; + } + + /* Encode union socks4a_addr[addr] */ + trunnel_assert(written <= avail); + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Encode nulterm socks4a_addr_hostname */ + { + size_t len = strlen(obj->socks4a_addr_hostname); + trunnel_assert(written <= avail); + if (avail - written < len + 1) + goto truncated; + memcpy(ptr, obj->socks4a_addr_hostname, len + 1); + ptr += len + 1; written += len + 1; + } + break; + + default: + break; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks4_client_request_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks4_client_request_parse_into(socks4_client_request_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [4] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 4)) + goto fail; + + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + CHECK_REMAINING(1, truncated); + obj->command = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR)) + goto fail; + + /* Parse u16 port */ + CHECK_REMAINING(2, truncated); + obj->port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse u32 addr */ + CHECK_REMAINING(4, truncated); + obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + + /* Parse nulterm username */ + { + uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining); + size_t memlen; + if (eos == NULL) + goto truncated; + trunnel_assert(eos >= ptr); + trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1); + memlen = ((size_t)(eos - ptr)) + 1; + if (!(obj->username = trunnel_malloc(memlen))) + goto fail; + memcpy(obj->username, ptr, memlen); + remaining -= memlen; ptr += memlen; + } + + /* Parse union socks4a_addr[addr] */ + switch (obj->addr) { + + case 1: + case 2: + case 3: + case 4: + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + case 14: + case 15: + case 16: + case 17: + case 18: + case 19: + case 20: + case 21: + case 22: + case 23: + case 24: + case 25: + case 26: + case 27: + case 28: + case 29: + case 30: + case 31: + case 32: + case 33: + case 34: + case 35: + case 36: + case 37: + case 38: + case 39: + case 40: + case 41: + case 42: + case 43: + case 44: + case 45: + case 46: + case 47: + case 48: + case 49: + case 50: + case 51: + case 52: + case 53: + case 54: + case 55: + case 56: + case 57: + case 58: + case 59: + case 60: + case 61: + case 62: + case 63: + case 64: + case 65: + case 66: + case 67: + case 68: + case 69: + case 70: + case 71: + case 72: + case 73: + case 74: + case 75: + case 76: + case 77: + case 78: + case 79: + case 80: + case 81: + case 82: + case 83: + case 84: + case 85: + case 86: + case 87: + case 88: + case 89: + case 90: + case 91: + case 92: + case 93: + case 94: + case 95: + case 96: + case 97: + case 98: + case 99: + case 100: + case 101: + case 102: + case 103: + case 104: + case 105: + case 106: + case 107: + case 108: + case 109: + case 110: + case 111: + case 112: + case 113: + case 114: + case 115: + case 116: + case 117: + case 118: + case 119: + case 120: + case 121: + case 122: + case 123: + case 124: + case 125: + case 126: + case 127: + case 128: + case 129: + case 130: + case 131: + case 132: + case 133: + case 134: + case 135: + case 136: + case 137: + case 138: + case 139: + case 140: + case 141: + case 142: + case 143: + case 144: + case 145: + case 146: + case 147: + case 148: + case 149: + case 150: + case 151: + case 152: + case 153: + case 154: + case 155: + case 156: + case 157: + case 158: + case 159: + case 160: + case 161: + case 162: + case 163: + case 164: + case 165: + case 166: + case 167: + case 168: + case 169: + case 170: + case 171: + case 172: + case 173: + case 174: + case 175: + case 176: + case 177: + case 178: + case 179: + case 180: + case 181: + case 182: + case 183: + case 184: + case 185: + case 186: + case 187: + case 188: + case 189: + case 190: + case 191: + case 192: + case 193: + case 194: + case 195: + case 196: + case 197: + case 198: + case 199: + case 200: + case 201: + case 202: + case 203: + case 204: + case 205: + case 206: + case 207: + case 208: + case 209: + case 210: + case 211: + case 212: + case 213: + case 214: + case 215: + case 216: + case 217: + case 218: + case 219: + case 220: + case 221: + case 222: + case 223: + case 224: + case 225: + case 226: + case 227: + case 228: + case 229: + case 230: + case 231: + case 232: + case 233: + case 234: + case 235: + case 236: + case 237: + case 238: + case 239: + case 240: + case 241: + case 242: + case 243: + case 244: + case 245: + case 246: + case 247: + case 248: + case 249: + case 250: + case 251: + case 252: + case 253: + case 254: + case 255: + + /* Parse nulterm socks4a_addr_hostname */ + { + uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining); + size_t memlen; + if (eos == NULL) + goto truncated; + trunnel_assert(eos >= ptr); + trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1); + memlen = ((size_t)(eos - ptr)) + 1; + if (!(obj->socks4a_addr_hostname = trunnel_malloc(memlen))) + goto fail; + memcpy(obj->socks4a_addr_hostname, ptr, memlen); + remaining -= memlen; ptr += memlen; + } + break; + + default: + break; + } + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks4_client_request_new(); + if (NULL == *output) + return -1; + result = socks4_client_request_parse_into(*output, input, len_in); + if (result < 0) { + socks4_client_request_free(*output); + *output = NULL; + } + return result; +} +socks4_server_reply_t * +socks4_server_reply_new(void) +{ + socks4_server_reply_t *val = trunnel_calloc(1, sizeof(socks4_server_reply_t)); + if (NULL == val) + return NULL; + val->version = 4; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks4_server_reply_clear(socks4_server_reply_t *obj) +{ + (void) obj; +} + +void +socks4_server_reply_free(socks4_server_reply_t *obj) +{ + if (obj == NULL) + return; + socks4_server_reply_clear(obj); + trunnel_memwipe(obj, sizeof(socks4_server_reply_t)); + trunnel_free_(obj); +} + +uint8_t +socks4_server_reply_get_version(const socks4_server_reply_t *inp) +{ + return inp->version; +} +int +socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 4))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks4_server_reply_get_status(const socks4_server_reply_t *inp) +{ + return inp->status; +} +int +socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val) +{ + inp->status = val; + return 0; +} +uint16_t +socks4_server_reply_get_port(const socks4_server_reply_t *inp) +{ + return inp->port; +} +int +socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val) +{ + inp->port = val; + return 0; +} +uint32_t +socks4_server_reply_get_addr(const socks4_server_reply_t *inp) +{ + return inp->addr; +} +int +socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val) +{ + inp->addr = val; + return 0; +} +const char * +socks4_server_reply_check(const socks4_server_reply_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 4)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks4_server_reply_encoded_len(const socks4_server_reply_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks4_server_reply_check(obj)) + return -1; + + + /* Length of u8 version IN [4] */ + result += 1; + + /* Length of u8 status */ + result += 1; + + /* Length of u16 port */ + result += 2; + + /* Length of u32 addr */ + result += 4; + return result; +} +int +socks4_server_reply_clear_errors(socks4_server_reply_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks4_server_reply_encode(uint8_t *output, const size_t avail, const socks4_server_reply_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks4_server_reply_encoded_len(obj); +#endif + + if (NULL != (msg = socks4_server_reply_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [4] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 status */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->status)); + written += 1; ptr += 1; + + /* Encode u16 port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->port)); + written += 2; ptr += 2; + + /* Encode u32 addr */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->addr)); + written += 4; ptr += 4; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks4_server_reply_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks4_server_reply_parse_into(socks4_server_reply_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [4] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 4)) + goto fail; + + /* Parse u8 status */ + CHECK_REMAINING(1, truncated); + obj->status = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u16 port */ + CHECK_REMAINING(2, truncated); + obj->port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse u32 addr */ + CHECK_REMAINING(4, truncated); + obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks4_server_reply_new(); + if (NULL == *output) + return -1; + result = socks4_server_reply_parse_into(*output, input, len_in); + if (result < 0) { + socks4_server_reply_free(*output); + *output = NULL; + } + return result; +} +socks5_client_userpass_auth_t * +socks5_client_userpass_auth_new(void) +{ + socks5_client_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_client_userpass_auth_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_userpass_auth_clear(socks5_client_userpass_auth_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->username); + TRUNNEL_DYNARRAY_CLEAR(&obj->username); + TRUNNEL_DYNARRAY_WIPE(&obj->passwd); + TRUNNEL_DYNARRAY_CLEAR(&obj->passwd); +} + +void +socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *obj) +{ + if (obj == NULL) + return; + socks5_client_userpass_auth_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_userpass_auth_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp) +{ + return inp->version; +} +int +socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp) +{ + return inp->username_len; +} +int +socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + inp->username_len = val; + return 0; +} +size_t +socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->username); +} + +char +socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->username, idx); +} + +char +socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx) +{ + return socks5_client_userpass_auth_get_username((socks5_client_userpass_auth_t*)inp, idx); +} +int +socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->username, idx, elt); + return 0; +} +int +socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->username.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->username, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp) +{ + return inp->username.elts_; +} +const char * +socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp) +{ + return (const char *)socks5_client_userpass_auth_getarray_username((socks5_client_userpass_auth_t*)inp); +} +int +socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->username, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp) +{ + return trunnel_string_getstr(&inp->username); +} +int +socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->username, val, len, &inp->trunnel_error_code_); +} +int +socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val) +{ + return socks5_client_userpass_auth_setstr0_username(inp, val, strlen(val)); +} +uint8_t +socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp) +{ + return inp->passwd_len; +} +int +socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val) +{ + inp->passwd_len = val; + return 0; +} +size_t +socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->passwd); +} + +char +socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->passwd, idx); +} + +char +socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx) +{ + return socks5_client_userpass_auth_get_passwd((socks5_client_userpass_auth_t*)inp, idx); +} +int +socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->passwd, idx, elt); + return 0; +} +int +socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->passwd.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->passwd, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp) +{ + return inp->passwd.elts_; +} +const char * +socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp) +{ + return (const char *)socks5_client_userpass_auth_getarray_passwd((socks5_client_userpass_auth_t*)inp); +} +int +socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen) +{ +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->passwd, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp) +{ + return trunnel_string_getstr(&inp->passwd); +} +int +socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len) +{ +#if UINT8_MAX < SIZE_MAX + if (len > UINT8_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->passwd, val, len, &inp->trunnel_error_code_); +} +int +socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val) +{ + return socks5_client_userpass_auth_setstr0_passwd(inp, val, strlen(val)); +} +const char * +socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + if (TRUNNEL_DYNARRAY_LEN(&obj->username) != obj->username_len) + return "Length mismatch for username"; + if (TRUNNEL_DYNARRAY_LEN(&obj->passwd) != obj->passwd_len) + return "Length mismatch for passwd"; + return NULL; +} + +ssize_t +socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_userpass_auth_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u8 username_len */ + result += 1; + + /* Length of char username[username_len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->username); + + /* Length of u8 passwd_len */ + result += 1; + + /* Length of char passwd[passwd_len] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->passwd); + return result; +} +int +socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_client_userpass_auth_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_userpass_auth_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_userpass_auth_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 username_len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->username_len)); + written += 1; ptr += 1; + + /* Encode char username[username_len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->username); + trunnel_assert(obj->username_len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->username.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + /* Encode u8 passwd_len */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->passwd_len)); + written += 1; ptr += 1; + + /* Encode char passwd[passwd_len] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->passwd); + trunnel_assert(obj->passwd_len == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->passwd.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_userpass_auth_parse(), but do not allocate the + * output object. + */ +static ssize_t +socks5_client_userpass_auth_parse_into(socks5_client_userpass_auth_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u8 username_len */ + CHECK_REMAINING(1, truncated); + obj->username_len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char username[username_len] */ + CHECK_REMAINING(obj->username_len, truncated); + if (socks5_client_userpass_auth_setstr0_username(obj, (const char*)ptr, obj->username_len)) + goto fail; + ptr += obj->username_len; remaining -= obj->username_len; + + /* Parse u8 passwd_len */ + CHECK_REMAINING(1, truncated); + obj->passwd_len = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse char passwd[passwd_len] */ + CHECK_REMAINING(obj->passwd_len, truncated); + if (socks5_client_userpass_auth_setstr0_passwd(obj, (const char*)ptr, obj->passwd_len)) + goto fail; + ptr += obj->passwd_len; remaining -= obj->passwd_len; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_userpass_auth_new(); + if (NULL == *output) + return -1; + result = socks5_client_userpass_auth_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_userpass_auth_free(*output); + *output = NULL; + } + return result; +} +socks5_client_version_t * +socks5_client_version_new(void) +{ + socks5_client_version_t *val = trunnel_calloc(1, sizeof(socks5_client_version_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_version_clear(socks5_client_version_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->methods); + TRUNNEL_DYNARRAY_CLEAR(&obj->methods); +} + +void +socks5_client_version_free(socks5_client_version_t *obj) +{ + if (obj == NULL) + return; + socks5_client_version_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_version_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_version_get_version(const socks5_client_version_t *inp) +{ + return inp->version; +} +int +socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_version_get_n_methods(const socks5_client_version_t *inp) +{ + return inp->n_methods; +} +int +socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val) +{ + inp->n_methods = val; + return 0; +} +size_t +socks5_client_version_getlen_methods(const socks5_client_version_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->methods); +} + +uint8_t +socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->methods, idx); +} + +uint8_t +socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx) +{ + return socks5_client_version_get_methods((socks5_client_version_t*)inp, idx); +} +int +socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->methods, idx, elt); + return 0; +} +int +socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt) +{ +#if SIZE_MAX >= UINT8_MAX + if (inp->methods.n_ == UINT8_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->methods, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +uint8_t * +socks5_client_version_getarray_methods(socks5_client_version_t *inp) +{ + return inp->methods.elts_; +} +const uint8_t * +socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp) +{ + return (const uint8_t *)socks5_client_version_getarray_methods((socks5_client_version_t*)inp); +} +int +socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen) +{ + uint8_t *newptr; +#if UINT8_MAX < SIZE_MAX + if (newlen > UINT8_MAX) + goto trunnel_alloc_failed; +#endif + newptr = trunnel_dynarray_setlen(&inp->methods.allocated_, + &inp->methods.n_, inp->methods.elts_, newlen, + sizeof(inp->methods.elts_[0]), (trunnel_free_fn_t) NULL, + &inp->trunnel_error_code_); + if (newlen != 0 && newptr == NULL) + goto trunnel_alloc_failed; + inp->methods.elts_ = newptr; + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +socks5_client_version_check(const socks5_client_version_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (TRUNNEL_DYNARRAY_LEN(&obj->methods) != obj->n_methods) + return "Length mismatch for methods"; + return NULL; +} + +ssize_t +socks5_client_version_encoded_len(const socks5_client_version_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_version_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 n_methods */ + result += 1; + + /* Length of u8 methods[n_methods] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->methods); + return result; +} +int +socks5_client_version_clear_errors(socks5_client_version_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_version_encode(uint8_t *output, const size_t avail, const socks5_client_version_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_version_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_version_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 n_methods */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->n_methods)); + written += 1; ptr += 1; + + /* Encode u8 methods[n_methods] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->methods); + trunnel_assert(obj->n_methods == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->methods.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_version_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_client_version_parse_into(socks5_client_version_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 n_methods */ + CHECK_REMAINING(1, truncated); + obj->n_methods = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u8 methods[n_methods] */ + CHECK_REMAINING(obj->n_methods, truncated); + TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->methods, obj->n_methods, {}); + obj->methods.n_ = obj->n_methods; + if (obj->n_methods) + memcpy(obj->methods.elts_, ptr, obj->n_methods); + ptr += obj->n_methods; remaining -= obj->n_methods; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + trunnel_alloc_failed: + return -1; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_version_new(); + if (NULL == *output) + return -1; + result = socks5_client_version_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_version_free(*output); + *output = NULL; + } + return result; +} +socks5_server_method_t * +socks5_server_method_new(void) +{ + socks5_server_method_t *val = trunnel_calloc(1, sizeof(socks5_server_method_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_method_clear(socks5_server_method_t *obj) +{ + (void) obj; +} + +void +socks5_server_method_free(socks5_server_method_t *obj) +{ + if (obj == NULL) + return; + socks5_server_method_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_method_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_method_get_version(const socks5_server_method_t *inp) +{ + return inp->version; +} +int +socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_method_get_method(const socks5_server_method_t *inp) +{ + return inp->method; +} +int +socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val) +{ + inp->method = val; + return 0; +} +const char * +socks5_server_method_check(const socks5_server_method_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks5_server_method_encoded_len(const socks5_server_method_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_method_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 method */ + result += 1; + return result; +} +int +socks5_server_method_clear_errors(socks5_server_method_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_method_encode(uint8_t *output, const size_t avail, const socks5_server_method_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_method_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_method_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 method */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->method)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_method_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_server_method_parse_into(socks5_server_method_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 method */ + CHECK_REMAINING(1, truncated); + obj->method = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_method_new(); + if (NULL == *output) + return -1; + result = socks5_server_method_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_method_free(*output); + *output = NULL; + } + return result; +} +socks5_server_userpath_auth_t * +socks5_server_userpath_auth_new(void) +{ + socks5_server_userpath_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpath_auth_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_userpath_auth_clear(socks5_server_userpath_auth_t *obj) +{ + (void) obj; +} + +void +socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *obj) +{ + if (obj == NULL) + return; + socks5_server_userpath_auth_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_userpath_auth_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp) +{ + return inp->version; +} +int +socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp) +{ + return inp->status; +} +int +socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val) +{ + inp->status = val; + return 0; +} +const char * +socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_userpath_auth_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u8 status */ + result += 1; + return result; +} +int +socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpath_auth_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_userpath_auth_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_userpath_auth_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 status */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->status)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_userpath_auth_parse(), but do not allocate the + * output object. + */ +static ssize_t +socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u8 status */ + CHECK_REMAINING(1, truncated); + obj->status = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_userpath_auth_new(); + if (NULL == *output) + return -1; + result = socks5_server_userpath_auth_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_userpath_auth_free(*output); + *output = NULL; + } + return result; +} +tor_socksauth_keyval_t * +tor_socksauth_keyval_new(void) +{ + tor_socksauth_keyval_t *val = trunnel_calloc(1, sizeof(tor_socksauth_keyval_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +tor_socksauth_keyval_clear(tor_socksauth_keyval_t *obj) +{ + (void) obj; + TRUNNEL_DYNARRAY_WIPE(&obj->key); + TRUNNEL_DYNARRAY_CLEAR(&obj->key); + TRUNNEL_DYNARRAY_WIPE(&obj->val); + TRUNNEL_DYNARRAY_CLEAR(&obj->val); +} + +void +tor_socksauth_keyval_free(tor_socksauth_keyval_t *obj) +{ + if (obj == NULL) + return; + tor_socksauth_keyval_clear(obj); + trunnel_memwipe(obj, sizeof(tor_socksauth_keyval_t)); + trunnel_free_(obj); +} + +uint16_t +tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp) +{ + return inp->keylen; +} +int +tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val) +{ + inp->keylen = val; + return 0; +} +size_t +tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->key); +} + +char +tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->key, idx); +} + +char +tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx) +{ + return tor_socksauth_keyval_get_key((tor_socksauth_keyval_t*)inp, idx); +} +int +tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->key, idx, elt); + return 0; +} +int +tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt) +{ +#if SIZE_MAX >= UINT16_MAX + if (inp->key.n_ == UINT16_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->key, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp) +{ + return inp->key.elts_; +} +const char * +tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp) +{ + return (const char *)tor_socksauth_keyval_getarray_key((tor_socksauth_keyval_t*)inp); +} +int +tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen) +{ +#if UINT16_MAX < SIZE_MAX + if (newlen > UINT16_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->key, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp) +{ + return trunnel_string_getstr(&inp->key); +} +int +tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len) +{ +#if UINT16_MAX < SIZE_MAX + if (len > UINT16_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->key, val, len, &inp->trunnel_error_code_); +} +int +tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val) +{ + return tor_socksauth_keyval_setstr0_key(inp, val, strlen(val)); +} +uint16_t +tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp) +{ + return inp->vallen; +} +int +tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val) +{ + inp->vallen = val; + return 0; +} +size_t +tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->val); +} + +char +tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->val, idx); +} + +char +tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx) +{ + return tor_socksauth_keyval_get_val((tor_socksauth_keyval_t*)inp, idx); +} +int +tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->val, idx, elt); + return 0; +} +int +tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt) +{ +#if SIZE_MAX >= UINT16_MAX + if (inp->val.n_ == UINT16_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(char, &inp->val, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +char * +tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp) +{ + return inp->val.elts_; +} +const char * +tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp) +{ + return (const char *)tor_socksauth_keyval_getarray_val((tor_socksauth_keyval_t*)inp); +} +int +tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen) +{ +#if UINT16_MAX < SIZE_MAX + if (newlen > UINT16_MAX) + goto trunnel_alloc_failed; +#endif + return trunnel_string_setlen(&inp->val, newlen, + &inp->trunnel_error_code_); + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp) +{ + return trunnel_string_getstr(&inp->val); +} +int +tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len) +{ +#if UINT16_MAX < SIZE_MAX + if (len > UINT16_MAX) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } +#endif + return trunnel_string_setstr0(&inp->val, val, len, &inp->trunnel_error_code_); +} +int +tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val) +{ + return tor_socksauth_keyval_setstr0_val(inp, val, strlen(val)); +} +const char * +tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (TRUNNEL_DYNARRAY_LEN(&obj->key) != obj->keylen) + return "Length mismatch for key"; + if (TRUNNEL_DYNARRAY_LEN(&obj->val) != obj->vallen) + return "Length mismatch for val"; + return NULL; +} + +ssize_t +tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj) +{ + ssize_t result = 0; + + if (NULL != tor_socksauth_keyval_check(obj)) + return -1; + + + /* Length of u16 keylen */ + result += 2; + + /* Length of char key[keylen] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->key); + + /* Length of u16 vallen */ + result += 2; + + /* Length of char val[vallen] */ + result += TRUNNEL_DYNARRAY_LEN(&obj->val); + return result; +} +int +tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +tor_socksauth_keyval_encode(uint8_t *output, const size_t avail, const tor_socksauth_keyval_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = tor_socksauth_keyval_encoded_len(obj); +#endif + + if (NULL != (msg = tor_socksauth_keyval_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u16 keylen */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->keylen)); + written += 2; ptr += 2; + + /* Encode char key[keylen] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->key); + trunnel_assert(obj->keylen == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->key.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + /* Encode u16 vallen */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->vallen)); + written += 2; ptr += 2; + + /* Encode char val[vallen] */ + { + size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->val); + trunnel_assert(obj->vallen == elt_len); + trunnel_assert(written <= avail); + if (avail - written < elt_len) + goto truncated; + if (elt_len) + memcpy(ptr, obj->val.elts_, elt_len); + written += elt_len; ptr += elt_len; + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As tor_socksauth_keyval_parse(), but do not allocate the output + * object. + */ +static ssize_t +tor_socksauth_keyval_parse_into(tor_socksauth_keyval_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u16 keylen */ + CHECK_REMAINING(2, truncated); + obj->keylen = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse char key[keylen] */ + CHECK_REMAINING(obj->keylen, truncated); + if (tor_socksauth_keyval_setstr0_key(obj, (const char*)ptr, obj->keylen)) + goto fail; + ptr += obj->keylen; remaining -= obj->keylen; + + /* Parse u16 vallen */ + CHECK_REMAINING(2, truncated); + obj->vallen = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse char val[vallen] */ + CHECK_REMAINING(obj->vallen, truncated); + if (tor_socksauth_keyval_setstr0_val(obj, (const char*)ptr, obj->vallen)) + goto fail; + ptr += obj->vallen; remaining -= obj->vallen; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = tor_socksauth_keyval_new(); + if (NULL == *output) + return -1; + result = tor_socksauth_keyval_parse_into(*output, input, len_in); + if (result < 0) { + tor_socksauth_keyval_free(*output); + *output = NULL; + } + return result; +} +socks5_client_request_t * +socks5_client_request_new(void) +{ + socks5_client_request_t *val = trunnel_calloc(1, sizeof(socks5_client_request_t)); + if (NULL == val) + return NULL; + val->version = 5; + val->command = CMD_BIND; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_client_request_clear(socks5_client_request_t *obj) +{ + (void) obj; + domainname_free(obj->dest_addr_domainname); + obj->dest_addr_domainname = NULL; +} + +void +socks5_client_request_free(socks5_client_request_t *obj) +{ + if (obj == NULL) + return; + socks5_client_request_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_client_request_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_client_request_get_version(const socks5_client_request_t *inp) +{ + return inp->version; +} +int +socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_client_request_get_command(const socks5_client_request_t *inp) +{ + return inp->command; +} +int +socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->command = val; + return 0; +} +uint8_t +socks5_client_request_get_reserved(const socks5_client_request_t *inp) +{ + return inp->reserved; +} +int +socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; +} +uint8_t +socks5_client_request_get_atype(const socks5_client_request_t *inp) +{ + return inp->atype; +} +int +socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val) +{ + inp->atype = val; + return 0; +} +uint32_t +socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp) +{ + return inp->dest_addr_ipv4; +} +int +socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val) +{ + inp->dest_addr_ipv4 = val; + return 0; +} +size_t +socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp) +{ + (void)inp; return 16; +} + +uint8_t +socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx) +{ + trunnel_assert(idx < 16); + return inp->dest_addr_ipv6[idx]; +} + +uint8_t +socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx) +{ + return socks5_client_request_get_dest_addr_ipv6((socks5_client_request_t*)inp, idx); +} +int +socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt) +{ + trunnel_assert(idx < 16); + inp->dest_addr_ipv6[idx] = elt; + return 0; +} + +uint8_t * +socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp) +{ + return inp->dest_addr_ipv6; +} +const uint8_t * +socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp) +{ + return (const uint8_t *)socks5_client_request_getarray_dest_addr_ipv6((socks5_client_request_t*)inp); +} +struct domainname_st * +socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp) +{ + return inp->dest_addr_domainname; +} +const struct domainname_st * +socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp) +{ + return socks5_client_request_get_dest_addr_domainname((socks5_client_request_t*) inp); +} +int +socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) +{ + if (inp->dest_addr_domainname && inp->dest_addr_domainname != val) + domainname_free(inp->dest_addr_domainname); + return socks5_client_request_set0_dest_addr_domainname(inp, val); +} +int +socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val) +{ + inp->dest_addr_domainname = val; + return 0; +} +uint16_t +socks5_client_request_get_dest_port(const socks5_client_request_t *inp) +{ + return inp->dest_port; +} +int +socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val) +{ + inp->dest_port = val; + return 0; +} +const char * +socks5_client_request_check(const socks5_client_request_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + return "Integer out of bounds"; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->dest_addr_domainname))) + return msg; + } + break; + + default: + return "Bad tag for union"; + break; + } + return NULL; +} + +ssize_t +socks5_client_request_encoded_len(const socks5_client_request_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_client_request_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + result += 1; + + /* Length of u8 reserved IN [0] */ + result += 1; + + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 dest_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 dest_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname dest_addr_domainname */ + result += domainname_encoded_len(obj->dest_addr_domainname); + break; + + default: + trunnel_assert(0); + break; + } + + /* Length of u16 dest_port */ + result += 2; + return result; +} +int +socks5_client_request_clear_errors(socks5_client_request_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_client_request_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_client_request_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_client_request_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->command)); + written += 1; ptr += 1; + + /* Encode u8 reserved IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; + + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union dest_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 dest_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->dest_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 dest_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->dest_addr_ipv6, 16); + written += 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Encode struct domainname dest_addr_domainname */ + trunnel_assert(written <= avail); + result = domainname_encode(ptr, avail - written, obj->dest_addr_domainname); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + break; + + default: + trunnel_assert(0); + break; + } + + /* Encode u16 dest_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->dest_port)); + written += 2; ptr += 2; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_client_request_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + CHECK_REMAINING(1, truncated); + obj->command = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + goto fail; + + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; + + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union dest_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 dest_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->dest_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 dest_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->dest_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname dest_addr_domainname */ + result = domainname_parse(&obj->dest_addr_domainname, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + break; + + default: + goto fail; + break; + } + + /* Parse u16 dest_port */ + CHECK_REMAINING(2, truncated); + obj->dest_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + fail: + result = -1; + return result; +} + +ssize_t +socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_client_request_new(); + if (NULL == *output) + return -1; + result = socks5_client_request_parse_into(*output, input, len_in); + if (result < 0) { + socks5_client_request_free(*output); + *output = NULL; + } + return result; +} +socks5_server_reply_t * +socks5_server_reply_new(void) +{ + socks5_server_reply_t *val = trunnel_calloc(1, sizeof(socks5_server_reply_t)); + if (NULL == val) + return NULL; + val->version = 5; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +socks5_server_reply_clear(socks5_server_reply_t *obj) +{ + (void) obj; + domainname_free(obj->bind_addr_domainname); + obj->bind_addr_domainname = NULL; +} + +void +socks5_server_reply_free(socks5_server_reply_t *obj) +{ + if (obj == NULL) + return; + socks5_server_reply_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_reply_t)); + trunnel_free_(obj); +} + +uint8_t +socks5_server_reply_get_version(const socks5_server_reply_t *inp) +{ + return inp->version; +} +int +socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 5))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +socks5_server_reply_get_reply(const socks5_server_reply_t *inp) +{ + return inp->reply; +} +int +socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val) +{ + inp->reply = val; + return 0; +} +uint8_t +socks5_server_reply_get_reserved(const socks5_server_reply_t *inp) +{ + return inp->reserved; +} +int +socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->reserved = val; + return 0; +} +uint8_t +socks5_server_reply_get_atype(const socks5_server_reply_t *inp) +{ + return inp->atype; +} +int +socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val) +{ + inp->atype = val; + return 0; +} +uint32_t +socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp) +{ + return inp->bind_addr_ipv4; +} +int +socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val) +{ + inp->bind_addr_ipv4 = val; + return 0; +} +size_t +socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp) +{ + (void)inp; return 16; +} + +uint8_t +socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx) +{ + trunnel_assert(idx < 16); + return inp->bind_addr_ipv6[idx]; +} + +uint8_t +socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx) +{ + return socks5_server_reply_get_bind_addr_ipv6((socks5_server_reply_t*)inp, idx); +} +int +socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt) +{ + trunnel_assert(idx < 16); + inp->bind_addr_ipv6[idx] = elt; + return 0; +} + +uint8_t * +socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp) +{ + return inp->bind_addr_ipv6; +} +const uint8_t * +socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp) +{ + return (const uint8_t *)socks5_server_reply_getarray_bind_addr_ipv6((socks5_server_reply_t*)inp); +} +struct domainname_st * +socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp) +{ + return inp->bind_addr_domainname; +} +const struct domainname_st * +socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp) +{ + return socks5_server_reply_get_bind_addr_domainname((socks5_server_reply_t*) inp); +} +int +socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) +{ + if (inp->bind_addr_domainname && inp->bind_addr_domainname != val) + domainname_free(inp->bind_addr_domainname); + return socks5_server_reply_set0_bind_addr_domainname(inp, val); +} +int +socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val) +{ + inp->bind_addr_domainname = val; + return 0; +} +uint16_t +socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp) +{ + return inp->bind_port; +} +int +socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val) +{ + inp->bind_port = val; + return 0; +} +const char * +socks5_server_reply_check(const socks5_server_reply_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 5)) + return "Integer out of bounds"; + if (! (obj->reserved == 0)) + return "Integer out of bounds"; + switch (obj->atype) { + + case ATYPE_IPV4: + break; + + case ATYPE_IPV6: + break; + + case ATYPE_DOMAINNAME: + { + const char *msg; + if (NULL != (msg = domainname_check(obj->bind_addr_domainname))) + return msg; + } + break; + + default: + return "Bad tag for union"; + break; + } + return NULL; +} + +ssize_t +socks5_server_reply_encoded_len(const socks5_server_reply_t *obj) +{ + ssize_t result = 0; + + if (NULL != socks5_server_reply_check(obj)) + return -1; + + + /* Length of u8 version IN [5] */ + result += 1; + + /* Length of u8 reply */ + result += 1; + + /* Length of u8 reserved IN [0] */ + result += 1; + + /* Length of u8 atype */ + result += 1; + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Length of u32 bind_addr_ipv4 */ + result += 4; + break; + + case ATYPE_IPV6: + + /* Length of u8 bind_addr_ipv6[16] */ + result += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Length of struct domainname bind_addr_domainname */ + result += domainname_encoded_len(obj->bind_addr_domainname); + break; + + default: + trunnel_assert(0); + break; + } + + /* Length of u16 bind_port */ + result += 2; + return result; +} +int +socks5_server_reply_clear_errors(socks5_server_reply_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +socks5_server_reply_encode(uint8_t *output, const size_t avail, const socks5_server_reply_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = socks5_server_reply_encoded_len(obj); +#endif + + if (NULL != (msg = socks5_server_reply_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [5] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 reply */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reply)); + written += 1; ptr += 1; + + /* Encode u8 reserved IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->reserved)); + written += 1; ptr += 1; + + /* Encode u8 atype */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->atype)); + written += 1; ptr += 1; + + /* Encode union bind_addr[atype] */ + trunnel_assert(written <= avail); + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Encode u32 bind_addr_ipv4 */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->bind_addr_ipv4)); + written += 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Encode u8 bind_addr_ipv6[16] */ + trunnel_assert(written <= avail); + if (avail - written < 16) + goto truncated; + memcpy(ptr, obj->bind_addr_ipv6, 16); + written += 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Encode struct domainname bind_addr_domainname */ + trunnel_assert(written <= avail); + result = domainname_encode(ptr, avail - written, obj->bind_addr_domainname); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + break; + + default: + trunnel_assert(0); + break; + } + + /* Encode u16 bind_port */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->bind_port)); + written += 2; ptr += 2; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As socks5_server_reply_parse(), but do not allocate the output + * object. + */ +static ssize_t +socks5_server_reply_parse_into(socks5_server_reply_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [5] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 5)) + goto fail; + + /* Parse u8 reply */ + CHECK_REMAINING(1, truncated); + obj->reply = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u8 reserved IN [0] */ + CHECK_REMAINING(1, truncated); + obj->reserved = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->reserved == 0)) + goto fail; + + /* Parse u8 atype */ + CHECK_REMAINING(1, truncated); + obj->atype = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse union bind_addr[atype] */ + switch (obj->atype) { + + case ATYPE_IPV4: + + /* Parse u32 bind_addr_ipv4 */ + CHECK_REMAINING(4, truncated); + obj->bind_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + break; + + case ATYPE_IPV6: + + /* Parse u8 bind_addr_ipv6[16] */ + CHECK_REMAINING(16, truncated); + memcpy(obj->bind_addr_ipv6, ptr, 16); + remaining -= 16; ptr += 16; + break; + + case ATYPE_DOMAINNAME: + + /* Parse struct domainname bind_addr_domainname */ + result = domainname_parse(&obj->bind_addr_domainname, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + break; + + default: + goto fail; + break; + } + + /* Parse u16 bind_port */ + CHECK_REMAINING(2, truncated); + obj->bind_port = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + fail: + result = -1; + return result; +} + +ssize_t +socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = socks5_server_reply_new(); + if (NULL == *output) + return -1; + result = socks5_server_reply_parse_into(*output, input, len_in); + if (result < 0) { + socks5_server_reply_free(*output); + *output = NULL; + } + return result; +} +tor_extended_socks_auth_request_t * +tor_extended_socks_auth_request_new(void) +{ + tor_extended_socks_auth_request_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_request_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +tor_extended_socks_auth_request_clear(tor_extended_socks_auth_request_t *obj) +{ + (void) obj; + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + } + } + TRUNNEL_DYNARRAY_WIPE(&obj->pairs); + TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); +} + +void +tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *obj) +{ + if (obj == NULL) + return; + tor_extended_socks_auth_request_clear(obj); + trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_request_t)); + trunnel_free_(obj); +} + +uint8_t +tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp) +{ + return inp->version; +} +int +tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint16_t +tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp) +{ + return inp->npairs; +} +int +tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val) +{ + inp->npairs = val; + return 0; +} +size_t +tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->pairs); +} + +struct tor_socksauth_keyval_st * +tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); +} + + const struct tor_socksauth_keyval_st * +tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx) +{ + return tor_extended_socks_auth_request_get_pairs((tor_extended_socks_auth_request_t*)inp, idx); +} +int +tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) +{ + tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); + if (oldval && oldval != elt) + tor_socksauth_keyval_free(oldval); + return tor_extended_socks_auth_request_set0_pairs(inp, idx, elt); +} +int +tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); + return 0; +} +int +tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt) +{ +#if SIZE_MAX >= UINT16_MAX + if (inp->pairs.n_ == UINT16_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +struct tor_socksauth_keyval_st * * +tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp) +{ + return inp->pairs.elts_; +} +const struct tor_socksauth_keyval_st * const * +tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp) +{ + return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_request_getarray_pairs((tor_extended_socks_auth_request_t*)inp); +} +int +tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen) +{ + struct tor_socksauth_keyval_st * *newptr; +#if UINT16_MAX < SIZE_MAX + if (newlen > UINT16_MAX) + goto trunnel_alloc_failed; +#endif + newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, + &inp->pairs.n_, inp->pairs.elts_, newlen, + sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, + &inp->trunnel_error_code_); + if (newlen != 0 && newptr == NULL) + goto trunnel_alloc_failed; + inp->pairs.elts_ = newptr; + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + { + const char *msg; + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) + return msg; + } + } + if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) + return "Length mismatch for pairs"; + return NULL; +} + +ssize_t +tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj) +{ + ssize_t result = 0; + + if (NULL != tor_extended_socks_auth_request_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u16 npairs */ + result += 2; + + /* Length of struct tor_socksauth_keyval pairs[npairs] */ + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + } + } + return result; +} +int +tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +tor_extended_socks_auth_request_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_request_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = tor_extended_socks_auth_request_encoded_len(obj); +#endif + + if (NULL != (msg = tor_extended_socks_auth_request_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u16 npairs */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); + written += 2; ptr += 2; + + /* Encode struct tor_socksauth_keyval pairs[npairs] */ + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + trunnel_assert(written <= avail); + result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + } + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As tor_extended_socks_auth_request_parse(), but do not allocate + * the output object. + */ +static ssize_t +tor_extended_socks_auth_request_parse_into(tor_extended_socks_auth_request_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u16 npairs */ + CHECK_REMAINING(2, truncated); + obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse struct tor_socksauth_keyval pairs[npairs] */ + TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); + { + tor_socksauth_keyval_t * elt; + unsigned idx; + for (idx = 0; idx < obj->npairs; ++idx) { + result = tor_socksauth_keyval_parse(&elt, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); + } + } + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + trunnel_alloc_failed: + return -1; + fail: + result = -1; + return result; +} + +ssize_t +tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = tor_extended_socks_auth_request_new(); + if (NULL == *output) + return -1; + result = tor_extended_socks_auth_request_parse_into(*output, input, len_in); + if (result < 0) { + tor_extended_socks_auth_request_free(*output); + *output = NULL; + } + return result; +} +tor_extended_socks_auth_response_t * +tor_extended_socks_auth_response_new(void) +{ + tor_extended_socks_auth_response_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_response_t)); + if (NULL == val) + return NULL; + val->version = 1; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +tor_extended_socks_auth_response_clear(tor_extended_socks_auth_response_t *obj) +{ + (void) obj; + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + } + } + TRUNNEL_DYNARRAY_WIPE(&obj->pairs); + TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); +} + +void +tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *obj) +{ + if (obj == NULL) + return; + tor_extended_socks_auth_response_clear(obj); + trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_response_t)); + trunnel_free_(obj); +} + +uint8_t +tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp) +{ + return inp->version; +} +int +tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val) +{ + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint8_t +tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp) +{ + return inp->status; +} +int +tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val) +{ + inp->status = val; + return 0; +} +uint16_t +tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp) +{ + return inp->npairs; +} +int +tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val) +{ + inp->npairs = val; + return 0; +} +size_t +tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp) +{ + return TRUNNEL_DYNARRAY_LEN(&inp->pairs); +} + +struct tor_socksauth_keyval_st * +tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx) +{ + return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); +} + + const struct tor_socksauth_keyval_st * +tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx) +{ + return tor_extended_socks_auth_response_get_pairs((tor_extended_socks_auth_response_t*)inp, idx); +} +int +tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) +{ + tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); + if (oldval && oldval != elt) + tor_socksauth_keyval_free(oldval); + return tor_extended_socks_auth_response_set0_pairs(inp, idx, elt); +} +int +tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) +{ + TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); + return 0; +} +int +tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt) +{ +#if SIZE_MAX >= UINT16_MAX + if (inp->pairs.n_ == UINT16_MAX) + goto trunnel_alloc_failed; +#endif + TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} + +struct tor_socksauth_keyval_st * * +tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp) +{ + return inp->pairs.elts_; +} +const struct tor_socksauth_keyval_st * const * +tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp) +{ + return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_response_getarray_pairs((tor_extended_socks_auth_response_t*)inp); +} +int +tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen) +{ + struct tor_socksauth_keyval_st * *newptr; +#if UINT16_MAX < SIZE_MAX + if (newlen > UINT16_MAX) + goto trunnel_alloc_failed; +#endif + newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, + &inp->pairs.n_, inp->pairs.elts_, newlen, + sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, + &inp->trunnel_error_code_); + if (newlen != 0 && newptr == NULL) + goto trunnel_alloc_failed; + inp->pairs.elts_ = newptr; + return 0; + trunnel_alloc_failed: + TRUNNEL_SET_ERROR_CODE(inp); + return -1; +} +const char * +tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 1)) + return "Integer out of bounds"; + { + const char *msg; + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) + return msg; + } + } + if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) + return "Length mismatch for pairs"; + return NULL; +} + +ssize_t +tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj) +{ + ssize_t result = 0; + + if (NULL != tor_extended_socks_auth_response_check(obj)) + return -1; + + + /* Length of u8 version IN [1] */ + result += 1; + + /* Length of u8 status */ + result += 1; + + /* Length of u16 npairs */ + result += 2; + + /* Length of struct tor_socksauth_keyval pairs[npairs] */ + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + } + } + return result; +} +int +tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +tor_extended_socks_auth_response_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_response_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = tor_extended_socks_auth_response_encoded_len(obj); +#endif + + if (NULL != (msg = tor_extended_socks_auth_response_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u8 status */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->status)); + written += 1; ptr += 1; + + /* Encode u16 npairs */ + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); + written += 2; ptr += 2; + + /* Encode struct tor_socksauth_keyval pairs[npairs] */ + { + + unsigned idx; + for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { + trunnel_assert(written <= avail); + result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); + if (result < 0) + goto fail; /* XXXXXXX !*/ + written += result; ptr += result; + } + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As tor_extended_socks_auth_response_parse(), but do not allocate + * the output object. + */ +static ssize_t +tor_extended_socks_auth_response_parse_into(tor_extended_socks_auth_response_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 1)) + goto fail; + + /* Parse u8 status */ + CHECK_REMAINING(1, truncated); + obj->status = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u16 npairs */ + CHECK_REMAINING(2, truncated); + obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + + /* Parse struct tor_socksauth_keyval pairs[npairs] */ + TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); + { + tor_socksauth_keyval_t * elt; + unsigned idx; + for (idx = 0; idx < obj->npairs; ++idx) { + result = tor_socksauth_keyval_parse(&elt, ptr, remaining); + if (result < 0) + goto relay_fail; + trunnel_assert((size_t)result <= remaining); + remaining -= result; ptr += result; + TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); + } + } + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + relay_fail: + trunnel_assert(result < 0); + return result; + trunnel_alloc_failed: + return -1; + fail: + result = -1; + return result; +} + +ssize_t +tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = tor_extended_socks_auth_response_new(); + if (NULL == *output) + return -1; + result = tor_extended_socks_auth_response_parse_into(*output, input, len_in); + if (result < 0) { + tor_extended_socks_auth_response_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h new file mode 100644 index 0000000000..fb3c03160a --- /dev/null +++ b/src/trunnel/socks5.h @@ -0,0 +1,1370 @@ +/* socks5.h -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_SOCKS5_H +#define TRUNNEL_SOCKS5_H + +#include +#include "trunnel.h" + +#define CMD_CONNECT 1 +#define CMD_BIND 2 +#define CMD_UDP_ASSOCIATE 3 +#define CMD_RESOLVE_PTR 241 +#define ATYPE_IPV4 1 +#define ATYPE_IPV6 4 +#define ATYPE_DOMAINNAME 3 +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_DOMAINNAME) +struct domainname_st { + uint8_t len; + trunnel_string_t name; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct domainname_st domainname_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_CLIENT_REQUEST) +struct socks4_client_request_st { + uint8_t version; + uint8_t command; + uint16_t port; + uint32_t addr; + char *username; + char *socks4a_addr_hostname; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks4_client_request_st socks4_client_request_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_SERVER_REPLY) +struct socks4_server_reply_st { + uint8_t version; + uint8_t status; + uint16_t port; + uint32_t addr; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks4_server_reply_st socks4_server_reply_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_USERPASS_AUTH) +struct socks5_client_userpass_auth_st { + uint8_t version; + uint8_t username_len; + trunnel_string_t username; + uint8_t passwd_len; + trunnel_string_t passwd; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_userpass_auth_st socks5_client_userpass_auth_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_VERSION) +struct socks5_client_version_st { + uint8_t version; + uint8_t n_methods; + TRUNNEL_DYNARRAY_HEAD(, uint8_t) methods; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_version_st socks5_client_version_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_METHOD) +struct socks5_server_method_st { + uint8_t version; + uint8_t method; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_method_st socks5_server_method_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPATH_AUTH) +struct socks5_server_userpath_auth_st { + uint8_t version; + uint8_t status; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_userpath_auth_st socks5_server_userpath_auth_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL) +struct tor_socksauth_keyval_st { + uint16_t keylen; + trunnel_string_t key; + uint16_t vallen; + trunnel_string_t val; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct tor_socksauth_keyval_st tor_socksauth_keyval_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_REQUEST) +struct socks5_client_request_st { + uint8_t version; + uint8_t command; + uint8_t reserved; + uint8_t atype; + uint32_t dest_addr_ipv4; + uint8_t dest_addr_ipv6[16]; + struct domainname_st *dest_addr_domainname; + uint16_t dest_port; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_client_request_st socks5_client_request_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_REPLY) +struct socks5_server_reply_st { + uint8_t version; + uint8_t reply; + uint8_t reserved; + uint8_t atype; + uint32_t bind_addr_ipv4; + uint8_t bind_addr_ipv6[16]; + struct domainname_st *bind_addr_domainname; + uint16_t bind_port; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct socks5_server_reply_st socks5_server_reply_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_REQUEST) +struct tor_extended_socks_auth_request_st { + uint8_t version; + uint16_t npairs; + TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct tor_extended_socks_auth_request_st tor_extended_socks_auth_request_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_RESPONSE) +struct tor_extended_socks_auth_response_st { + uint8_t version; + uint8_t status; + uint16_t npairs; + TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct tor_extended_socks_auth_response_st tor_extended_socks_auth_response_t; +/** Return a newly allocated domainname with all elements set to zero. + */ +domainname_t *domainname_new(void); +/** Release all storage held by the domainname in 'victim'. (Do + * nothing if 'victim' is NULL.) + */ +void domainname_free(domainname_t *victim); +/** Try to parse a domainname from the buffer in 'input', using up to + * 'len_in' bytes from the input buffer. On success, return the number + * of bytes consumed and set *output to the newly allocated + * domainname_t. On failure, return -2 if the input appears truncated, + * and -1 if the input is otherwise invalid. + */ +ssize_t domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * domainname in 'obj'. On failure, return a negative value. Note that + * this value may be an overestimate, and can even be an underestimate + * for certain unencodeable objects. + */ +ssize_t domainname_encoded_len(const domainname_t *obj); +/** Try to encode the domainname from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t domainname_encode(uint8_t *output, size_t avail, const domainname_t *input); +/** Check whether the internal state of the domainname in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *domainname_check(const domainname_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int domainname_clear_errors(domainname_t *obj); +/** Return the value of the len field of the domainname_t in 'inp' + */ +uint8_t domainname_get_len(const domainname_t *inp); +/** Set the value of the len field of the domainname_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int domainname_set_len(domainname_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the name field of + * the domainname_t in 'inp'. + */ +size_t domainname_getlen_name(const domainname_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * name of the domainname_t in 'inp'. + */ +char domainname_get_name(domainname_t *inp, size_t idx); +/** As domainname_get_name, but take and return a const pointer + */ +char domainname_getconst_name(const domainname_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * name of the domainname_t in 'inp', so that it will hold the value + * 'elt'. + */ +int domainname_set_name(domainname_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field name of the + * domainname_t in 'inp'. + */ +int domainname_add_name(domainname_t *inp, char elt); +/** Return a pointer to the variable-length array field name of 'inp'. + */ +char * domainname_getarray_name(domainname_t *inp); +/** As domainname_get_name, but take and return a const pointer + */ +const char * domainname_getconstarray_name(const domainname_t *inp); +/** Change the length of the variable-length array field name of 'inp' + * to 'newlen'.Fill extra elements with 0. Return 0 on success; return + * -1 and set the error code on 'inp' on failure. + */ +int domainname_setlen_name(domainname_t *inp, size_t newlen); +/** Return the value of the name field of a domainname_t as a NUL- + * terminated string. + */ +const char * domainname_getstr_name(domainname_t *inp); +/** Set the value of the name field of a domainname_t to a given + * string of length 'len'. Return 0 on success; return -1 and set the + * error code on 'inp' on failure. + */ +int domainname_setstr0_name(domainname_t *inp, const char *val, size_t len); +/** Set the value of the name field of a domainname_t to a given NUL- + * terminated string. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int domainname_setstr_name(domainname_t *inp, const char *val); +/** Return a newly allocated socks4_client_request with all elements + * set to zero. + */ +socks4_client_request_t *socks4_client_request_new(void); +/** Release all storage held by the socks4_client_request in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks4_client_request_free(socks4_client_request_t *victim); +/** Try to parse a socks4_client_request from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks4_client_request_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks4_client_request in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks4_client_request_encoded_len(const socks4_client_request_t *obj); +/** Try to encode the socks4_client_request from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks4_client_request_encode(uint8_t *output, size_t avail, const socks4_client_request_t *input); +/** Check whether the internal state of the socks4_client_request in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks4_client_request_check(const socks4_client_request_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks4_client_request_clear_errors(socks4_client_request_t *obj); +/** Return the value of the version field of the + * socks4_client_request_t in 'inp' + */ +uint8_t socks4_client_request_get_version(const socks4_client_request_t *inp); +/** Set the value of the version field of the socks4_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val); +/** Return the value of the command field of the + * socks4_client_request_t in 'inp' + */ +uint8_t socks4_client_request_get_command(const socks4_client_request_t *inp); +/** Set the value of the command field of the socks4_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val); +/** Return the value of the port field of the socks4_client_request_t + * in 'inp' + */ +uint16_t socks4_client_request_get_port(const socks4_client_request_t *inp); +/** Set the value of the port field of the socks4_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val); +/** Return the value of the addr field of the socks4_client_request_t + * in 'inp' + */ +uint32_t socks4_client_request_get_addr(const socks4_client_request_t *inp); +/** Set the value of the addr field of the socks4_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val); +/** Return the value of the username field of the + * socks4_client_request_t in 'inp' + */ +const char * socks4_client_request_get_username(const socks4_client_request_t *inp); +/** Set the value of the username field of the socks4_client_request_t + * in 'inp' to 'val'. Free the old value if any. Does not steal the + * reference to 'val'.Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_client_request_set_username(socks4_client_request_t *inp, const char *val); +/** Return the value of the socks4a_addr_hostname field of the + * socks4_client_request_t in 'inp' + */ +const char * socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp); +/** Set the value of the socks4a_addr_hostname field of the + * socks4_client_request_t in 'inp' to 'val'. Free the old value if + * any. Does not steal the reference to 'val'.Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val); +/** Return a newly allocated socks4_server_reply with all elements set + * to zero. + */ +socks4_server_reply_t *socks4_server_reply_new(void); +/** Release all storage held by the socks4_server_reply in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks4_server_reply_free(socks4_server_reply_t *victim); +/** Try to parse a socks4_server_reply from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks4_server_reply_t. On failure, return -2 if the input + * appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks4_server_reply in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks4_server_reply_encoded_len(const socks4_server_reply_t *obj); +/** Try to encode the socks4_server_reply from 'input' into the buffer + * at 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks4_server_reply_encode(uint8_t *output, size_t avail, const socks4_server_reply_t *input); +/** Check whether the internal state of the socks4_server_reply in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks4_server_reply_check(const socks4_server_reply_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks4_server_reply_clear_errors(socks4_server_reply_t *obj); +/** Return the value of the version field of the socks4_server_reply_t + * in 'inp' + */ +uint8_t socks4_server_reply_get_version(const socks4_server_reply_t *inp); +/** Set the value of the version field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val); +/** Return the value of the status field of the socks4_server_reply_t + * in 'inp' + */ +uint8_t socks4_server_reply_get_status(const socks4_server_reply_t *inp); +/** Set the value of the status field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val); +/** Return the value of the port field of the socks4_server_reply_t in + * 'inp' + */ +uint16_t socks4_server_reply_get_port(const socks4_server_reply_t *inp); +/** Set the value of the port field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val); +/** Return the value of the addr field of the socks4_server_reply_t in + * 'inp' + */ +uint32_t socks4_server_reply_get_addr(const socks4_server_reply_t *inp); +/** Set the value of the addr field of the socks4_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val); +/** Return a newly allocated socks5_client_userpass_auth with all + * elements set to zero. + */ +socks5_client_userpass_auth_t *socks5_client_userpass_auth_new(void); +/** Release all storage held by the socks5_client_userpass_auth in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *victim); +/** Try to parse a socks5_client_userpass_auth from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated socks5_client_userpass_auth_t. On failure, return + * -2 if the input appears truncated, and -1 if the input is otherwise + * invalid. + */ +ssize_t socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_userpass_auth in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj); +/** Try to encode the socks5_client_userpass_auth from 'input' into + * the buffer at 'output', using up to 'avail' bytes of the output + * buffer. On success, return the number of bytes used. On failure, + * return -2 if the buffer was not long enough, and -1 if the input + * was invalid. + */ +ssize_t socks5_client_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_client_userpass_auth_t *input); +/** Check whether the internal state of the + * socks5_client_userpass_auth in 'obj' is consistent. Return NULL if + * it is, and a short message if it is not. + */ +const char *socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj); +/** Return the value of the version field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp); +/** Set the value of the version field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the value of the username_len field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp); +/** Set the value of the username_len field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the username field + * of the socks5_client_userpass_auth_t in 'inp'. + */ +size_t socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * username of the socks5_client_userpass_auth_t in 'inp'. + */ +char socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx); +/** As socks5_client_userpass_auth_get_username, but take and return a + * const pointer + */ +char socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * username of the socks5_client_userpass_auth_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field username of + * the socks5_client_userpass_auth_t in 'inp'. + */ +int socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt); +/** Return a pointer to the variable-length array field username of + * 'inp'. + */ +char * socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp); +/** As socks5_client_userpass_auth_get_username, but take and return a + * const pointer + */ +const char * socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp); +/** Change the length of the variable-length array field username of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen); +/** Return the value of the username field of a + * socks5_client_userpass_auth_t as a NUL-terminated string. + */ +const char * socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp); +/** Set the value of the username field of a + * socks5_client_userpass_auth_t to a given string of length 'len'. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len); +/** Set the value of the username field of a + * socks5_client_userpass_auth_t to a given NUL-terminated string. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val); +/** Return the value of the passwd_len field of the + * socks5_client_userpass_auth_t in 'inp' + */ +uint8_t socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp); +/** Set the value of the passwd_len field of the + * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the passwd field of + * the socks5_client_userpass_auth_t in 'inp'. + */ +size_t socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * passwd of the socks5_client_userpass_auth_t in 'inp'. + */ +char socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx); +/** As socks5_client_userpass_auth_get_passwd, but take and return a + * const pointer + */ +char socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * passwd of the socks5_client_userpass_auth_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field passwd of + * the socks5_client_userpass_auth_t in 'inp'. + */ +int socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt); +/** Return a pointer to the variable-length array field passwd of + * 'inp'. + */ +char * socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp); +/** As socks5_client_userpass_auth_get_passwd, but take and return a + * const pointer + */ +const char * socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp); +/** Change the length of the variable-length array field passwd of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen); +/** Return the value of the passwd field of a + * socks5_client_userpass_auth_t as a NUL-terminated string. + */ +const char * socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp); +/** Set the value of the passwd field of a + * socks5_client_userpass_auth_t to a given string of length 'len'. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len); +/** Set the value of the passwd field of a + * socks5_client_userpass_auth_t to a given NUL-terminated string. + * Return 0 on success; return -1 and set the error code on 'inp' on + * failure. + */ +int socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val); +/** Return a newly allocated socks5_client_version with all elements + * set to zero. + */ +socks5_client_version_t *socks5_client_version_new(void); +/** Release all storage held by the socks5_client_version in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_client_version_free(socks5_client_version_t *victim); +/** Try to parse a socks5_client_version from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_client_version_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_version in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_version_encoded_len(const socks5_client_version_t *obj); +/** Try to encode the socks5_client_version from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_client_version_encode(uint8_t *output, size_t avail, const socks5_client_version_t *input); +/** Check whether the internal state of the socks5_client_version in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_client_version_check(const socks5_client_version_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_version_clear_errors(socks5_client_version_t *obj); +/** Return the value of the version field of the + * socks5_client_version_t in 'inp' + */ +uint8_t socks5_client_version_get_version(const socks5_client_version_t *inp); +/** Set the value of the version field of the socks5_client_version_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val); +/** Return the value of the n_methods field of the + * socks5_client_version_t in 'inp' + */ +uint8_t socks5_client_version_get_n_methods(const socks5_client_version_t *inp); +/** Set the value of the n_methods field of the + * socks5_client_version_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the methods field + * of the socks5_client_version_t in 'inp'. + */ +size_t socks5_client_version_getlen_methods(const socks5_client_version_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * methods of the socks5_client_version_t in 'inp'. + */ +uint8_t socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx); +/** As socks5_client_version_get_methods, but take and return a const + * pointer + */ +uint8_t socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * methods of the socks5_client_version_t in 'inp', so that it will + * hold the value 'elt'. + */ +int socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt); +/** Append a new element 'elt' to the dynamic array field methods of + * the socks5_client_version_t in 'inp'. + */ +int socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt); +/** Return a pointer to the variable-length array field methods of + * 'inp'. + */ +uint8_t * socks5_client_version_getarray_methods(socks5_client_version_t *inp); +/** As socks5_client_version_get_methods, but take and return a const + * pointer + */ +const uint8_t * socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp); +/** Change the length of the variable-length array field methods of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen); +/** Return a newly allocated socks5_server_method with all elements + * set to zero. + */ +socks5_server_method_t *socks5_server_method_new(void); +/** Release all storage held by the socks5_server_method in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_server_method_free(socks5_server_method_t *victim); +/** Try to parse a socks5_server_method from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_server_method_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_method in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_method_encoded_len(const socks5_server_method_t *obj); +/** Try to encode the socks5_server_method from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_server_method_encode(uint8_t *output, size_t avail, const socks5_server_method_t *input); +/** Check whether the internal state of the socks5_server_method in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_server_method_check(const socks5_server_method_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_method_clear_errors(socks5_server_method_t *obj); +/** Return the value of the version field of the + * socks5_server_method_t in 'inp' + */ +uint8_t socks5_server_method_get_version(const socks5_server_method_t *inp); +/** Set the value of the version field of the socks5_server_method_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val); +/** Return the value of the method field of the socks5_server_method_t + * in 'inp' + */ +uint8_t socks5_server_method_get_method(const socks5_server_method_t *inp); +/** Set the value of the method field of the socks5_server_method_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val); +/** Return a newly allocated socks5_server_userpath_auth with all + * elements set to zero. + */ +socks5_server_userpath_auth_t *socks5_server_userpath_auth_new(void); +/** Release all storage held by the socks5_server_userpath_auth in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *victim); +/** Try to parse a socks5_server_userpath_auth from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated socks5_server_userpath_auth_t. On failure, return + * -2 if the input appears truncated, and -1 if the input is otherwise + * invalid. + */ +ssize_t socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_userpath_auth in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj); +/** Try to encode the socks5_server_userpath_auth from 'input' into + * the buffer at 'output', using up to 'avail' bytes of the output + * buffer. On success, return the number of bytes used. On failure, + * return -2 if the buffer was not long enough, and -1 if the input + * was invalid. + */ +ssize_t socks5_server_userpath_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpath_auth_t *input); +/** Check whether the internal state of the + * socks5_server_userpath_auth in 'obj' is consistent. Return NULL if + * it is, and a short message if it is not. + */ +const char *socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj); +/** Return the value of the version field of the + * socks5_server_userpath_auth_t in 'inp' + */ +uint8_t socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp); +/** Set the value of the version field of the + * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val); +/** Return the value of the status field of the + * socks5_server_userpath_auth_t in 'inp' + */ +uint8_t socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp); +/** Set the value of the status field of the + * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val); +/** Return a newly allocated tor_socksauth_keyval with all elements + * set to zero. + */ +tor_socksauth_keyval_t *tor_socksauth_keyval_new(void); +/** Release all storage held by the tor_socksauth_keyval in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void tor_socksauth_keyval_free(tor_socksauth_keyval_t *victim); +/** Try to parse a tor_socksauth_keyval from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated tor_socksauth_keyval_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * tor_socksauth_keyval in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj); +/** Try to encode the tor_socksauth_keyval from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t tor_socksauth_keyval_encode(uint8_t *output, size_t avail, const tor_socksauth_keyval_t *input); +/** Check whether the internal state of the tor_socksauth_keyval in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj); +/** Return the value of the keylen field of the tor_socksauth_keyval_t + * in 'inp' + */ +uint16_t tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp); +/** Set the value of the keylen field of the tor_socksauth_keyval_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val); +/** Return the length of the dynamic array holding the key field of + * the tor_socksauth_keyval_t in 'inp'. + */ +size_t tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * key of the tor_socksauth_keyval_t in 'inp'. + */ +char tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx); +/** As tor_socksauth_keyval_get_key, but take and return a const + * pointer + */ +char tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * key of the tor_socksauth_keyval_t in 'inp', so that it will hold + * the value 'elt'. + */ +int tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field key of the + * tor_socksauth_keyval_t in 'inp'. + */ +int tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt); +/** Return a pointer to the variable-length array field key of 'inp'. + */ +char * tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp); +/** As tor_socksauth_keyval_get_key, but take and return a const + * pointer + */ +const char * tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp); +/** Change the length of the variable-length array field key of 'inp' + * to 'newlen'.Fill extra elements with 0. Return 0 on success; return + * -1 and set the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen); +/** Return the value of the key field of a tor_socksauth_keyval_t as a + * NUL-terminated string. + */ +const char * tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp); +/** Set the value of the key field of a tor_socksauth_keyval_t to a + * given string of length 'len'. Return 0 on success; return -1 and + * set the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len); +/** Set the value of the key field of a tor_socksauth_keyval_t to a + * given NUL-terminated string. Return 0 on success; return -1 and set + * the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val); +/** Return the value of the vallen field of the tor_socksauth_keyval_t + * in 'inp' + */ +uint16_t tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp); +/** Set the value of the vallen field of the tor_socksauth_keyval_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val); +/** Return the length of the dynamic array holding the val field of + * the tor_socksauth_keyval_t in 'inp'. + */ +size_t tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * val of the tor_socksauth_keyval_t in 'inp'. + */ +char tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx); +/** As tor_socksauth_keyval_get_val, but take and return a const + * pointer + */ +char tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * val of the tor_socksauth_keyval_t in 'inp', so that it will hold + * the value 'elt'. + */ +int tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt); +/** Append a new element 'elt' to the dynamic array field val of the + * tor_socksauth_keyval_t in 'inp'. + */ +int tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt); +/** Return a pointer to the variable-length array field val of 'inp'. + */ +char * tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp); +/** As tor_socksauth_keyval_get_val, but take and return a const + * pointer + */ +const char * tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp); +/** Change the length of the variable-length array field val of 'inp' + * to 'newlen'.Fill extra elements with 0. Return 0 on success; return + * -1 and set the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen); +/** Return the value of the val field of a tor_socksauth_keyval_t as a + * NUL-terminated string. + */ +const char * tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp); +/** Set the value of the val field of a tor_socksauth_keyval_t to a + * given string of length 'len'. Return 0 on success; return -1 and + * set the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len); +/** Set the value of the val field of a tor_socksauth_keyval_t to a + * given NUL-terminated string. Return 0 on success; return -1 and set + * the error code on 'inp' on failure. + */ +int tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val); +/** Return a newly allocated socks5_client_request with all elements + * set to zero. + */ +socks5_client_request_t *socks5_client_request_new(void); +/** Release all storage held by the socks5_client_request in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_client_request_free(socks5_client_request_t *victim); +/** Try to parse a socks5_client_request from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_client_request_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_client_request in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t socks5_client_request_encoded_len(const socks5_client_request_t *obj); +/** Try to encode the socks5_client_request from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_client_request_encode(uint8_t *output, size_t avail, const socks5_client_request_t *input); +/** Check whether the internal state of the socks5_client_request in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_client_request_check(const socks5_client_request_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_client_request_clear_errors(socks5_client_request_t *obj); +/** Return the value of the version field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_version(const socks5_client_request_t *inp); +/** Set the value of the version field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the command field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_command(const socks5_client_request_t *inp); +/** Set the value of the command field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the reserved field of the + * socks5_client_request_t in 'inp' + */ +uint8_t socks5_client_request_get_reserved(const socks5_client_request_t *inp); +/** Set the value of the reserved field of the socks5_client_request_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the atype field of the socks5_client_request_t + * in 'inp' + */ +uint8_t socks5_client_request_get_atype(const socks5_client_request_t *inp); +/** Set the value of the atype field of the socks5_client_request_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val); +/** Return the value of the dest_addr_ipv4 field of the + * socks5_client_request_t in 'inp' + */ +uint32_t socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp); +/** Set the value of the dest_addr_ipv4 field of the + * socks5_client_request_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val); +/** Return the (constant) length of the array holding the + * dest_addr_ipv6 field of the socks5_client_request_t in 'inp'. + */ +size_t socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp); +/** Return the element at position 'idx' of the fixed array field + * dest_addr_ipv6 of the socks5_client_request_t in 'inp'. + */ +uint8_t socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx); +/** As socks5_client_request_get_dest_addr_ipv6, but take and return a + * const pointer + */ +uint8_t socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx); +/** Change the element at position 'idx' of the fixed array field + * dest_addr_ipv6 of the socks5_client_request_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt); +/** Return a pointer to the 16-element array field dest_addr_ipv6 of + * 'inp'. + */ +uint8_t * socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp); +/** As socks5_client_request_get_dest_addr_ipv6, but take and return a + * const pointer + */ +const uint8_t * socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp); +/** Return the value of the dest_addr_domainname field of the + * socks5_client_request_t in 'inp' + */ +struct domainname_st * socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp); +/** As socks5_client_request_get_dest_addr_domainname, but take and + * return a const pointer + */ +const struct domainname_st * socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp); +/** Set the value of the dest_addr_domainname field of the + * socks5_client_request_t in 'inp' to 'val'. Free the old value if + * any. Steals the referenceto 'val'.Return 0 on success; return -1 + * and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val); +/** As socks5_client_request_set_dest_addr_domainname, but does not + * free the previous value. + */ +int socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val); +/** Return the value of the dest_port field of the + * socks5_client_request_t in 'inp' + */ +uint16_t socks5_client_request_get_dest_port(const socks5_client_request_t *inp); +/** Set the value of the dest_port field of the + * socks5_client_request_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val); +/** Return a newly allocated socks5_server_reply with all elements set + * to zero. + */ +socks5_server_reply_t *socks5_server_reply_new(void); +/** Release all storage held by the socks5_server_reply in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void socks5_server_reply_free(socks5_server_reply_t *victim); +/** Try to parse a socks5_server_reply from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated socks5_server_reply_t. On failure, return -2 if the input + * appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * socks5_server_reply in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t socks5_server_reply_encoded_len(const socks5_server_reply_t *obj); +/** Try to encode the socks5_server_reply from 'input' into the buffer + * at 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t socks5_server_reply_encode(uint8_t *output, size_t avail, const socks5_server_reply_t *input); +/** Check whether the internal state of the socks5_server_reply in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *socks5_server_reply_check(const socks5_server_reply_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int socks5_server_reply_clear_errors(socks5_server_reply_t *obj); +/** Return the value of the version field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_version(const socks5_server_reply_t *inp); +/** Set the value of the version field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the reply field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_reply(const socks5_server_reply_t *inp); +/** Set the value of the reply field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the reserved field of the + * socks5_server_reply_t in 'inp' + */ +uint8_t socks5_server_reply_get_reserved(const socks5_server_reply_t *inp); +/** Set the value of the reserved field of the socks5_server_reply_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the atype field of the socks5_server_reply_t + * in 'inp' + */ +uint8_t socks5_server_reply_get_atype(const socks5_server_reply_t *inp); +/** Set the value of the atype field of the socks5_server_reply_t in + * 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val); +/** Return the value of the bind_addr_ipv4 field of the + * socks5_server_reply_t in 'inp' + */ +uint32_t socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp); +/** Set the value of the bind_addr_ipv4 field of the + * socks5_server_reply_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val); +/** Return the (constant) length of the array holding the + * bind_addr_ipv6 field of the socks5_server_reply_t in 'inp'. + */ +size_t socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp); +/** Return the element at position 'idx' of the fixed array field + * bind_addr_ipv6 of the socks5_server_reply_t in 'inp'. + */ +uint8_t socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx); +/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a + * const pointer + */ +uint8_t socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx); +/** Change the element at position 'idx' of the fixed array field + * bind_addr_ipv6 of the socks5_server_reply_t in 'inp', so that it + * will hold the value 'elt'. + */ +int socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt); +/** Return a pointer to the 16-element array field bind_addr_ipv6 of + * 'inp'. + */ +uint8_t * socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp); +/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a + * const pointer + */ +const uint8_t * socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp); +/** Return the value of the bind_addr_domainname field of the + * socks5_server_reply_t in 'inp' + */ +struct domainname_st * socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp); +/** As socks5_server_reply_get_bind_addr_domainname, but take and + * return a const pointer + */ +const struct domainname_st * socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp); +/** Set the value of the bind_addr_domainname field of the + * socks5_server_reply_t in 'inp' to 'val'. Free the old value if any. + * Steals the referenceto 'val'.Return 0 on success; return -1 and set + * the error code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val); +/** As socks5_server_reply_set_bind_addr_domainname, but does not free + * the previous value. + */ +int socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val); +/** Return the value of the bind_port field of the + * socks5_server_reply_t in 'inp' + */ +uint16_t socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp); +/** Set the value of the bind_port field of the socks5_server_reply_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val); +/** Return a newly allocated tor_extended_socks_auth_request with all + * elements set to zero. + */ +tor_extended_socks_auth_request_t *tor_extended_socks_auth_request_new(void); +/** Release all storage held by the tor_extended_socks_auth_request in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *victim); +/** Try to parse a tor_extended_socks_auth_request from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated tor_extended_socks_auth_request_t. On failure, + * return -2 if the input appears truncated, and -1 if the input is + * otherwise invalid. + */ +ssize_t tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * tor_extended_socks_auth_request in 'obj'. On failure, return a + * negative value. Note that this value may be an overestimate, and + * can even be an underestimate for certain unencodeable objects. + */ +ssize_t tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj); +/** Try to encode the tor_extended_socks_auth_request from 'input' + * into the buffer at 'output', using up to 'avail' bytes of the + * output buffer. On success, return the number of bytes used. On + * failure, return -2 if the buffer was not long enough, and -1 if the + * input was invalid. + */ +ssize_t tor_extended_socks_auth_request_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_request_t *input); +/** Check whether the internal state of the + * tor_extended_socks_auth_request in 'obj' is consistent. Return NULL + * if it is, and a short message if it is not. + */ +const char *tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj); +/** Return the value of the version field of the + * tor_extended_socks_auth_request_t in 'inp' + */ +uint8_t tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp); +/** Set the value of the version field of the + * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val); +/** Return the value of the npairs field of the + * tor_extended_socks_auth_request_t in 'inp' + */ +uint16_t tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp); +/** Set the value of the npairs field of the + * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val); +/** Return the length of the dynamic array holding the pairs field of + * the tor_extended_socks_auth_request_t in 'inp'. + */ +size_t tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * pairs of the tor_extended_socks_auth_request_t in 'inp'. + */ +struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx); +/** As tor_extended_socks_auth_request_get_pairs, but take and return + * a const pointer + */ + const struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * pairs of the tor_extended_socks_auth_request_t in 'inp', so that it + * will hold the value 'elt'. Free the previous value, if any. + */ +int tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); +/** As tor_extended_socks_auth_request_set_pairs, but does not free + * the previous value. + */ +int tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); +/** Append a new element 'elt' to the dynamic array field pairs of the + * tor_extended_socks_auth_request_t in 'inp'. + */ +int tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt); +/** Return a pointer to the variable-length array field pairs of + * 'inp'. + */ +struct tor_socksauth_keyval_st * * tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp); +/** As tor_extended_socks_auth_request_get_pairs, but take and return + * a const pointer + */ +const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp); +/** Change the length of the variable-length array field pairs of + * 'inp' to 'newlen'.Fill extra elements with NULL; free removed + * elements. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen); +/** Return a newly allocated tor_extended_socks_auth_response with all + * elements set to zero. + */ +tor_extended_socks_auth_response_t *tor_extended_socks_auth_response_new(void); +/** Release all storage held by the tor_extended_socks_auth_response + * in 'victim'. (Do nothing if 'victim' is NULL.) + */ +void tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *victim); +/** Try to parse a tor_extended_socks_auth_response from the buffer in + * 'input', using up to 'len_in' bytes from the input buffer. On + * success, return the number of bytes consumed and set *output to the + * newly allocated tor_extended_socks_auth_response_t. On failure, + * return -2 if the input appears truncated, and -1 if the input is + * otherwise invalid. + */ +ssize_t tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * tor_extended_socks_auth_response in 'obj'. On failure, return a + * negative value. Note that this value may be an overestimate, and + * can even be an underestimate for certain unencodeable objects. + */ +ssize_t tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj); +/** Try to encode the tor_extended_socks_auth_response from 'input' + * into the buffer at 'output', using up to 'avail' bytes of the + * output buffer. On success, return the number of bytes used. On + * failure, return -2 if the buffer was not long enough, and -1 if the + * input was invalid. + */ +ssize_t tor_extended_socks_auth_response_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_response_t *input); +/** Check whether the internal state of the + * tor_extended_socks_auth_response in 'obj' is consistent. Return + * NULL if it is, and a short message if it is not. + */ +const char *tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj); +/** Return the value of the version field of the + * tor_extended_socks_auth_response_t in 'inp' + */ +uint8_t tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp); +/** Set the value of the version field of the + * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val); +/** Return the value of the status field of the + * tor_extended_socks_auth_response_t in 'inp' + */ +uint8_t tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp); +/** Set the value of the status field of the + * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val); +/** Return the value of the npairs field of the + * tor_extended_socks_auth_response_t in 'inp' + */ +uint16_t tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp); +/** Set the value of the npairs field of the + * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on + * success; return -1 and set the error code on 'inp' on failure. + */ +int tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val); +/** Return the length of the dynamic array holding the pairs field of + * the tor_extended_socks_auth_response_t in 'inp'. + */ +size_t tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * pairs of the tor_extended_socks_auth_response_t in 'inp'. + */ +struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx); +/** As tor_extended_socks_auth_response_get_pairs, but take and return + * a const pointer + */ + const struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * pairs of the tor_extended_socks_auth_response_t in 'inp', so that + * it will hold the value 'elt'. Free the previous value, if any. + */ +int tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); +/** As tor_extended_socks_auth_response_set_pairs, but does not free + * the previous value. + */ +int tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); +/** Append a new element 'elt' to the dynamic array field pairs of the + * tor_extended_socks_auth_response_t in 'inp'. + */ +int tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt); +/** Return a pointer to the variable-length array field pairs of + * 'inp'. + */ +struct tor_socksauth_keyval_st * * tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp); +/** As tor_extended_socks_auth_response_get_pairs, but take and return + * a const pointer + */ +const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp); +/** Change the length of the variable-length array field pairs of + * 'inp' to 'newlen'.Fill extra elements with NULL; free removed + * elements. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen); + + +#endif From 9155e08450fe7a609f8223202e8aa7dfbca20a6d Mon Sep 17 00:00:00 2001 From: rl1987 Date: Sun, 13 May 2018 17:39:48 +0200 Subject: [PATCH 03/24] Parsing SOCKS4/4a request using trunnel impl --- src/or/proto_socks.c | 195 ++++++++++++++++++++++++++++++++++++++++-- src/test/test_socks.c | 8 +- 2 files changed, 194 insertions(+), 9 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 46439d66b1..36364e9614 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -14,6 +14,7 @@ #include "or/proto_socks.h" #include "or/reasons.h" +#include "trunnel/socks5.h" #include "or/socks_request_st.h" static void socks_request_set_socks5_error(socks_request_t *req, @@ -85,6 +86,147 @@ socks_request_free_(socks_request_t *req) tor_free(req); } +static int +parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, int *is_socks4a) +{ + // http://ss5.sourceforge.net/socks4.protocol.txt + // http://ss5.sourceforge.net/socks4A.protocol.txt + int res = 1; + tor_addr_t destaddr; + + req->socks_version = 4; + + socks4_client_request_t *trunnel_req; + + ssize_t parsed = + socks4_client_request_parse(&trunnel_req, raw_data, datalen); + + if (parsed == -1) { + log_warn(LD_APP, "socks4: parsing failed - invalid request."); + res = -1; + goto end; + } else if (parsed == -2) { + res = 0; + if (datalen > 1024) { // XXX + log_warn(LD_APP, "socks4: parsing failed - invalid request."); + res = -1; + } + goto end; + } + + uint8_t command = socks4_client_request_get_command(trunnel_req); + req->command = command; + + req->port = socks4_client_request_get_port(trunnel_req); + uint32_t dest_ip = socks4_client_request_get_addr(trunnel_req); + + if ((!req->port && req->command != SOCKS_COMMAND_RESOLVE) || + dest_ip == 0) { + log_warn(LD_APP, "socks4: Port or DestIP is zero. Rejecting."); + res = -1; + goto end; + } + + *is_socks4a = (dest_ip >> 8) == 0; + + const char *username = socks4_client_request_get_username(trunnel_req); + size_t usernamelen = username ? strlen(username) : 0; + if (username && usernamelen) { + if (usernamelen > MAX_SOCKS_MESSAGE_LEN) { + log_warn(LD_APP, "Socks4 user name too long; rejecting."); + res = -1; + goto end; + } + + req->got_auth = 1; + req->username = tor_strdup(username); + req->usernamelen = usernamelen; + } + + if (*is_socks4a) { + // We cannot rely on trunnel here, as we want to detect if + // we have abnormally long hostname field. + const char *hostname = (char *)raw_data + SOCKS4_NETWORK_LEN + + strlen(username) + 1; + size_t hostname_len = (char *)raw_data + datalen - hostname; + + if (hostname_len <= sizeof(req->address)) { + const char *trunnel_hostname = + socks4_client_request_get_socks4a_addr_hostname(trunnel_req); + + if (trunnel_hostname) + strlcpy(req->address, trunnel_hostname, sizeof(req->address)); + } else { + log_warn(LD_APP, "socks4: Destaddr too long. Rejecting."); + res = -1; + goto end; + } + } else { + tor_addr_from_ipv4h(&destaddr, dest_ip); + + if (!tor_addr_to_str(req->address, &destaddr, + MAX_SOCKS_ADDR_LEN, 0)) { + res = -1; + goto end; + } + } + + end: + socks4_client_request_free(trunnel_req); + + return res; +} + +/** + * Validate SOCKS4/4a related fields in req. Expect SOCKS4a + * if is_socks4a is true. If log_sockstype is true, + * log a notice about possible DNS leaks on local system. If + * safe_socks is true, reject insecure usage of SOCKS + * protocol. + * + * Return SOCKS_RESULT_DONE if validation passed or + * SOCKS_RESULT_INVALID if it failed. + */ +static socks_result_t +process_socks4_request(const socks_request_t *req, int is_socks4a, + int log_sockstype, int safe_socks) +{ + if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { + log_unsafe_socks_warning(4, req->address, req->port, safe_socks); + + if (safe_socks) + return -1; + } + + if (req->command != SOCKS_COMMAND_CONNECT && + req->command != SOCKS_COMMAND_RESOLVE) { + /* not a connect or resolve? we don't support it. (No resolve_ptr with + * socks4.) */ + log_warn(LD_APP, "socks4: command %d not recognized. Rejecting.", + req->command); + return -1; + } + + if (is_socks4a) { + if (log_sockstype) + log_notice(LD_APP, + "Your application (using socks4a to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); + } + + if (!string_is_valid_dest(req->address)) { + log_warn(LD_PROTOCOL, + "Your application (using socks4 to port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped_safe_str_client(req->address)); + return -1; + } + + return 1; +} + /** There is a (possibly incomplete) socks handshake on buf, of one * of the forms * - socks4: "socksheader username\\0" @@ -114,14 +256,56 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype, int safe_socks) { - int res; + int res = 0; + size_t datalen = buf_datalen(buf); + uint8_t *raw_data; + uint8_t socks_version; + + raw_data = tor_malloc(datalen); + memset(raw_data, 0, datalen); + + buf_peek(buf, (char *)raw_data, datalen); + + socks_version = (uint8_t)raw_data[0]; + + if (socks_version == 4) { + if (datalen < SOCKS4_NETWORK_LEN) { + res = 0; + goto end; + } + + int is_socks4a = 0; + int parse_status = + parse_socks4_request((const uint8_t *)raw_data, req, datalen, + &is_socks4a); + + if (parse_status != 1) { + res = parse_status; + goto end; + } + + int process_status = process_socks4_request(req, is_socks4a, + log_sockstype, + safe_socks); + + if (process_status != 1) { + res = process_status; + goto end; + } + + buf_clear(buf); + res = 1; + goto end; + } + ssize_t n_drain; size_t want_length = 128; const char *head = NULL; - size_t datalen = 0; - if (buf_datalen(buf) < 2) /* version and another byte */ - return 0; + if (buf_datalen(buf) < 2) { /* version and another byte */ + res = 0; + goto end; + } do { n_drain = 0; @@ -140,6 +324,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, } while (res == 0 && head && want_length < buf_datalen(buf) && buf_datalen(buf) >= 2); + end: + tor_free(raw_data); return res; } @@ -710,4 +896,3 @@ parse_socks_client(const uint8_t *data, size_t datalen, return -1; /* LCOV_EXCL_STOP */ } - diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 04c0280584..cf34e9d435 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -82,7 +82,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */ + /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, get_options()->SafeSocks), @@ -98,7 +98,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); socks_request_clear(socks); - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ + /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, 1); @@ -142,7 +142,7 @@ test_socks_4_bad_arguments(void *ptr) get_options()->SafeSocks), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("Port or DestIP is zero."); + expect_log_msg_containing("Port or DestIP is zero."); // !!! mock_clean_saved_logs(); /* Try with 0 port */ @@ -192,7 +192,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("Destaddr too long."); + expect_log_msg_containing("parsing failed - invalid request."); mock_clean_saved_logs(); /* Socks4, bogus hostname */ From b160929c2274a6a0b6b53a25f3a384369da60865 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 15 May 2018 11:49:07 +0200 Subject: [PATCH 04/24] Add RESOLVE (0xF0) command to socks4_client_request --- src/trunnel/socks5.c | 12 ++++++------ src/trunnel/socks5.h | 1 + src/trunnel/socks5.trunnel | 3 ++- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 7bc6e5fe7c..1d6f56dfa9 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -345,7 +345,7 @@ socks4_client_request_get_command(const socks4_client_request_t *inp) int socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val) { - if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR))) { + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -413,7 +413,7 @@ socks4_client_request_check(const socks4_client_request_t *obj) return "A set function failed on this object"; if (! (obj->version == 4)) return "Integer out of bounds"; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR)) return "Integer out of bounds"; if (NULL == obj->username) return "Missing username"; @@ -696,7 +696,7 @@ socks4_client_request_encoded_len(const socks4_client_request_t *obj) /* Length of u8 version IN [4] */ result += 1; - /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ result += 1; /* Length of u16 port */ @@ -1006,7 +1006,7 @@ socks4_client_request_encode(uint8_t *output, const size_t avail, const socks4_c trunnel_set_uint8(ptr, (obj->version)); written += 1; ptr += 1; - /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -1354,11 +1354,11 @@ socks4_client_request_parse_into(socks4_client_request_t *obj, const uint8_t *in if (! (obj->version == 4)) goto fail; - /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */ + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */ CHECK_REMAINING(1, truncated); obj->command = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR)) goto fail; /* Parse u16 port */ diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h index fb3c03160a..8bc5af109f 100644 --- a/src/trunnel/socks5.h +++ b/src/trunnel/socks5.h @@ -11,6 +11,7 @@ #define CMD_CONNECT 1 #define CMD_BIND 2 #define CMD_UDP_ASSOCIATE 3 +#define CMD_RESOLVE 240 #define CMD_RESOLVE_PTR 241 #define ATYPE_IPV4 1 #define ATYPE_IPV6 4 diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index ab53a4315f..4818d14087 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -16,6 +16,7 @@ const CMD_CONNECT = 1; const CMD_BIND = 2; const CMD_UDP_ASSOCIATE = 3; // This is a tor extension +const CMD_RESOLVE = 0xF0; const CMD_RESOLVE_PTR = 0xF1; const ATYPE_IPV4 = 1; @@ -72,7 +73,7 @@ struct socks5_server_userpath_auth { struct socks4_client_request { u8 version IN [4]; - u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE_PTR]; + u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE,CMD_RESOLVE_PTR]; u16 port; u32 addr; nulterm username; From c6a0b04d33f5d2cdb8207672c18b06d689ecd1df Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 15 May 2018 12:24:21 +0200 Subject: [PATCH 05/24] Remove legacy SOCKS4 code --- src/or/proto_socks.c | 120 ------------------------------------------- 1 file changed, 120 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 36364e9614..4fdc33d1d4 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -385,11 +385,8 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, unsigned int len; char tmpbuf[TOR_ADDR_BUF_LEN+1]; tor_addr_t destaddr; - uint32_t destip; uint8_t socksver; - char *next, *startaddr; unsigned char usernamelen, passlen; - struct in_addr in; if (datalen < 2) { /* We always need at least 2 bytes. */ @@ -606,123 +603,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } tor_assert(0); break; - case 4: { /* socks4 */ - enum {socks4, socks4a} socks4_prot = socks4a; - const char *authstart, *authend; - /* http://ss5.sourceforge.net/socks4.protocol.txt */ - /* http://ss5.sourceforge.net/socks4A.protocol.txt */ - - req->socks_version = 4; - if (datalen < SOCKS4_NETWORK_LEN) {/* basic info available? */ - *want_length_out = SOCKS4_NETWORK_LEN; - return 0; /* not yet */ - } - // buf_pullup(buf, 1280); - req->command = (unsigned char) *(data+1); - if (req->command != SOCKS_COMMAND_CONNECT && - req->command != SOCKS_COMMAND_RESOLVE) { - /* not a connect or resolve? we don't support it. (No resolve_ptr with - * socks4.) */ - log_warn(LD_APP,"socks4: command %d not recognized. Rejecting.", - req->command); - return -1; - } - - req->port = ntohs(get_uint16(data+2)); - destip = ntohl(get_uint32(data+4)); - if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) { - log_warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting."); - return -1; - } - if (destip >> 8) { - log_debug(LD_APP,"socks4: destip not in form 0.0.0.x."); - in.s_addr = htonl(destip); - tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf)); - if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- This branch is unreachable, given the - * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */ - log_debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.", - (int)strlen(tmpbuf)); - return -1; - /* LCOV_EXCL_STOP */ - } - log_debug(LD_APP, - "socks4: successfully read destip (%s)", - safe_str_client(tmpbuf)); - socks4_prot = socks4; - } - - authstart = data + SOCKS4_NETWORK_LEN; - next = memchr(authstart, 0, - datalen-SOCKS4_NETWORK_LEN); - if (!next) { - if (datalen >= 1024) { - log_debug(LD_APP, "Socks4 user name too long; rejecting."); - return -1; - } - log_debug(LD_APP,"socks4: Username not here yet."); - *want_length_out = datalen+1024; /* More than we need, but safe */ - return 0; - } - authend = next; - tor_assert(next < data+datalen); - - startaddr = NULL; - if (socks4_prot != socks4a && - !addressmap_have_mapping(tmpbuf,0)) { - log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks); - - if (safe_socks) - return -1; - } - if (socks4_prot == socks4a) { - if (next+1 == data+datalen) { - log_debug(LD_APP,"socks4: No part of destaddr here yet."); - *want_length_out = datalen + 1024; /* More than we need, but safe */ - return 0; - } - startaddr = next+1; - next = memchr(startaddr, 0, data + datalen - startaddr); - if (!next) { - if (datalen >= 1024) { - log_debug(LD_APP,"socks4: Destaddr too long."); - return -1; - } - log_debug(LD_APP,"socks4: Destaddr not all here yet."); - *want_length_out = datalen + 1024; /* More than we need, but safe */ - return 0; - } - if (MAX_SOCKS_ADDR_LEN <= next-startaddr) { - log_warn(LD_APP,"socks4: Destaddr too long. Rejecting."); - return -1; - } - // tor_assert(next < buf->cur+buf_datalen(buf)); - - if (log_sockstype) - log_notice(LD_APP, - "Your application (using socks4a to port %d) instructed " - "Tor to take care of the DNS resolution itself if " - "necessary. This is good.", req->port); - } - log_debug(LD_APP,"socks4: Everything is here. Success."); - strlcpy(req->address, startaddr ? startaddr : tmpbuf, - sizeof(req->address)); - if (!string_is_valid_dest(req->address)) { - log_warn(LD_PROTOCOL, - "Your application (using socks4 to port %d) gave Tor " - "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped_safe_str_client(req->address)); - return -1; - } - if (authend != authstart) { - req->got_auth = 1; - req->usernamelen = authend - authstart; - req->username = tor_memdup(authstart, authend - authstart); - } - /* next points to the final \0 on inbuf */ - *drain_out = next - data + 1; - return 1; - } case 'G': /* get */ case 'H': /* head */ case 'P': /* put/post */ From 27333b2298a17fc85b4d2a6c07c9c889d6bdabed Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 15 May 2018 15:13:13 +0200 Subject: [PATCH 06/24] Reimplement phase 1 of SOCKS5 using trunnel squash! Reimplement phase 1 of SOCKS5 using trunnel --- src/or/proto_socks.c | 157 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 4fdc33d1d4..e9ea453fa2 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -227,6 +227,121 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, return 1; } +static int +parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, int *have_user_pass, + int *have_no_auth, size_t *drain_out) +{ + int res = 1; + socks5_client_version_t *trunnel_req; + + ssize_t parsed = socks5_client_version_parse(&trunnel_req, raw_data, + datalen); + + (void)req; + + tor_assert(have_no_auth); + tor_assert(have_user_pass); + tor_assert(drain_out); + + *drain_out = 0; + + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid version " + "id/method selection message."); + res = -1; + goto end; + } else if (parsed == -2) { + res = 0; + if (datalen > 1024) { // XXX + log_warn(LD_APP, "socks5: parsing failed - invalid version " + "id/method selection message."); + res = -1; + } + goto end; + } + + size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req); + if (n_methods == 0) { + res = -1; + goto end; + } + + *have_no_auth = 0; + *have_user_pass = 0; + + for (size_t i = 0; i < n_methods; i++) { + uint8_t method = socks5_client_version_get_methods(trunnel_req, + i); + + if (method == SOCKS_USER_PASS) { + *have_user_pass = 1; + } else if (method == SOCKS_NO_AUTH) { + *have_no_auth = 1; + } + } + + end: + *drain_out = (size_t)parsed; + socks5_client_version_free(trunnel_req); + + return res; +} + +static int +process_socks5_methods_request(socks_request_t *req, int have_user_pass, + int have_no_auth) +{ + int res = 0; + socks5_server_method_t *trunnel_resp = socks5_server_method_new(); + + socks5_server_method_set_version(trunnel_resp, 5); + + if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) { + req->auth_type = SOCKS_USER_PASS; + socks5_server_method_set_method(trunnel_resp, SOCKS_USER_PASS); + + req->socks_version = 5; // FIXME: come up with better way to remember + // that we negotiated auth + + log_debug(LD_APP,"socks5: accepted method 2 (username/password)"); + } else if (have_no_auth) { + req->auth_type = SOCKS_NO_AUTH; + socks5_server_method_set_method(trunnel_resp, SOCKS_NO_AUTH); + + req->socks_version = 5; + + log_debug(LD_APP,"socks5: accepted method 0 (no authentication)"); + } else { + log_warn(LD_APP, + "socks5: offered methods don't include 'no auth' or " + "username/password. Rejecting."); + socks5_server_method_set_method(trunnel_resp, 0xFF); // reject all + res = -1; + } + + const char *errmsg = socks5_server_method_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: method selection validation failed: %s", + errmsg); + res = -1; + } else { + ssize_t encoded = + socks5_server_method_encode(req->reply, sizeof(req->reply), + trunnel_resp); + + if (encoded < 0) { + log_warn(LD_APP, "socks5: method selection encoding failed"); + res = -1; + } else { + req->replylen = (size_t)encoded; + } + } + + socks5_server_method_free(trunnel_resp); + return res; +} + /** There is a (possibly incomplete) socks handshake on buf, of one * of the forms * - socks4: "socksheader username\\0" @@ -259,6 +374,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int res = 0; size_t datalen = buf_datalen(buf); uint8_t *raw_data; + uint8_t *raw_ptr; uint8_t socks_version; raw_data = tor_malloc(datalen); @@ -266,6 +382,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, buf_peek(buf, (char *)raw_data, datalen); + raw_ptr = raw_data; + socks_version = (uint8_t)raw_data[0]; if (socks_version == 4) { @@ -296,6 +414,45 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, buf_clear(buf); res = 1; goto end; + } else if (socks_version == 5) { + if (datalen < 2) { /* version and another byte */ + res = 0; + goto end; + } + + if (!req->got_auth) { + + } + + if (req->socks_version != 5) { + int have_user_pass, have_no_auth; + int parse_status = parse_socks5_methods_request(raw_data, + req, + datalen, + &have_user_pass, + &have_no_auth, + drain_out); + + if (parse_status != 1) { + res = parse_status; + goto end; + } + + int process_status = process_socks5_methods_request(req, + have_user_pass, + have_no_auth); + + if (process_status == -1) { + res = process_status; + goto end; + } + + buf_drain(buf, n_drain); // TODO: do it like this for SOCKS4/4a as well + raw_ptr += n_drain; + datalen -= n_drain; + res = 0; + goto end; + } } ssize_t n_drain; From 63c478c1c4f3e22ed90de08f9c8e30181f73efa3 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 16 May 2018 12:06:10 +0200 Subject: [PATCH 07/24] Call new SOCKS code from parse_socks, to parse multiple packets in row --- src/or/proto_socks.c | 129 +++++++++++++++++++++++++------------------ 1 file changed, 74 insertions(+), 55 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index e9ea453fa2..97297428ed 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -21,7 +21,7 @@ static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason); static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, ssize_t *drain_out, + int log_sockstype, int safe_socks, size_t *drain_out, size_t *want_length_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, @@ -88,13 +88,19 @@ socks_request_free_(socks_request_t *req) static int parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, - size_t datalen, int *is_socks4a) + size_t datalen, int *is_socks4a, size_t *drain_out) { // http://ss5.sourceforge.net/socks4.protocol.txt // http://ss5.sourceforge.net/socks4A.protocol.txt int res = 1; tor_addr_t destaddr; + tor_assert(is_socks4a); + tor_assert(drain_out); + + *is_socks4a = 0; + *drain_out = 0; + req->socks_version = 4; socks4_client_request_t *trunnel_req; @@ -115,6 +121,9 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, goto end; } + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + uint8_t command = socks4_client_request_get_command(trunnel_req); req->command = command; @@ -172,6 +181,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, } } + end: socks4_client_request_free(trunnel_req); @@ -261,6 +271,9 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, goto end; } + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req); if (n_methods == 0) { res = -1; @@ -282,7 +295,6 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, } end: - *drain_out = (size_t)parsed; socks5_client_version_free(trunnel_req); return res; @@ -342,49 +354,13 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } -/** There is a (possibly incomplete) socks handshake on buf, of one - * of the forms - * - socks4: "socksheader username\\0" - * - socks4a: "socksheader username\\0 destaddr\\0" - * - socks5 phase one: "version #methods methods" - * - socks5 phase two: "version command 0 addresstype..." - * If it's a complete and valid handshake, and destaddr fits in - * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf, - * assign to req, and return 1. - * - * If it's invalid or too big, return -1. - * - * Else it's not all there yet, leave buf alone and return 0. - * - * If you want to specify the socks reply, write it into req->reply - * and set req->replylen, else leave req->replylen alone. - * - * If log_sockstype is non-zero, then do a notice-level log of whether - * the connection is possibly leaking DNS requests locally or not. - * - * If safe_socks is true, then reject unsafe socks protocols. - * - * If returning 0 or -1, req->address and req->port are - * undefined. - */ -int -fetch_from_buf_socks(buf_t *buf, socks_request_t *req, - int log_sockstype, int safe_socks) +static int +handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, + int log_sockstype, int safe_socks, size_t *drain_out) { int res = 0; - size_t datalen = buf_datalen(buf); - uint8_t *raw_data; - uint8_t *raw_ptr; - uint8_t socks_version; - raw_data = tor_malloc(datalen); - memset(raw_data, 0, datalen); - - buf_peek(buf, (char *)raw_data, datalen); - - raw_ptr = raw_data; - - socks_version = (uint8_t)raw_data[0]; + uint8_t socks_version = raw_data[0]; if (socks_version == 4) { if (datalen < SOCKS4_NETWORK_LEN) { @@ -395,7 +371,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int is_socks4a = 0; int parse_status = parse_socks4_request((const uint8_t *)raw_data, req, datalen, - &is_socks4a); + &is_socks4a, drain_out); if (parse_status != 1) { res = parse_status; @@ -411,7 +387,6 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, goto end; } - buf_clear(buf); res = 1; goto end; } else if (socks_version == 5) { @@ -447,15 +422,47 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, goto end; } - buf_drain(buf, n_drain); // TODO: do it like this for SOCKS4/4a as well - raw_ptr += n_drain; - datalen -= n_drain; res = 0; goto end; } } - ssize_t n_drain; + end: + return res; +} + +/** There is a (possibly incomplete) socks handshake on buf, of one + * of the forms + * - socks4: "socksheader username\\0" + * - socks4a: "socksheader username\\0 destaddr\\0" + * - socks5 phase one: "version #methods methods" + * - socks5 phase two: "version command 0 addresstype..." + * If it's a complete and valid handshake, and destaddr fits in + * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf, + * assign to req, and return 1. + * + * If it's invalid or too big, return -1. + * + * Else it's not all there yet, leave buf alone and return 0. + * + * If you want to specify the socks reply, write it into req->reply + * and set req->replylen, else leave req->replylen alone. + * + * If log_sockstype is non-zero, then do a notice-level log of whether + * the connection is possibly leaking DNS requests locally or not. + * + * If safe_socks is true, then reject unsafe socks protocols. + * + * If returning 0 or -1, req->address and req->port are + * undefined. + */ +int +fetch_from_buf_socks(buf_t *buf, socks_request_t *req, + int log_sockstype, int safe_socks) +{ + int res = 0; + size_t datalen = buf_datalen(buf); + size_t n_drain; size_t want_length = 128; const char *head = NULL; @@ -464,25 +471,27 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, goto end; } + buf_pullup(buf, datalen, &head, &datalen); // XXX + do { n_drain = 0; - buf_pullup(buf, want_length, &head, &datalen); + //buf_pullup(buf, want_length, &head, &datalen); tor_assert(head && datalen >= 2); want_length = 0; res = parse_socks(head, datalen, req, log_sockstype, safe_socks, &n_drain, &want_length); - if (n_drain < 0) + if (res == -1) buf_clear(buf); else if (n_drain > 0) buf_drain(buf, n_drain); + datalen = buf_datalen(buf); } while (res == 0 && head && want_length < buf_datalen(buf) && buf_datalen(buf) >= 2); end: - tor_free(raw_data); return res; } @@ -536,7 +545,7 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = * we'd like to see in the input buffer, if they're available. */ static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, ssize_t *drain_out, + int log_sockstype, int safe_socks, size_t *drain_out, size_t *want_length_out) { unsigned int len; @@ -551,6 +560,15 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, return 0; } + socksver = get_uint8(data); + + if ((socksver == 5 && req->socks_version != 5) || + socksver == 4) { + *want_length_out = 128; // TODO remove this arg later + return handle_socks_message((const uint8_t *)data, datalen, req, + log_sockstype, safe_socks, drain_out); + } + if (req->socks_version == 5 && !req->got_auth) { /* See if we have received authentication. Strictly speaking, we should also check whether we actually negotiated username/password @@ -597,8 +615,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } } - socksver = *data; - switch (socksver) { /* which version of socks? */ case 5: /* socks5 */ @@ -783,6 +799,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } return -1; } + + tor_assert_unreached(); + return -1; } /** Inspect a reply from SOCKS server stored in buf according From 853d9b869d3b32f7900a13ee70f23a25e43d50db Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 16 May 2018 12:31:29 +0200 Subject: [PATCH 08/24] Remove legacy SOCKS5 phase 1 code --- src/or/proto_socks.c | 42 ------------------------------------------ 1 file changed, 42 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 97297428ed..41f5a2dbd9 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -617,48 +617,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, switch (socksver) { /* which version of socks? */ case 5: /* socks5 */ - - if (req->socks_version != 5) { /* we need to negotiate a method */ - unsigned char nummethods = (unsigned char)*(data+1); - int have_user_pass, have_no_auth; - int r=0; - tor_assert(!req->socks_version); - if (datalen < 2u+nummethods) { - *want_length_out = 2u+nummethods; - return 0; - } - if (!nummethods) - return -1; - req->replylen = 2; /* 2 bytes of response */ - req->reply[0] = 5; /* socks5 reply */ - have_user_pass = (memchr(data+2, SOCKS_USER_PASS, nummethods) !=NULL); - have_no_auth = (memchr(data+2, SOCKS_NO_AUTH, nummethods) !=NULL); - if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) { - req->auth_type = SOCKS_USER_PASS; - req->reply[1] = SOCKS_USER_PASS; /* tell client to use "user/pass" - auth method */ - req->socks_version = 5; /* remember we've already negotiated auth */ - log_debug(LD_APP,"socks5: accepted method 2 (username/password)"); - r=0; - } else if (have_no_auth) { - req->reply[1] = SOCKS_NO_AUTH; /* tell client to use "none" auth - method */ - req->socks_version = 5; /* remember we've already negotiated auth */ - log_debug(LD_APP,"socks5: accepted method 0 (no authentication)"); - r=0; - } else { - log_warn(LD_APP, - "socks5: offered methods don't include 'no auth' or " - "username/password. Rejecting."); - req->reply[1] = '\xFF'; /* reject all methods */ - r=-1; - } - /* Remove packet from buf. Some SOCKS clients will have sent extra - * junk at this point; let's hope it's an authentication message. */ - *drain_out = 2u + nummethods; - - return r; - } if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) { log_warn(LD_APP, "socks5: negotiated authentication, but none provided"); From 75106a26b4ef8167406cd4d457c24e4aa6618118 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 16 May 2018 14:47:46 +0200 Subject: [PATCH 09/24] Fix type in socks5.trunnel --- src/trunnel/socks5.c | 48 ++++++++++++++++++------------------ src/trunnel/socks5.h | 50 +++++++++++++++++++------------------- src/trunnel/socks5.trunnel | 2 +- 3 files changed, 50 insertions(+), 50 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 1d6f56dfa9..5b8d49d802 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -2838,10 +2838,10 @@ socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input } return result; } -socks5_server_userpath_auth_t * -socks5_server_userpath_auth_new(void) +socks5_server_userpass_auth_t * +socks5_server_userpass_auth_new(void) { - socks5_server_userpath_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpath_auth_t)); + socks5_server_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpass_auth_t)); if (NULL == val) return NULL; val->version = 1; @@ -2851,28 +2851,28 @@ socks5_server_userpath_auth_new(void) /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -socks5_server_userpath_auth_clear(socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_clear(socks5_server_userpass_auth_t *obj) { (void) obj; } void -socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *obj) { if (obj == NULL) return; - socks5_server_userpath_auth_clear(obj); - trunnel_memwipe(obj, sizeof(socks5_server_userpath_auth_t)); + socks5_server_userpass_auth_clear(obj); + trunnel_memwipe(obj, sizeof(socks5_server_userpass_auth_t)); trunnel_free_(obj); } uint8_t -socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp) +socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp) { return inp->version; } int -socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val) +socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val) { if (! ((val == 1))) { TRUNNEL_SET_ERROR_CODE(inp); @@ -2882,18 +2882,18 @@ socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint return 0; } uint8_t -socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp) +socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp) { return inp->status; } int -socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val) +socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val) { inp->status = val; return 0; } const char * -socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj) { if (obj == NULL) return "Object was NULL"; @@ -2905,11 +2905,11 @@ socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj) } ssize_t -socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj) { ssize_t result = 0; - if (NULL != socks5_server_userpath_auth_check(obj)) + if (NULL != socks5_server_userpass_auth_check(obj)) return -1; @@ -2921,24 +2921,24 @@ socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj return result; } int -socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj) { int r = obj->trunnel_error_code_; obj->trunnel_error_code_ = 0; return r; } ssize_t -socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpath_auth_t *obj) +socks5_server_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpass_auth_t *obj) { ssize_t result = 0; size_t written = 0; uint8_t *ptr = output; const char *msg; #ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = socks5_server_userpath_auth_encoded_len(obj); + const ssize_t encoded_len = socks5_server_userpass_auth_encoded_len(obj); #endif - if (NULL != (msg = socks5_server_userpath_auth_check(obj))) + if (NULL != (msg = socks5_server_userpass_auth_check(obj))) goto check_failed; #ifdef TRUNNEL_CHECK_ENCODED_LEN @@ -2983,11 +2983,11 @@ socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const so return result; } -/** As socks5_server_userpath_auth_parse(), but do not allocate the +/** As socks5_server_userpass_auth_parse(), but do not allocate the * output object. */ static ssize_t -socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const uint8_t *input, const size_t len_in) +socks5_server_userpass_auth_parse_into(socks5_server_userpass_auth_t *obj, const uint8_t *input, const size_t len_in) { const uint8_t *ptr = input; size_t remaining = len_in; @@ -3016,15 +3016,15 @@ socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const } ssize_t -socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in) +socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in) { ssize_t result; - *output = socks5_server_userpath_auth_new(); + *output = socks5_server_userpass_auth_new(); if (NULL == *output) return -1; - result = socks5_server_userpath_auth_parse_into(*output, input, len_in); + result = socks5_server_userpass_auth_parse_into(*output, input, len_in); if (result < 0) { - socks5_server_userpath_auth_free(*output); + socks5_server_userpass_auth_free(*output); *output = NULL; } return result; diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h index 8bc5af109f..d8f13c2abb 100644 --- a/src/trunnel/socks5.h +++ b/src/trunnel/socks5.h @@ -74,14 +74,14 @@ struct socks5_server_method_st { }; #endif typedef struct socks5_server_method_st socks5_server_method_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPATH_AUTH) -struct socks5_server_userpath_auth_st { +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPASS_AUTH) +struct socks5_server_userpass_auth_st { uint8_t version; uint8_t status; uint8_t trunnel_error_code_; }; #endif -typedef struct socks5_server_userpath_auth_st socks5_server_userpath_auth_t; +typedef struct socks5_server_userpass_auth_st socks5_server_userpass_auth_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL) struct tor_socksauth_keyval_st { uint16_t keylen; @@ -697,62 +697,62 @@ uint8_t socks5_server_method_get_method(const socks5_server_method_t *inp); * code on 'inp' on failure. */ int socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val); -/** Return a newly allocated socks5_server_userpath_auth with all +/** Return a newly allocated socks5_server_userpass_auth with all * elements set to zero. */ -socks5_server_userpath_auth_t *socks5_server_userpath_auth_new(void); -/** Release all storage held by the socks5_server_userpath_auth in +socks5_server_userpass_auth_t *socks5_server_userpass_auth_new(void); +/** Release all storage held by the socks5_server_userpass_auth in * 'victim'. (Do nothing if 'victim' is NULL.) */ -void socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *victim); -/** Try to parse a socks5_server_userpath_auth from the buffer in +void socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *victim); +/** Try to parse a socks5_server_userpass_auth from the buffer in * 'input', using up to 'len_in' bytes from the input buffer. On * success, return the number of bytes consumed and set *output to the - * newly allocated socks5_server_userpath_auth_t. On failure, return + * newly allocated socks5_server_userpass_auth_t. On failure, return * -2 if the input appears truncated, and -1 if the input is otherwise * invalid. */ -ssize_t socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in); +ssize_t socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in); /** Return the number of bytes we expect to need to encode the - * socks5_server_userpath_auth in 'obj'. On failure, return a negative + * socks5_server_userpass_auth in 'obj'. On failure, return a negative * value. Note that this value may be an overestimate, and can even be * an underestimate for certain unencodeable objects. */ -ssize_t socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj); -/** Try to encode the socks5_server_userpath_auth from 'input' into +ssize_t socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj); +/** Try to encode the socks5_server_userpass_auth from 'input' into * the buffer at 'output', using up to 'avail' bytes of the output * buffer. On success, return the number of bytes used. On failure, * return -2 if the buffer was not long enough, and -1 if the input * was invalid. */ -ssize_t socks5_server_userpath_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpath_auth_t *input); +ssize_t socks5_server_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpass_auth_t *input); /** Check whether the internal state of the - * socks5_server_userpath_auth in 'obj' is consistent. Return NULL if + * socks5_server_userpass_auth in 'obj' is consistent. Return NULL if * it is, and a short message if it is not. */ -const char *socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj); +const char *socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj); /** Clear any errors that were set on the object 'obj' by its setter * functions. Return true iff errors were cleared. */ -int socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj); +int socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj); /** Return the value of the version field of the - * socks5_server_userpath_auth_t in 'inp' + * socks5_server_userpass_auth_t in 'inp' */ -uint8_t socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp); +uint8_t socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp); /** Set the value of the version field of the - * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on + * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on * success; return -1 and set the error code on 'inp' on failure. */ -int socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val); +int socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val); /** Return the value of the status field of the - * socks5_server_userpath_auth_t in 'inp' + * socks5_server_userpass_auth_t in 'inp' */ -uint8_t socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp); +uint8_t socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp); /** Set the value of the status field of the - * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on + * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on * success; return -1 and set the error code on 'inp' on failure. */ -int socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val); +int socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val); /** Return a newly allocated tor_socksauth_keyval with all elements * set to zero. */ diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index 4818d14087..b6b8a34f2b 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -64,7 +64,7 @@ struct socks5_client_userpass_auth { char passwd[passwd_len]; } -struct socks5_server_userpath_auth { +struct socks5_server_userpass_auth { u8 version IN [1]; u8 status; } From 9068ac3cace658abe9ab2c59135af82fac5c90ec Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 16 May 2018 15:41:57 +0200 Subject: [PATCH 10/24] Implement SOCKS5 user/pass handling --- src/or/proto_socks.c | 135 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 127 insertions(+), 8 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 41f5a2dbd9..8c635825b3 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -293,7 +293,7 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, *have_no_auth = 1; } } - + end: socks5_client_version_free(trunnel_req); @@ -338,10 +338,10 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, errmsg); res = -1; } else { - ssize_t encoded = + ssize_t encoded = socks5_server_method_encode(req->reply, sizeof(req->reply), trunnel_resp); - + if (encoded < 0) { log_warn(LD_APP, "socks5: method selection encoding failed"); res = -1; @@ -354,6 +354,105 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } +static int +parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, size_t *drain_out) +{ + int res = 1; + socks5_client_userpass_auth_t *trunnel_req = NULL; + ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, + datalen); + + tor_assert(drain_out); + *drain_out = 0; + + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid user/pass " + "authentication message."); + res = -1; + goto end; + } else if (parsed == -2) { + res = 0; + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + uint8_t usernamelen = + socks5_client_userpass_auth_get_username_len(trunnel_req); + uint8_t passwordlen = + socks5_client_userpass_auth_get_passwd_len(trunnel_req); + const char *username = + socks5_client_userpass_auth_getconstarray_username(trunnel_req); + const char *password = + socks5_client_userpass_auth_getconstarray_passwd(trunnel_req); + + if (usernamelen && username) { + req->username = tor_memdup_nulterm(username, usernamelen); + req->usernamelen = usernamelen; + + req->got_auth = 1; + } + + if (passwordlen && password) { + req->password = tor_memdup_nulterm(password, passwordlen); + req->passwordlen = passwordlen; + + req->got_auth = 1; + } + + end: + socks5_client_userpass_auth_free(trunnel_req); + return res; +} + +static int +process_socks5_userpass_auth(socks_request_t *req) +{ + int res = 1; + socks5_server_userpass_auth_t *trunnel_resp = + socks5_server_userpass_auth_new(); + + if (req->socks_version != 5) { + res = -1; + goto end; + } + + if (req->auth_type != SOCKS_USER_PASS && + req->auth_type != SOCKS_NO_AUTH) { + res = -1; + goto end; + } + + socks5_server_userpass_auth_set_version(trunnel_resp, 1); + socks5_server_userpass_auth_set_status(trunnel_resp, 0); // auth OK + + const char *errmsg = socks5_server_userpass_auth_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: server userpass auth validation failed: %s", + errmsg); + res = -1; + goto end; + } + + ssize_t encoded = socks5_server_userpass_auth_encode(req->reply, + sizeof(req->reply), + trunnel_resp); + + if (encoded < 0) { + log_warn(LD_APP, "socks5: server userpass auth encoding failed"); + res = -1; + goto end; + } + + req->replylen = (size_t)encoded; + + end: + socks5_server_userpass_auth_free(trunnel_resp); + return res; +} + static int handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) @@ -362,6 +461,9 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r uint8_t socks_version = raw_data[0]; + if (socks_version == 1) + socks_version = 5; // SOCKS5 username/pass subnegotiation + if (socks_version == 4) { if (datalen < SOCKS4_NETWORK_LEN) { res = 0; @@ -394,12 +496,26 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r res = 0; goto end; } + /* RFC1929 SOCKS5 username/password subnegotiation. */ + if ((!req->got_auth && raw_data[0] == 1) || + req->auth_type == SOCKS_USER_PASS) { + int parse_status = parse_socks5_userpass_auth(raw_data, req, datalen, + drain_out); - if (!req->got_auth) { + if (parse_status != 1) { + res = parse_status; + goto end; + } - } + int process_status = process_socks5_userpass_auth(req); + if (process_status != 1) { + res = process_status; + goto end; + } - if (req->socks_version != 5) { + res = 0; + goto end; + } else if (req->socks_version != 5) { int have_user_pass, have_no_auth; int parse_status = parse_socks5_methods_request(raw_data, req, @@ -425,6 +541,9 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r res = 0; goto end; } + } else { + *drain_out = datalen; + res = -1; } end: @@ -562,8 +681,8 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, socksver = get_uint8(data); - if ((socksver == 5 && req->socks_version != 5) || - socksver == 4) { + if (socksver == 5 || socksver == 4 || + socksver == 1) { // XXX: RFC 1929 *want_length_out = 128; // TODO remove this arg later return handle_socks_message((const uint8_t *)data, datalen, req, log_sockstype, safe_socks, drain_out); From 57342b19f5497f6e9362ae02953755df9f1f2262 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Mon, 21 May 2018 12:55:20 +0200 Subject: [PATCH 11/24] Remove legacy RFC1929 code --- src/or/proto_socks.c | 47 -------------------------------------------- 1 file changed, 47 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 8c635825b3..8fdb722350 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -671,7 +671,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, char tmpbuf[TOR_ADDR_BUF_LEN+1]; tor_addr_t destaddr; uint8_t socksver; - unsigned char usernamelen, passlen; if (datalen < 2) { /* We always need at least 2 bytes. */ @@ -688,52 +687,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, log_sockstype, safe_socks, drain_out); } - if (req->socks_version == 5 && !req->got_auth) { - /* See if we have received authentication. Strictly speaking, we should - also check whether we actually negotiated username/password - authentication. But some broken clients will send us authentication - even if we negotiated SOCKS_NO_AUTH. */ - if (*data == 1) { /* username/pass version 1 */ - /* Format is: authversion [1 byte] == 1 - usernamelen [1 byte] - username [usernamelen bytes] - passlen [1 byte] - password [passlen bytes] */ - usernamelen = (unsigned char)*(data + 1); - if (datalen < 2u + usernamelen + 1u) { - *want_length_out = 2u + usernamelen + 1u; - return 0; - } - passlen = (unsigned char)*(data + 2u + usernamelen); - if (datalen < 2u + usernamelen + 1u + passlen) { - *want_length_out = 2u + usernamelen + 1u + passlen; - return 0; - } - req->replylen = 2; /* 2 bytes of response */ - req->reply[0] = 1; /* authversion == 1 */ - req->reply[1] = 0; /* authentication successful */ - log_debug(LD_APP, - "socks5: Accepted username/password without checking."); - if (usernamelen) { - req->username = tor_memdup(data+2u, usernamelen); - req->usernamelen = usernamelen; - } - if (passlen) { - req->password = tor_memdup(data+3u+usernamelen, passlen); - req->passwordlen = passlen; - } - *drain_out = 2u + usernamelen + 1u + passlen; - req->got_auth = 1; - *want_length_out = 7; /* Minimal socks5 command. */ - return 0; - } else if (req->auth_type == SOCKS_USER_PASS) { - /* unknown version byte */ - log_warn(LD_APP, "Socks5 username/password version %d not recognized; " - "rejecting.", (int)*data); - return -1; - } - } - switch (socksver) { /* which version of socks? */ case 5: /* socks5 */ if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) { From bcbd3fb71e1a729f5b499a1452da7d07deeebf39 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Mon, 21 May 2018 17:33:28 +0200 Subject: [PATCH 12/24] Second phase of SOCKS5 --- src/or/proto_socks.c | 157 +++++++++++++++++++++++++++++++++++--- src/or/socks_request_st.h | 2 + src/test/test_socks.c | 3 +- 3 files changed, 151 insertions(+), 11 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 8fdb722350..84ea58778e 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -453,11 +453,135 @@ process_socks5_userpass_auth(socks_request_t *req) return res; } +static int +parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, + size_t datalen, size_t *drain_out) +{ + int res = 1; + tor_addr_t destaddr; + socks5_client_request_t *trunnel_req = NULL; + ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); + if (parsed == -1) { + log_warn(LD_APP, "socks5: parsing failed - invalid client request"); + res = -1; + goto end; + } else if (parsed == -2) { + res = 0; + goto end; + } + + tor_assert(parsed >= 0); + *drain_out = (size_t)parsed; + + if (socks5_client_request_get_version(trunnel_req) != 5) { + res = -1; + goto end; + } + + req->command = socks5_client_request_get_command(trunnel_req); + + req->port = socks5_client_request_get_dest_port(trunnel_req); + + uint8_t atype = socks5_client_request_get_atype(trunnel_req); + req->socks5_atyp = atype; + + switch (atype) { + case 1: { + uint32_t ipv4 = socks5_client_request_get_dest_addr_ipv4(trunnel_req); + tor_addr_from_ipv4h(&destaddr, ipv4); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + case 3: { + const struct domainname_st *dns_name = + socks5_client_request_getconst_dest_addr_domainname(trunnel_req); + + const char *hostname = domainname_getconstarray_name(dns_name); + + strlcpy(req->address, hostname, sizeof(req->address)); + } break; + case 4: { + const char *ipv6 = + (const char *)socks5_client_request_getarray_dest_addr_ipv6(trunnel_req); + tor_addr_from_ipv6_bytes(&destaddr, ipv6); + + tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); + } break; + default: { + res = -1; + } break; + } + + end: + socks5_client_request_free(trunnel_req); + return res; +} + +static int +process_socks5_client_request(socks_request_t *req, + int log_sockstype, + int safe_socks) +{ + int res = 1; + + if (req->command != SOCKS_COMMAND_CONNECT && + req->command != SOCKS_COMMAND_RESOLVE && + req->command != SOCKS_COMMAND_RESOLVE_PTR) { + socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); + res = -1; + goto end; + } + + if (req->command == SOCKS_COMMAND_RESOLVE_PTR && + !string_is_valid_ipv4_address(req->address) && + !string_is_valid_ipv6_address(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); + log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " + "hostname type. Rejecting."); + + res = -1; + goto end; + } + + if (!string_is_valid_dest(req->address)) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + + log_warn(LD_PROTOCOL, + "Your application (using socks5 to port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped_safe_str_client(req->address)); + + res = -1; + goto end;; + } + + if (req->socks5_atyp == 1 || req->socks5_atyp == 4) { + if (req->command != SOCKS_COMMAND_RESOLVE_PTR && + !addressmap_have_mapping(req->address,0)) { + log_unsafe_socks_warning(5, req->address, req->port, safe_socks); + if (safe_socks) { + socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); + res = -1; + goto end; + } + } + } + + if (log_sockstype) + log_notice(LD_APP, + "Your application (using socks5 to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); + + end: + return res; +} + static int handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) { - int res = 0; + int res = 1; uint8_t socks_version = raw_data[0]; @@ -497,8 +621,8 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r goto end; } /* RFC1929 SOCKS5 username/password subnegotiation. */ - if ((!req->got_auth && raw_data[0] == 1) || - req->auth_type == SOCKS_USER_PASS) { + if (!req->got_auth && (raw_data[0] == 1 || + req->auth_type == SOCKS_USER_PASS)) { int parse_status = parse_socks5_userpass_auth(raw_data, req, datalen, drain_out); @@ -540,6 +664,23 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *r res = 0; goto end; + } else { + int parse_status = parse_socks5_client_request(raw_data, req, + datalen, drain_out); + if (parse_status != 1) { + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + res = parse_status; + goto end; + } + + int process_status = process_socks5_client_request(req, + log_sockstype, + safe_socks); + + if (process_status != 1) { + res = process_status; + goto end; + } } } else { *drain_out = datalen; @@ -590,11 +731,10 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, goto end; } - buf_pullup(buf, datalen, &head, &datalen); // XXX - do { n_drain = 0; - //buf_pullup(buf, want_length, &head, &datalen); + buf_pullup(buf, MAX(want_length, buf_datalen(buf)), + &head, &datalen); tor_assert(head && datalen >= 2); want_length = 0; @@ -605,10 +745,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, buf_clear(buf); else if (n_drain > 0) buf_drain(buf, n_drain); - - datalen = buf_datalen(buf); - } while (res == 0 && head && want_length < buf_datalen(buf) && - buf_datalen(buf) >= 2); + } while (res == 0 && head && buf_datalen(buf) >= 2); end: return res; diff --git a/src/or/socks_request_st.h b/src/or/socks_request_st.h index c650a57739..bdef21a0da 100644 --- a/src/or/socks_request_st.h +++ b/src/or/socks_request_st.h @@ -53,6 +53,8 @@ struct socks_request_t { /** The negotiated password value if any (for socks5). This value is NOT * nul-terminated; see passwordlen for its length. */ char *password; + + uint8_t socks5_atyp; /* SOCKS5 address type */ }; #endif diff --git a/src/test/test_socks.c b/src/test/test_socks.c index cf34e9d435..9645ea32a0 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -646,7 +646,8 @@ test_socks_5_malformed_commands(void *ptr) tt_int_op(5,OP_EQ,socks->socks_version); tt_int_op(10,OP_EQ,socks->replylen); tt_int_op(5,OP_EQ,socks->reply[0]); - tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]); + /* trunnel parsing will fail with -1 */ + tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]); tt_int_op(1,OP_EQ,socks->reply[3]); done: From 94706a427a6ea84e8124bd3bd997d6805149c39d Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 22 May 2018 12:23:32 +0200 Subject: [PATCH 13/24] Add CMD_RESOLVE to socks5_client_request --- src/trunnel/socks5.c | 12 ++++++------ src/trunnel/socks5.trunnel | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 5b8d49d802..7f4702fb5d 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -3477,7 +3477,7 @@ socks5_client_request_get_command(const socks5_client_request_t *inp) int socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val) { - if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { + if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -3600,7 +3600,7 @@ socks5_client_request_check(const socks5_client_request_t *obj) return "A set function failed on this object"; if (! (obj->version == 5)) return "Integer out of bounds"; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) return "Integer out of bounds"; if (! (obj->reserved == 0)) return "Integer out of bounds"; @@ -3639,7 +3639,7 @@ socks5_client_request_encoded_len(const socks5_client_request_t *obj) /* Length of u8 version IN [5] */ result += 1; - /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ result += 1; /* Length of u8 reserved IN [0] */ @@ -3708,7 +3708,7 @@ socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_c trunnel_set_uint8(ptr, (obj->version)); written += 1; ptr += 1; - /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -3817,11 +3817,11 @@ socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *in if (! (obj->version == 5)) goto fail; - /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ + /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */ CHECK_REMAINING(1, truncated); obj->command = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) + if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE)) goto fail; /* Parse u8 reserved IN [0] */ diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index b6b8a34f2b..d70ad639e2 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -30,7 +30,7 @@ struct domainname { struct socks5_client_request { u8 version IN [5]; - u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE_PTR]; + u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE, CMD_RESOLVE_PTR]; u8 reserved IN [0]; u8 atype; union dest_addr[atype] { From d2e54ff8a5826980211cfecd9f289379aa222382 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 22 May 2018 13:53:34 +0200 Subject: [PATCH 14/24] Remove legacy SOCKS5 phase 2 code --- src/or/proto_socks.c | 121 ------------------------------------------- 1 file changed, 121 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 84ea58778e..6ed8f6e170 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -804,9 +804,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out, size_t *want_length_out) { - unsigned int len; - char tmpbuf[TOR_ADDR_BUF_LEN+1]; - tor_addr_t destaddr; uint8_t socksver; if (datalen < 2) { @@ -825,124 +822,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } switch (socksver) { /* which version of socks? */ - case 5: /* socks5 */ - if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) { - log_warn(LD_APP, - "socks5: negotiated authentication, but none provided"); - return -1; - } - /* we know the method; read in the request */ - log_debug(LD_APP,"socks5: checking request"); - if (datalen < 7) {/* basic info plus >=1 for addr plus 2 for port */ - *want_length_out = 7; - return 0; /* not yet */ - } - req->command = (unsigned char) *(data+1); - if (req->command != SOCKS_COMMAND_CONNECT && - req->command != SOCKS_COMMAND_RESOLVE && - req->command != SOCKS_COMMAND_RESOLVE_PTR) { - /* not a connect or resolve or a resolve_ptr? we don't support it. */ - socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); - - log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.", - req->command); - return -1; - } - switch (*(data+3)) { /* address type */ - case 1: /* IPv4 address */ - case 4: /* IPv6 address */ { - const int is_v6 = *(data+3) == 4; - const unsigned addrlen = is_v6 ? 16 : 4; - log_debug(LD_APP,"socks5: ipv4 address type"); - if (datalen < 6+addrlen) {/* ip/port there? */ - *want_length_out = 6+addrlen; - return 0; /* not yet */ - } - - if (is_v6) - tor_addr_from_ipv6_bytes(&destaddr, data+4); - else - tor_addr_from_ipv4n(&destaddr, get_uint32(data+4)); - - tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1); - - if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- This branch is unreachable, given the - * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 IP takes %d bytes, which doesn't fit in %d. " - "Rejecting.", - (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - strlcpy(req->address,tmpbuf,sizeof(req->address)); - req->port = ntohs(get_uint16(data+4+addrlen)); - *drain_out = 6+addrlen; - if (req->command != SOCKS_COMMAND_RESOLVE_PTR && - !addressmap_have_mapping(req->address,0)) { - log_unsafe_socks_warning(5, req->address, req->port, safe_socks); - if (safe_socks) { - socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); - return -1; - } - } - return 1; - } - case 3: /* fqdn */ - log_debug(LD_APP,"socks5: fqdn address type"); - if (req->command == SOCKS_COMMAND_RESOLVE_PTR) { - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " - "hostname type. Rejecting."); - return -1; - } - len = (unsigned char)*(data+4); - if (datalen < 7+len) { /* addr/port there? */ - *want_length_out = 7+len; - return 0; /* not yet */ - } - if (BUG(len+1 > MAX_SOCKS_ADDR_LEN)) { - /* LCOV_EXCL_START -- unreachable, since len is at most 255, - * and MAX_SOCKS_ADDR_LEN is 256. */ - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - log_warn(LD_APP, - "socks5 hostname is %d bytes, which doesn't fit in " - "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN); - return -1; - /* LCOV_EXCL_STOP */ - } - memcpy(req->address,data+5,len); - req->address[len] = 0; - req->port = ntohs(get_uint16(data+5+len)); - *drain_out = 5+len+2; - - if (!string_is_valid_dest(req->address)) { - socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - - log_warn(LD_PROTOCOL, - "Your application (using socks5 to port %d) gave Tor " - "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped_safe_str_client(req->address)); - return -1; - } - if (log_sockstype) - log_notice(LD_APP, - "Your application (using socks5 to port %d) instructed " - "Tor to take care of the DNS resolution itself if " - "necessary. This is good.", req->port); - return 1; - default: /* unsupported */ - socks_request_set_socks5_error(req, - SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); - log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.", - (int) *(data+3)); - return -1; - } - tor_assert(0); - break; case 'G': /* get */ case 'H': /* head */ case 'P': /* put/post */ From fb105404f27a713f3192cb3a376ddc5fc257ccd9 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 22 May 2018 13:59:07 +0200 Subject: [PATCH 15/24] Fix whitespace/formatting --- src/or/proto_socks.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 6ed8f6e170..17589fad34 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -181,7 +181,6 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, } } - end: socks4_client_request_free(trunnel_req); @@ -362,7 +361,6 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, socks5_client_userpass_auth_t *trunnel_req = NULL; ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, datalen); - tor_assert(drain_out); *drain_out = 0; @@ -460,7 +458,8 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, int res = 1; tor_addr_t destaddr; socks5_client_request_t *trunnel_req = NULL; - ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); + ssize_t parsed = + socks5_client_request_parse(&trunnel_req, raw_data, datalen); if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid client request"); res = -1; @@ -493,7 +492,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); } break; case 3: { - const struct domainname_st *dns_name = + const struct domainname_st *dns_name = socks5_client_request_getconst_dest_addr_domainname(trunnel_req); const char *hostname = domainname_getconstarray_name(dns_name); @@ -502,7 +501,8 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, } break; case 4: { const char *ipv6 = - (const char *)socks5_client_request_getarray_dest_addr_ipv6(trunnel_req); + (const char *)socks5_client_request_getarray_dest_addr_ipv6( + trunnel_req); tor_addr_from_ipv6_bytes(&destaddr, ipv6); tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); @@ -552,7 +552,7 @@ process_socks5_client_request(socks_request_t *req, req->port, escaped_safe_str_client(req->address)); res = -1; - goto end;; + goto end; } if (req->socks5_atyp == 1 || req->socks5_atyp == 4) { @@ -578,8 +578,9 @@ process_socks5_client_request(socks_request_t *req, } static int -handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out) +handle_socks_message(const uint8_t *raw_data, size_t datalen, + socks_request_t *req, int log_sockstype, + int safe_socks, size_t *drain_out) { int res = 1; @@ -733,7 +734,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, do { n_drain = 0; - buf_pullup(buf, MAX(want_length, buf_datalen(buf)), + buf_pullup(buf, MAX(want_length, buf_datalen(buf)), &head, &datalen); tor_assert(head && datalen >= 2); want_length = 0; From 01cf3007b56fdd53ecc757c54f30393c206458de Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 22 May 2018 16:28:15 +0200 Subject: [PATCH 16/24] Make a distinction between truncated message and expecting more messages --- src/or/proto_socks.c | 204 +++++++++++++++++++++++-------------------- 1 file changed, 107 insertions(+), 97 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 17589fad34..0c48d597ec 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -17,12 +17,23 @@ #include "trunnel/socks5.h" #include "or/socks_request_st.h" +typedef enum { + SOCKS_RESULT_INVALID = -1, + SOCKS_RESULT_TRUNCATED = 0, + SOCKS_RESULT_DONE = 1, + SOCKS_RESULT_MORE_EXPECTED = 2, +} socks_result_t; + static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason); -static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out, - size_t *want_length_out); +static socks_result_t parse_socks(const char *data, + size_t datalen, + socks_request_t *req, + int log_sockstype, + int safe_socks, + size_t *drain_out, + size_t *want_length_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, ssize_t *drain_out); @@ -86,13 +97,13 @@ socks_request_free_(socks_request_t *req) tor_free(req); } -static int +static socks_result_t parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *is_socks4a, size_t *drain_out) { // http://ss5.sourceforge.net/socks4.protocol.txt // http://ss5.sourceforge.net/socks4A.protocol.txt - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; tor_addr_t destaddr; tor_assert(is_socks4a); @@ -110,13 +121,13 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks4: parsing failed - invalid request."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; if (datalen > 1024) { // XXX log_warn(LD_APP, "socks4: parsing failed - invalid request."); - res = -1; + res = SOCKS_RESULT_INVALID; } goto end; } @@ -133,7 +144,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if ((!req->port && req->command != SOCKS_COMMAND_RESOLVE) || dest_ip == 0) { log_warn(LD_APP, "socks4: Port or DestIP is zero. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -144,7 +155,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (username && usernamelen) { if (usernamelen > MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "Socks4 user name too long; rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -168,7 +179,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, strlcpy(req->address, trunnel_hostname, sizeof(req->address)); } else { log_warn(LD_APP, "socks4: Destaddr too long. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } else { @@ -176,7 +187,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, if (!tor_addr_to_str(req->address, &destaddr, MAX_SOCKS_ADDR_LEN, 0)) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } @@ -205,7 +216,7 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, log_unsafe_socks_warning(4, req->address, req->port, safe_socks); if (safe_socks) - return -1; + return SOCKS_RESULT_INVALID; } if (req->command != SOCKS_COMMAND_CONNECT && @@ -214,7 +225,7 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, * socks4.) */ log_warn(LD_APP, "socks4: command %d not recognized. Rejecting.", req->command); - return -1; + return SOCKS_RESULT_INVALID; } if (is_socks4a) { @@ -230,18 +241,18 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, "Your application (using socks4 to port %d) gave Tor " "a malformed hostname: %s. Rejecting the connection.", req->port, escaped_safe_str_client(req->address)); - return -1; + return SOCKS_RESULT_INVALID; } - return 1; + return SOCKS_RESULT_DONE; } -static int +static socks_result_t parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *have_user_pass, int *have_no_auth, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_client_version_t *trunnel_req; ssize_t parsed = socks5_client_version_parse(&trunnel_req, raw_data, @@ -258,14 +269,14 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; if (datalen > 1024) { // XXX log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); - res = -1; + res = SOCKS_RESULT_INVALID; } goto end; } @@ -275,7 +286,7 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req); if (n_methods == 0) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -299,11 +310,11 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_methods_request(socks_request_t *req, int have_user_pass, int have_no_auth) { - int res = 0; + socks_result_t res = SOCKS_RESULT_DONE; socks5_server_method_t *trunnel_resp = socks5_server_method_new(); socks5_server_method_set_version(trunnel_resp, 5); @@ -328,14 +339,14 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, "socks5: offered methods don't include 'no auth' or " "username/password. Rejecting."); socks5_server_method_set_method(trunnel_resp, 0xFF); // reject all - res = -1; + res = SOCKS_RESULT_INVALID; } const char *errmsg = socks5_server_method_check(trunnel_resp); if (errmsg) { log_warn(LD_APP, "socks5: method selection validation failed: %s", errmsg); - res = -1; + res = SOCKS_RESULT_INVALID; } else { ssize_t encoded = socks5_server_method_encode(req->reply, sizeof(req->reply), @@ -343,7 +354,7 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, if (encoded < 0) { log_warn(LD_APP, "socks5: method selection encoding failed"); - res = -1; + res = SOCKS_RESULT_INVALID; } else { req->replylen = (size_t)encoded; } @@ -353,11 +364,11 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } -static int +static socks_result_t parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_client_userpass_auth_t *trunnel_req = NULL; ssize_t parsed = socks5_client_userpass_auth_parse(&trunnel_req, raw_data, datalen); @@ -367,10 +378,10 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid user/pass " "authentication message."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; goto end; } @@ -405,21 +416,21 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_userpass_auth(socks_request_t *req) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; socks5_server_userpass_auth_t *trunnel_resp = socks5_server_userpass_auth_new(); if (req->socks_version != 5) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } if (req->auth_type != SOCKS_USER_PASS && req->auth_type != SOCKS_NO_AUTH) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -430,7 +441,7 @@ process_socks5_userpass_auth(socks_request_t *req) if (errmsg) { log_warn(LD_APP, "socks5: server userpass auth validation failed: %s", errmsg); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -440,7 +451,7 @@ process_socks5_userpass_auth(socks_request_t *req) if (encoded < 0) { log_warn(LD_APP, "socks5: server userpass auth encoding failed"); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -451,21 +462,21 @@ process_socks5_userpass_auth(socks_request_t *req) return res; } -static int +static socks_result_t parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; tor_addr_t destaddr; socks5_client_request_t *trunnel_req = NULL; ssize_t parsed = socks5_client_request_parse(&trunnel_req, raw_data, datalen); if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid client request"); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } else if (parsed == -2) { - res = 0; + res = SOCKS_RESULT_TRUNCATED; goto end; } @@ -473,7 +484,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, *drain_out = (size_t)parsed; if (socks5_client_request_get_version(trunnel_req) != 5) { - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -517,18 +528,18 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, return res; } -static int +static socks_result_t process_socks5_client_request(socks_request_t *req, int log_sockstype, int safe_socks) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; if (req->command != SOCKS_COMMAND_CONNECT && req->command != SOCKS_COMMAND_RESOLVE && req->command != SOCKS_COMMAND_RESOLVE_PTR) { socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -539,7 +550,7 @@ process_socks5_client_request(socks_request_t *req, log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " "hostname type. Rejecting."); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -551,7 +562,7 @@ process_socks5_client_request(socks_request_t *req, "a malformed hostname: %s. Rejecting the connection.", req->port, escaped_safe_str_client(req->address)); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } @@ -561,7 +572,7 @@ process_socks5_client_request(socks_request_t *req, log_unsafe_socks_warning(5, req->address, req->port, safe_socks); if (safe_socks) { socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED); - res = -1; + res = SOCKS_RESULT_INVALID; goto end; } } @@ -577,12 +588,12 @@ process_socks5_client_request(socks_request_t *req, return res; } -static int +static socks_result_t handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) { - int res = 1; + socks_result_t res = SOCKS_RESULT_DONE; uint8_t socks_version = raw_data[0]; @@ -596,25 +607,20 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, } int is_socks4a = 0; - int parse_status = - parse_socks4_request((const uint8_t *)raw_data, req, datalen, - &is_socks4a, drain_out); + res = parse_socks4_request((const uint8_t *)raw_data, req, datalen, + &is_socks4a, drain_out); - if (parse_status != 1) { - res = parse_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks4_request(req, is_socks4a, - log_sockstype, - safe_socks); + res = process_socks4_request(req, is_socks4a,log_sockstype, + safe_socks); - if (process_status != 1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 1; goto end; } else if (socks_version == 5) { if (datalen < 2) { /* version and another byte */ @@ -624,68 +630,58 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, /* RFC1929 SOCKS5 username/password subnegotiation. */ if (!req->got_auth && (raw_data[0] == 1 || req->auth_type == SOCKS_USER_PASS)) { - int parse_status = parse_socks5_userpass_auth(raw_data, req, datalen, - drain_out); + res = parse_socks5_userpass_auth(raw_data, req, datalen, + drain_out); - if (parse_status != 1) { - res = parse_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks5_userpass_auth(req); - if (process_status != 1) { - res = process_status; + res = process_socks5_userpass_auth(req); + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 0; + res = SOCKS_RESULT_MORE_EXPECTED; goto end; } else if (req->socks_version != 5) { int have_user_pass, have_no_auth; - int parse_status = parse_socks5_methods_request(raw_data, - req, - datalen, - &have_user_pass, - &have_no_auth, - drain_out); + res = parse_socks5_methods_request(raw_data, req, datalen, + &have_user_pass, + &have_no_auth, + drain_out); - if (parse_status != 1) { - res = parse_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - int process_status = process_socks5_methods_request(req, - have_user_pass, - have_no_auth); + res = process_socks5_methods_request(req, have_user_pass, + have_no_auth); - if (process_status == -1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } - res = 0; + res = SOCKS_RESULT_MORE_EXPECTED; goto end; } else { - int parse_status = parse_socks5_client_request(raw_data, req, - datalen, drain_out); - if (parse_status != 1) { + res = parse_socks5_client_request(raw_data, req, + datalen, drain_out); + if (res != SOCKS_RESULT_DONE) { socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); - res = parse_status; goto end; } - int process_status = process_socks5_client_request(req, - log_sockstype, - safe_socks); + res = process_socks5_client_request(req, log_sockstype, + safe_socks); - if (process_status != 1) { - res = process_status; + if (res != SOCKS_RESULT_DONE) { goto end; } } } else { *drain_out = datalen; - res = -1; + res = SOCKS_RESULT_INVALID; } end: @@ -726,6 +722,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, size_t n_drain; size_t want_length = 128; const char *head = NULL; + socks_result_t socks_res; if (buf_datalen(buf) < 2) { /* version and another byte */ res = 0; @@ -739,13 +736,26 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, tor_assert(head && datalen >= 2); want_length = 0; - res = parse_socks(head, datalen, req, log_sockstype, - safe_socks, &n_drain, &want_length); + socks_res = parse_socks(head, datalen, req, log_sockstype, + safe_socks, &n_drain, &want_length); - if (res == -1) + if (socks_res == SOCKS_RESULT_INVALID) buf_clear(buf); - else if (n_drain > 0) + else if (socks_res != SOCKS_RESULT_TRUNCATED && n_drain > 0) buf_drain(buf, n_drain); + + switch (socks_res) { + case SOCKS_RESULT_INVALID: + res = -1; + break; + case SOCKS_RESULT_DONE: + res = 1; + break; + case SOCKS_RESULT_TRUNCATED: + case SOCKS_RESULT_MORE_EXPECTED: + res = 0; + break; + } } while (res == 0 && head && buf_datalen(buf) >= 2); end: From 58cb2ed24381d29458927c68e56aca0cae4b0f2e Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 23 May 2018 11:44:43 +0200 Subject: [PATCH 17/24] Fix buf_t advancement in fetch_buf_from_socks We pullup 512 bytes of input to make sure that at least one SOCKS message ends up in head of linked list --- src/or/proto_socks.c | 24 +++++++++++------------- src/test/test_socks.c | 4 ++-- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 0c48d597ec..9f6073d2a6 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -32,8 +32,7 @@ static socks_result_t parse_socks(const char *data, socks_request_t *req, int log_sockstype, int safe_socks, - size_t *drain_out, - size_t *want_length_out); + size_t *drain_out); static int parse_socks_client(const uint8_t *data, size_t datalen, int state, char **reason, ssize_t *drain_out); @@ -125,7 +124,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, goto end; } else if (parsed == -2) { res = SOCKS_RESULT_TRUNCATED; - if (datalen > 1024) { // XXX + if (datalen >= MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "socks4: parsing failed - invalid request."); res = SOCKS_RESULT_INVALID; } @@ -273,7 +272,7 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, goto end; } else if (parsed == -2) { res = SOCKS_RESULT_TRUNCATED; - if (datalen > 1024) { // XXX + if (datalen > MAX_SOCKS_MESSAGE_LEN) { log_warn(LD_APP, "socks5: parsing failed - invalid version " "id/method selection message."); res = SOCKS_RESULT_INVALID; @@ -720,9 +719,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int res = 0; size_t datalen = buf_datalen(buf); size_t n_drain; - size_t want_length = 128; const char *head = NULL; socks_result_t socks_res; + size_t n_pullup; if (buf_datalen(buf) < 2) { /* version and another byte */ res = 0; @@ -731,13 +730,12 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, do { n_drain = 0; - buf_pullup(buf, MAX(want_length, buf_datalen(buf)), - &head, &datalen); + n_pullup = MIN(MAX_SOCKS_MESSAGE_LEN, buf_datalen(buf)); + buf_pullup(buf, n_pullup, &head, &datalen); tor_assert(head && datalen >= 2); - want_length = 0; socks_res = parse_socks(head, datalen, req, log_sockstype, - safe_socks, &n_drain, &want_length); + safe_socks, &n_drain); if (socks_res == SOCKS_RESULT_INVALID) buf_clear(buf); @@ -752,6 +750,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, res = 1; break; case SOCKS_RESULT_TRUNCATED: + if (datalen == n_pullup) + return 0; + /* FALLTHRU */ case SOCKS_RESULT_MORE_EXPECTED: res = 0; break; @@ -812,14 +813,12 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = * we'd like to see in the input buffer, if they're available. */ static int parse_socks(const char *data, size_t datalen, socks_request_t *req, - int log_sockstype, int safe_socks, size_t *drain_out, - size_t *want_length_out) + int log_sockstype, int safe_socks, size_t *drain_out) { uint8_t socksver; if (datalen < 2) { /* We always need at least 2 bytes. */ - *want_length_out = 2; return 0; } @@ -827,7 +826,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, if (socksver == 5 || socksver == 4 || socksver == 1) { // XXX: RFC 1929 - *want_length_out = 128; // TODO remove this arg later return handle_socks_message((const uint8_t *)data, datalen, req, log_sockstype, safe_socks, drain_out); } diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 9645ea32a0..e1c5db6ee6 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -142,7 +142,7 @@ test_socks_4_bad_arguments(void *ptr) get_options()->SafeSocks), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("Port or DestIP is zero."); // !!! + expect_log_msg_containing("Port or DestIP is zero."); mock_clean_saved_logs(); /* Try with 0 port */ @@ -164,7 +164,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); - expect_log_msg_containing("user name too long; rejecting."); + expect_log_msg_containing("socks4: parsing failed - invalid request."); mock_clean_saved_logs(); /* Try with 2000-byte hostname */ From a6af21c1b7f1751b96352a5080e0b3fb7e6201a9 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 23 May 2018 13:08:47 +0200 Subject: [PATCH 18/24] Document new code --- src/or/proto_socks.c | 96 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 92 insertions(+), 4 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 9f6073d2a6..dab349bbea 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -18,10 +18,10 @@ #include "or/socks_request_st.h" typedef enum { - SOCKS_RESULT_INVALID = -1, - SOCKS_RESULT_TRUNCATED = 0, - SOCKS_RESULT_DONE = 1, - SOCKS_RESULT_MORE_EXPECTED = 2, + SOCKS_RESULT_INVALID = -1, /* Message invalid. */ + SOCKS_RESULT_TRUNCATED = 0, /* Message incomplete/truncated. */ + SOCKS_RESULT_DONE = 1, /* OK, we're done. */ + SOCKS_RESULT_MORE_EXPECTED = 2, /* OK, more messages expected. */ } socks_result_t; static void socks_request_set_socks5_error(socks_request_t *req, @@ -96,6 +96,16 @@ socks_request_free_(socks_request_t *req) tor_free(req); } +/** + * Parse a single SOCKS4 request from buffer raw_data of length + * datalen and update relevant fields of req. If SOCKS4a + * request is detected, set *is_socks4a to true. Set *drain_out + * to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *is_socks4a, size_t *drain_out) @@ -246,6 +256,17 @@ process_socks4_request(const socks_request_t *req, int is_socks4a, return SOCKS_RESULT_DONE; } +/** Parse a single SOCKS5 version identifier/method selection message + * from buffer raw_data (of length datalen). Update + * relevant fields of req (if any). Set *have_user_pass to + * true if username/password method is found. Set *have_no_auth + * if no-auth method is found. Set *drain_out to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, int *have_user_pass, @@ -309,6 +330,16 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to version identifier/method selection message + * we parsed in parse_socks5_methods_request (corresponding to req + * and having user/pass method if have_user_pass is true, no-auth + * method if have_no_auth is true). Set req->reply to + * an appropriate response (in SOCKS5 wire format). + * + * On success, return SOCKS_RESULT_DONE. On failure, return + * SOCKS_RESULT_INVALID. + */ static socks_result_t process_socks5_methods_request(socks_request_t *req, int have_user_pass, int have_no_auth) @@ -363,6 +394,16 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, return res; } +/** + * Parse SOCKS5/RFC1929 username/password request from buffer + * raw_data of length datalen and update relevant + * fields of req. Set *drain_out to number of bytes + * we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) @@ -415,6 +456,12 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to SOCKS5 username/password request we + * parsed in parse_socks5_userpass_auth (corresponding to req. + * Set req->reply to appropriate responsed. Return + * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure. + */ static socks_result_t process_socks5_userpass_auth(socks_request_t *req) { @@ -461,6 +508,15 @@ process_socks5_userpass_auth(socks_request_t *req) return res; } +/** + * Parse a single SOCKS5 client request (RFC 1928 section 4) from buffer + * raw_data of length datalen and update relevant field of + * req. Set *drain_out to number of bytes we parsed so far. + * + * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if + * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it + * failed due to incomplete (truncated) input. + */ static socks_result_t parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, size_t datalen, size_t *drain_out) @@ -527,6 +583,16 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, return res; } +/** + * Validate and respond to SOCKS5 request we parsed in + * parse_socks5_client_request (corresponding to req. + * Write appropriate response to req->reply (in + * SOCKS5 wire format). If log_sockstype is true, log a + * notice about possible DNS leaks on local system. If + * safe_socks is true, disallow insecure usage of SOCKS + * protocol. Return SOCKS_RESULT_DONE on success or + * SOCKS_RESULT_INVALID on failure. + */ static socks_result_t process_socks5_client_request(socks_request_t *req, int log_sockstype, @@ -587,6 +653,28 @@ process_socks5_client_request(socks_request_t *req, return res; } +/** + * Handle (parse, validate, process, respond) a single SOCKS + * message in buffer raw_data of length datalen. + * Update relevant fields of req. If log_sockstype + * is true, log a warning about possible DNS leaks on local + * system. If safe_socks is true, disallow insecure + * usage of SOCKS protocol. Set *drain_out to number + * of bytes in raw_data that we processed so far and + * that can be safely drained from buffer. + * + * Return: + * - SOCKS_RESULT_DONE if succeeded and not expecting further + * messages from client. + * - SOCKS_RESULT_INVALID if any of the steps failed due to + * request being invalid or unexpected given current state. + * - SOCKS_RESULT_TRUNCATED if we do not found an expected + * SOCKS message in its entirety (more stuff has to arrive + * from client). + * - SOCKS_RESULT_MORE_EXPECTED if we handled current message + * successfully, but we expect more messages from the + * client. + */ static socks_result_t handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req, int log_sockstype, From 4c845fcf9e5b009a5e8d29f4c54eb7a98513e436 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 23 May 2018 14:38:13 +0200 Subject: [PATCH 19/24] Rework socks_request_set_socks5_error() with trunnel --- src/or/proto_socks.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index dab349bbea..9dbd688b75 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -858,12 +858,31 @@ static void socks_request_set_socks5_error(socks_request_t *req, socks5_reply_status_t reason) { - req->replylen = 10; - memset(req->reply,0,10); + socks5_server_reply_t *trunnel_resp = socks5_server_reply_new(); - req->reply[0] = 0x05; // VER field. - req->reply[1] = reason; // REP field. - req->reply[3] = 0x01; // ATYP field. + socks5_server_reply_set_version(trunnel_resp, 0x05); + socks5_server_reply_set_reply(trunnel_resp, reason); + socks5_server_reply_set_atype(trunnel_resp, 0x01); + + const char *errmsg = socks5_server_reply_check(trunnel_resp); + if (errmsg) { + log_warn(LD_APP, "socks5: reply validation failed: %s", + errmsg); + goto end; + } + + ssize_t encoded = socks5_server_reply_encode(req->reply, + sizeof(req->reply), + trunnel_resp); + if (encoded < 0) { + log_warn(LD_APP, "socks5: reply encoding failed: %d", + (int)encoded); + } else { + req->replylen = (size_t)encoded; + } + + end: + socks5_server_reply_free(trunnel_resp); } static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] = From 2f284d3325f60ad4e4744504588ee62dd62779e9 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 23 May 2018 14:53:07 +0200 Subject: [PATCH 20/24] Add changes file --- changes/ticket3569_part1 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changes/ticket3569_part1 diff --git a/changes/ticket3569_part1 b/changes/ticket3569_part1 new file mode 100644 index 0000000000..4032aff4d2 --- /dev/null +++ b/changes/ticket3569_part1 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Rework Tor SOCKS server code to use Trunnel and benefit from + autogenerated functions for parsing and generating SOCKS wire + format. New implementation is cleaner, more maintainable and + should be less prone to heartbleed-style vulnerabilities. + Implements a significant fraction of ticket 3569. From f27dc41627517ebec3feae6ca00eee544d9dcd59 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 26 Jun 2018 19:31:26 +0300 Subject: [PATCH 21/24] Remove prop229 stuff from socks5.trunnel --- src/trunnel/socks5.c | 1076 ------------------------------------ src/trunnel/socks5.h | 376 ------------- src/trunnel/socks5.trunnel | 22 - 3 files changed, 1474 deletions(-) diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c index 7f4702fb5d..9e5f6fcfed 100644 --- a/src/trunnel/socks5.c +++ b/src/trunnel/socks5.c @@ -3029,400 +3029,6 @@ socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const } return result; } -tor_socksauth_keyval_t * -tor_socksauth_keyval_new(void) -{ - tor_socksauth_keyval_t *val = trunnel_calloc(1, sizeof(tor_socksauth_keyval_t)); - if (NULL == val) - return NULL; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -tor_socksauth_keyval_clear(tor_socksauth_keyval_t *obj) -{ - (void) obj; - TRUNNEL_DYNARRAY_WIPE(&obj->key); - TRUNNEL_DYNARRAY_CLEAR(&obj->key); - TRUNNEL_DYNARRAY_WIPE(&obj->val); - TRUNNEL_DYNARRAY_CLEAR(&obj->val); -} - -void -tor_socksauth_keyval_free(tor_socksauth_keyval_t *obj) -{ - if (obj == NULL) - return; - tor_socksauth_keyval_clear(obj); - trunnel_memwipe(obj, sizeof(tor_socksauth_keyval_t)); - trunnel_free_(obj); -} - -uint16_t -tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp) -{ - return inp->keylen; -} -int -tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val) -{ - inp->keylen = val; - return 0; -} -size_t -tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->key); -} - -char -tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->key, idx); -} - -char -tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx) -{ - return tor_socksauth_keyval_get_key((tor_socksauth_keyval_t*)inp, idx); -} -int -tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt) -{ - TRUNNEL_DYNARRAY_SET(&inp->key, idx, elt); - return 0; -} -int -tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt) -{ -#if SIZE_MAX >= UINT16_MAX - if (inp->key.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(char, &inp->key, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} - -char * -tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp) -{ - return inp->key.elts_; -} -const char * -tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp) -{ - return (const char *)tor_socksauth_keyval_getarray_key((tor_socksauth_keyval_t*)inp); -} -int -tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen) -{ -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - return trunnel_string_setlen(&inp->key, newlen, - &inp->trunnel_error_code_); - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} -const char * -tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp) -{ - return trunnel_string_getstr(&inp->key); -} -int -tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len) -{ -#if UINT16_MAX < SIZE_MAX - if (len > UINT16_MAX) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } -#endif - return trunnel_string_setstr0(&inp->key, val, len, &inp->trunnel_error_code_); -} -int -tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val) -{ - return tor_socksauth_keyval_setstr0_key(inp, val, strlen(val)); -} -uint16_t -tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp) -{ - return inp->vallen; -} -int -tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val) -{ - inp->vallen = val; - return 0; -} -size_t -tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->val); -} - -char -tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->val, idx); -} - -char -tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx) -{ - return tor_socksauth_keyval_get_val((tor_socksauth_keyval_t*)inp, idx); -} -int -tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt) -{ - TRUNNEL_DYNARRAY_SET(&inp->val, idx, elt); - return 0; -} -int -tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt) -{ -#if SIZE_MAX >= UINT16_MAX - if (inp->val.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(char, &inp->val, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} - -char * -tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp) -{ - return inp->val.elts_; -} -const char * -tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp) -{ - return (const char *)tor_socksauth_keyval_getarray_val((tor_socksauth_keyval_t*)inp); -} -int -tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen) -{ -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - return trunnel_string_setlen(&inp->val, newlen, - &inp->trunnel_error_code_); - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} -const char * -tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp) -{ - return trunnel_string_getstr(&inp->val); -} -int -tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len) -{ -#if UINT16_MAX < SIZE_MAX - if (len > UINT16_MAX) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } -#endif - return trunnel_string_setstr0(&inp->val, val, len, &inp->trunnel_error_code_); -} -int -tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val) -{ - return tor_socksauth_keyval_setstr0_val(inp, val, strlen(val)); -} -const char * -tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (TRUNNEL_DYNARRAY_LEN(&obj->key) != obj->keylen) - return "Length mismatch for key"; - if (TRUNNEL_DYNARRAY_LEN(&obj->val) != obj->vallen) - return "Length mismatch for val"; - return NULL; -} - -ssize_t -tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj) -{ - ssize_t result = 0; - - if (NULL != tor_socksauth_keyval_check(obj)) - return -1; - - - /* Length of u16 keylen */ - result += 2; - - /* Length of char key[keylen] */ - result += TRUNNEL_DYNARRAY_LEN(&obj->key); - - /* Length of u16 vallen */ - result += 2; - - /* Length of char val[vallen] */ - result += TRUNNEL_DYNARRAY_LEN(&obj->val); - return result; -} -int -tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -tor_socksauth_keyval_encode(uint8_t *output, const size_t avail, const tor_socksauth_keyval_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_socksauth_keyval_encoded_len(obj); -#endif - - if (NULL != (msg = tor_socksauth_keyval_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u16 keylen */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->keylen)); - written += 2; ptr += 2; - - /* Encode char key[keylen] */ - { - size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->key); - trunnel_assert(obj->keylen == elt_len); - trunnel_assert(written <= avail); - if (avail - written < elt_len) - goto truncated; - if (elt_len) - memcpy(ptr, obj->key.elts_, elt_len); - written += elt_len; ptr += elt_len; - } - - /* Encode u16 vallen */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->vallen)); - written += 2; ptr += 2; - - /* Encode char val[vallen] */ - { - size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->val); - trunnel_assert(obj->vallen == elt_len); - trunnel_assert(written <= avail); - if (avail - written < elt_len) - goto truncated; - if (elt_len) - memcpy(ptr, obj->val.elts_, elt_len); - written += elt_len; ptr += elt_len; - } - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As tor_socksauth_keyval_parse(), but do not allocate the output - * object. - */ -static ssize_t -tor_socksauth_keyval_parse_into(tor_socksauth_keyval_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u16 keylen */ - CHECK_REMAINING(2, truncated); - obj->keylen = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse char key[keylen] */ - CHECK_REMAINING(obj->keylen, truncated); - if (tor_socksauth_keyval_setstr0_key(obj, (const char*)ptr, obj->keylen)) - goto fail; - ptr += obj->keylen; remaining -= obj->keylen; - - /* Parse u16 vallen */ - CHECK_REMAINING(2, truncated); - obj->vallen = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse char val[vallen] */ - CHECK_REMAINING(obj->vallen, truncated); - if (tor_socksauth_keyval_setstr0_val(obj, (const char*)ptr, obj->vallen)) - goto fail; - ptr += obj->vallen; remaining -= obj->vallen; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - fail: - result = -1; - return result; -} - -ssize_t -tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = tor_socksauth_keyval_new(); - if (NULL == *output) - return -1; - result = tor_socksauth_keyval_parse_into(*output, input, len_in); - if (result < 0) { - tor_socksauth_keyval_free(*output); - *output = NULL; - } - return result; -} socks5_client_request_t * socks5_client_request_new(void) { @@ -4370,685 +3976,3 @@ socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, } return result; } -tor_extended_socks_auth_request_t * -tor_extended_socks_auth_request_new(void) -{ - tor_extended_socks_auth_request_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_request_t)); - if (NULL == val) - return NULL; - val->version = 1; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -tor_extended_socks_auth_request_clear(tor_extended_socks_auth_request_t *obj) -{ - (void) obj; - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - TRUNNEL_DYNARRAY_WIPE(&obj->pairs); - TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); -} - -void -tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *obj) -{ - if (obj == NULL) - return; - tor_extended_socks_auth_request_clear(obj); - trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_request_t)); - trunnel_free_(obj); -} - -uint8_t -tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp) -{ - return inp->version; -} -int -tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val) -{ - if (! ((val == 1))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint16_t -tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp) -{ - return inp->npairs; -} -int -tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val) -{ - inp->npairs = val; - return 0; -} -size_t -tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->pairs); -} - -struct tor_socksauth_keyval_st * -tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); -} - - const struct tor_socksauth_keyval_st * -tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx) -{ - return tor_extended_socks_auth_request_get_pairs((tor_extended_socks_auth_request_t*)inp, idx); -} -int -tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); - if (oldval && oldval != elt) - tor_socksauth_keyval_free(oldval); - return tor_extended_socks_auth_request_set0_pairs(inp, idx, elt); -} -int -tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); - return 0; -} -int -tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt) -{ -#if SIZE_MAX >= UINT16_MAX - if (inp->pairs.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} - -struct tor_socksauth_keyval_st * * -tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp) -{ - return inp->pairs.elts_; -} -const struct tor_socksauth_keyval_st * const * -tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp) -{ - return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_request_getarray_pairs((tor_extended_socks_auth_request_t*)inp); -} -int -tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen) -{ - struct tor_socksauth_keyval_st * *newptr; -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, - &inp->pairs.n_, inp->pairs.elts_, newlen, - sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, - &inp->trunnel_error_code_); - if (newlen != 0 && newptr == NULL) - goto trunnel_alloc_failed; - inp->pairs.elts_ = newptr; - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} -const char * -tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 1)) - return "Integer out of bounds"; - { - const char *msg; - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) - return msg; - } - } - if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) - return "Length mismatch for pairs"; - return NULL; -} - -ssize_t -tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj) -{ - ssize_t result = 0; - - if (NULL != tor_extended_socks_auth_request_check(obj)) - return -1; - - - /* Length of u8 version IN [1] */ - result += 1; - - /* Length of u16 npairs */ - result += 2; - - /* Length of struct tor_socksauth_keyval pairs[npairs] */ - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - return result; -} -int -tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -tor_extended_socks_auth_request_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_request_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_extended_socks_auth_request_encoded_len(obj); -#endif - - if (NULL != (msg = tor_extended_socks_auth_request_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [1] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u16 npairs */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); - written += 2; ptr += 2; - - /* Encode struct tor_socksauth_keyval pairs[npairs] */ - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - trunnel_assert(written <= avail); - result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - if (result < 0) - goto fail; /* XXXXXXX !*/ - written += result; ptr += result; - } - } - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As tor_extended_socks_auth_request_parse(), but do not allocate - * the output object. - */ -static ssize_t -tor_extended_socks_auth_request_parse_into(tor_extended_socks_auth_request_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [1] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 1)) - goto fail; - - /* Parse u16 npairs */ - CHECK_REMAINING(2, truncated); - obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse struct tor_socksauth_keyval pairs[npairs] */ - TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); - { - tor_socksauth_keyval_t * elt; - unsigned idx; - for (idx = 0; idx < obj->npairs; ++idx) { - result = tor_socksauth_keyval_parse(&elt, ptr, remaining); - if (result < 0) - goto relay_fail; - trunnel_assert((size_t)result <= remaining); - remaining -= result; ptr += result; - TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); - } - } - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - relay_fail: - trunnel_assert(result < 0); - return result; - trunnel_alloc_failed: - return -1; - fail: - result = -1; - return result; -} - -ssize_t -tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = tor_extended_socks_auth_request_new(); - if (NULL == *output) - return -1; - result = tor_extended_socks_auth_request_parse_into(*output, input, len_in); - if (result < 0) { - tor_extended_socks_auth_request_free(*output); - *output = NULL; - } - return result; -} -tor_extended_socks_auth_response_t * -tor_extended_socks_auth_response_new(void) -{ - tor_extended_socks_auth_response_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_response_t)); - if (NULL == val) - return NULL; - val->version = 1; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -tor_extended_socks_auth_response_clear(tor_extended_socks_auth_response_t *obj) -{ - (void) obj; - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - TRUNNEL_DYNARRAY_WIPE(&obj->pairs); - TRUNNEL_DYNARRAY_CLEAR(&obj->pairs); -} - -void -tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *obj) -{ - if (obj == NULL) - return; - tor_extended_socks_auth_response_clear(obj); - trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_response_t)); - trunnel_free_(obj); -} - -uint8_t -tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp) -{ - return inp->version; -} -int -tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val) -{ - if (! ((val == 1))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint8_t -tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp) -{ - return inp->status; -} -int -tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val) -{ - inp->status = val; - return 0; -} -uint16_t -tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp) -{ - return inp->npairs; -} -int -tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val) -{ - inp->npairs = val; - return 0; -} -size_t -tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp) -{ - return TRUNNEL_DYNARRAY_LEN(&inp->pairs); -} - -struct tor_socksauth_keyval_st * -tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx) -{ - return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); -} - - const struct tor_socksauth_keyval_st * -tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx) -{ - return tor_extended_socks_auth_response_get_pairs((tor_extended_socks_auth_response_t*)inp, idx); -} -int -tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx); - if (oldval && oldval != elt) - tor_socksauth_keyval_free(oldval); - return tor_extended_socks_auth_response_set0_pairs(inp, idx, elt); -} -int -tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt) -{ - TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt); - return 0; -} -int -tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt) -{ -#if SIZE_MAX >= UINT16_MAX - if (inp->pairs.n_ == UINT16_MAX) - goto trunnel_alloc_failed; -#endif - TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {}); - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} - -struct tor_socksauth_keyval_st * * -tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp) -{ - return inp->pairs.elts_; -} -const struct tor_socksauth_keyval_st * const * -tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp) -{ - return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_response_getarray_pairs((tor_extended_socks_auth_response_t*)inp); -} -int -tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen) -{ - struct tor_socksauth_keyval_st * *newptr; -#if UINT16_MAX < SIZE_MAX - if (newlen > UINT16_MAX) - goto trunnel_alloc_failed; -#endif - newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_, - &inp->pairs.n_, inp->pairs.elts_, newlen, - sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free, - &inp->trunnel_error_code_); - if (newlen != 0 && newptr == NULL) - goto trunnel_alloc_failed; - inp->pairs.elts_ = newptr; - return 0; - trunnel_alloc_failed: - TRUNNEL_SET_ERROR_CODE(inp); - return -1; -} -const char * -tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 1)) - return "Integer out of bounds"; - { - const char *msg; - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)))) - return msg; - } - } - if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs) - return "Length mismatch for pairs"; - return NULL; -} - -ssize_t -tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj) -{ - ssize_t result = 0; - - if (NULL != tor_extended_socks_auth_response_check(obj)) - return -1; - - - /* Length of u8 version IN [1] */ - result += 1; - - /* Length of u8 status */ - result += 1; - - /* Length of u16 npairs */ - result += 2; - - /* Length of struct tor_socksauth_keyval pairs[npairs] */ - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - } - } - return result; -} -int -tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -tor_extended_socks_auth_response_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_response_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = tor_extended_socks_auth_response_encoded_len(obj); -#endif - - if (NULL != (msg = tor_extended_socks_auth_response_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [1] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u8 status */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->status)); - written += 1; ptr += 1; - - /* Encode u16 npairs */ - trunnel_assert(written <= avail); - if (avail - written < 2) - goto truncated; - trunnel_set_uint16(ptr, trunnel_htons(obj->npairs)); - written += 2; ptr += 2; - - /* Encode struct tor_socksauth_keyval pairs[npairs] */ - { - - unsigned idx; - for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) { - trunnel_assert(written <= avail); - result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx)); - if (result < 0) - goto fail; /* XXXXXXX !*/ - written += result; ptr += result; - } - } - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As tor_extended_socks_auth_response_parse(), but do not allocate - * the output object. - */ -static ssize_t -tor_extended_socks_auth_response_parse_into(tor_extended_socks_auth_response_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [1] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 1)) - goto fail; - - /* Parse u8 status */ - CHECK_REMAINING(1, truncated); - obj->status = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - - /* Parse u16 npairs */ - CHECK_REMAINING(2, truncated); - obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr)); - remaining -= 2; ptr += 2; - - /* Parse struct tor_socksauth_keyval pairs[npairs] */ - TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {}); - { - tor_socksauth_keyval_t * elt; - unsigned idx; - for (idx = 0; idx < obj->npairs; ++idx) { - result = tor_socksauth_keyval_parse(&elt, ptr, remaining); - if (result < 0) - goto relay_fail; - trunnel_assert((size_t)result <= remaining); - remaining -= result; ptr += result; - TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);}); - } - } - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - relay_fail: - trunnel_assert(result < 0); - return result; - trunnel_alloc_failed: - return -1; - fail: - result = -1; - return result; -} - -ssize_t -tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = tor_extended_socks_auth_response_new(); - if (NULL == *output) - return -1; - result = tor_extended_socks_auth_response_parse_into(*output, input, len_in); - if (result < 0) { - tor_extended_socks_auth_response_free(*output); - *output = NULL; - } - return result; -} diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h index d8f13c2abb..d3bea152e7 100644 --- a/src/trunnel/socks5.h +++ b/src/trunnel/socks5.h @@ -82,16 +82,6 @@ struct socks5_server_userpass_auth_st { }; #endif typedef struct socks5_server_userpass_auth_st socks5_server_userpass_auth_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL) -struct tor_socksauth_keyval_st { - uint16_t keylen; - trunnel_string_t key; - uint16_t vallen; - trunnel_string_t val; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_socksauth_keyval_st tor_socksauth_keyval_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_REQUEST) struct socks5_client_request_st { uint8_t version; @@ -120,25 +110,6 @@ struct socks5_server_reply_st { }; #endif typedef struct socks5_server_reply_st socks5_server_reply_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_REQUEST) -struct tor_extended_socks_auth_request_st { - uint8_t version; - uint16_t npairs; - TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_extended_socks_auth_request_st tor_extended_socks_auth_request_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_RESPONSE) -struct tor_extended_socks_auth_response_st { - uint8_t version; - uint8_t status; - uint16_t npairs; - TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct tor_extended_socks_auth_response_st tor_extended_socks_auth_response_t; /** Return a newly allocated domainname with all elements set to zero. */ domainname_t *domainname_new(void); @@ -753,154 +724,6 @@ uint8_t socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth * success; return -1 and set the error code on 'inp' on failure. */ int socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val); -/** Return a newly allocated tor_socksauth_keyval with all elements - * set to zero. - */ -tor_socksauth_keyval_t *tor_socksauth_keyval_new(void); -/** Release all storage held by the tor_socksauth_keyval in 'victim'. - * (Do nothing if 'victim' is NULL.) - */ -void tor_socksauth_keyval_free(tor_socksauth_keyval_t *victim); -/** Try to parse a tor_socksauth_keyval from the buffer in 'input', - * using up to 'len_in' bytes from the input buffer. On success, - * return the number of bytes consumed and set *output to the newly - * allocated tor_socksauth_keyval_t. On failure, return -2 if the - * input appears truncated, and -1 if the input is otherwise invalid. - */ -ssize_t tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_socksauth_keyval in 'obj'. On failure, return a negative value. - * Note that this value may be an overestimate, and can even be an - * underestimate for certain unencodeable objects. - */ -ssize_t tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj); -/** Try to encode the tor_socksauth_keyval from 'input' into the - * buffer at 'output', using up to 'avail' bytes of the output buffer. - * On success, return the number of bytes used. On failure, return -2 - * if the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t tor_socksauth_keyval_encode(uint8_t *output, size_t avail, const tor_socksauth_keyval_t *input); -/** Check whether the internal state of the tor_socksauth_keyval in - * 'obj' is consistent. Return NULL if it is, and a short message if - * it is not. - */ -const char *tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj); -/** Return the value of the keylen field of the tor_socksauth_keyval_t - * in 'inp' - */ -uint16_t tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp); -/** Set the value of the keylen field of the tor_socksauth_keyval_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the key field of - * the tor_socksauth_keyval_t in 'inp'. - */ -size_t tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * key of the tor_socksauth_keyval_t in 'inp'. - */ -char tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx); -/** As tor_socksauth_keyval_get_key, but take and return a const - * pointer - */ -char tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * key of the tor_socksauth_keyval_t in 'inp', so that it will hold - * the value 'elt'. - */ -int tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt); -/** Append a new element 'elt' to the dynamic array field key of the - * tor_socksauth_keyval_t in 'inp'. - */ -int tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt); -/** Return a pointer to the variable-length array field key of 'inp'. - */ -char * tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp); -/** As tor_socksauth_keyval_get_key, but take and return a const - * pointer - */ -const char * tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp); -/** Change the length of the variable-length array field key of 'inp' - * to 'newlen'.Fill extra elements with 0. Return 0 on success; return - * -1 and set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen); -/** Return the value of the key field of a tor_socksauth_keyval_t as a - * NUL-terminated string. - */ -const char * tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp); -/** Set the value of the key field of a tor_socksauth_keyval_t to a - * given string of length 'len'. Return 0 on success; return -1 and - * set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len); -/** Set the value of the key field of a tor_socksauth_keyval_t to a - * given NUL-terminated string. Return 0 on success; return -1 and set - * the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val); -/** Return the value of the vallen field of the tor_socksauth_keyval_t - * in 'inp' - */ -uint16_t tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp); -/** Set the value of the vallen field of the tor_socksauth_keyval_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the val field of - * the tor_socksauth_keyval_t in 'inp'. - */ -size_t tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * val of the tor_socksauth_keyval_t in 'inp'. - */ -char tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx); -/** As tor_socksauth_keyval_get_val, but take and return a const - * pointer - */ -char tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * val of the tor_socksauth_keyval_t in 'inp', so that it will hold - * the value 'elt'. - */ -int tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt); -/** Append a new element 'elt' to the dynamic array field val of the - * tor_socksauth_keyval_t in 'inp'. - */ -int tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt); -/** Return a pointer to the variable-length array field val of 'inp'. - */ -char * tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp); -/** As tor_socksauth_keyval_get_val, but take and return a const - * pointer - */ -const char * tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp); -/** Change the length of the variable-length array field val of 'inp' - * to 'newlen'.Fill extra elements with 0. Return 0 on success; return - * -1 and set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen); -/** Return the value of the val field of a tor_socksauth_keyval_t as a - * NUL-terminated string. - */ -const char * tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp); -/** Set the value of the val field of a tor_socksauth_keyval_t to a - * given string of length 'len'. Return 0 on success; return -1 and - * set the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len); -/** Set the value of the val field of a tor_socksauth_keyval_t to a - * given NUL-terminated string. Return 0 on success; return -1 and set - * the error code on 'inp' on failure. - */ -int tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val); /** Return a newly allocated socks5_client_request with all elements * set to zero. */ @@ -1167,205 +990,6 @@ uint16_t socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp); * code on 'inp' on failure. */ int socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val); -/** Return a newly allocated tor_extended_socks_auth_request with all - * elements set to zero. - */ -tor_extended_socks_auth_request_t *tor_extended_socks_auth_request_new(void); -/** Release all storage held by the tor_extended_socks_auth_request in - * 'victim'. (Do nothing if 'victim' is NULL.) - */ -void tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *victim); -/** Try to parse a tor_extended_socks_auth_request from the buffer in - * 'input', using up to 'len_in' bytes from the input buffer. On - * success, return the number of bytes consumed and set *output to the - * newly allocated tor_extended_socks_auth_request_t. On failure, - * return -2 if the input appears truncated, and -1 if the input is - * otherwise invalid. - */ -ssize_t tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_extended_socks_auth_request in 'obj'. On failure, return a - * negative value. Note that this value may be an overestimate, and - * can even be an underestimate for certain unencodeable objects. - */ -ssize_t tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj); -/** Try to encode the tor_extended_socks_auth_request from 'input' - * into the buffer at 'output', using up to 'avail' bytes of the - * output buffer. On success, return the number of bytes used. On - * failure, return -2 if the buffer was not long enough, and -1 if the - * input was invalid. - */ -ssize_t tor_extended_socks_auth_request_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_request_t *input); -/** Check whether the internal state of the - * tor_extended_socks_auth_request in 'obj' is consistent. Return NULL - * if it is, and a short message if it is not. - */ -const char *tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj); -/** Return the value of the version field of the - * tor_extended_socks_auth_request_t in 'inp' - */ -uint8_t tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp); -/** Set the value of the version field of the - * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val); -/** Return the value of the npairs field of the - * tor_extended_socks_auth_request_t in 'inp' - */ -uint16_t tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp); -/** Set the value of the npairs field of the - * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the pairs field of - * the tor_extended_socks_auth_request_t in 'inp'. - */ -size_t tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_request_t in 'inp'. - */ -struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx); -/** As tor_extended_socks_auth_request_get_pairs, but take and return - * a const pointer - */ - const struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_request_t in 'inp', so that it - * will hold the value 'elt'. Free the previous value, if any. - */ -int tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** As tor_extended_socks_auth_request_set_pairs, but does not free - * the previous value. - */ -int tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** Append a new element 'elt' to the dynamic array field pairs of the - * tor_extended_socks_auth_request_t in 'inp'. - */ -int tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt); -/** Return a pointer to the variable-length array field pairs of - * 'inp'. - */ -struct tor_socksauth_keyval_st * * tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp); -/** As tor_extended_socks_auth_request_get_pairs, but take and return - * a const pointer - */ -const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp); -/** Change the length of the variable-length array field pairs of - * 'inp' to 'newlen'.Fill extra elements with NULL; free removed - * elements. Return 0 on success; return -1 and set the error code on - * 'inp' on failure. - */ -int tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen); -/** Return a newly allocated tor_extended_socks_auth_response with all - * elements set to zero. - */ -tor_extended_socks_auth_response_t *tor_extended_socks_auth_response_new(void); -/** Release all storage held by the tor_extended_socks_auth_response - * in 'victim'. (Do nothing if 'victim' is NULL.) - */ -void tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *victim); -/** Try to parse a tor_extended_socks_auth_response from the buffer in - * 'input', using up to 'len_in' bytes from the input buffer. On - * success, return the number of bytes consumed and set *output to the - * newly allocated tor_extended_socks_auth_response_t. On failure, - * return -2 if the input appears truncated, and -1 if the input is - * otherwise invalid. - */ -ssize_t tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * tor_extended_socks_auth_response in 'obj'. On failure, return a - * negative value. Note that this value may be an overestimate, and - * can even be an underestimate for certain unencodeable objects. - */ -ssize_t tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj); -/** Try to encode the tor_extended_socks_auth_response from 'input' - * into the buffer at 'output', using up to 'avail' bytes of the - * output buffer. On success, return the number of bytes used. On - * failure, return -2 if the buffer was not long enough, and -1 if the - * input was invalid. - */ -ssize_t tor_extended_socks_auth_response_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_response_t *input); -/** Check whether the internal state of the - * tor_extended_socks_auth_response in 'obj' is consistent. Return - * NULL if it is, and a short message if it is not. - */ -const char *tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj); -/** Return the value of the version field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint8_t tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the version field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val); -/** Return the value of the status field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint8_t tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the status field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val); -/** Return the value of the npairs field of the - * tor_extended_socks_auth_response_t in 'inp' - */ -uint16_t tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp); -/** Set the value of the npairs field of the - * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on - * success; return -1 and set the error code on 'inp' on failure. - */ -int tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val); -/** Return the length of the dynamic array holding the pairs field of - * the tor_extended_socks_auth_response_t in 'inp'. - */ -size_t tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_response_t in 'inp'. - */ -struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx); -/** As tor_extended_socks_auth_response_get_pairs, but take and return - * a const pointer - */ - const struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * pairs of the tor_extended_socks_auth_response_t in 'inp', so that - * it will hold the value 'elt'. Free the previous value, if any. - */ -int tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** As tor_extended_socks_auth_response_set_pairs, but does not free - * the previous value. - */ -int tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt); -/** Append a new element 'elt' to the dynamic array field pairs of the - * tor_extended_socks_auth_response_t in 'inp'. - */ -int tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt); -/** Return a pointer to the variable-length array field pairs of - * 'inp'. - */ -struct tor_socksauth_keyval_st * * tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp); -/** As tor_extended_socks_auth_response_get_pairs, but take and return - * a const pointer - */ -const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp); -/** Change the length of the variable-length array field pairs of - * 'inp' to 'newlen'.Fill extra elements with NULL; free removed - * elements. Return 0 on success; return -1 and set the error code on - * 'inp' on failure. - */ -int tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen); #endif diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel index d70ad639e2..b86ec03b9d 100644 --- a/src/trunnel/socks5.trunnel +++ b/src/trunnel/socks5.trunnel @@ -92,25 +92,3 @@ struct socks4_server_reply { u32 addr; } -// And here's the extended stuff from proposal 229 - -struct tor_socksauth_keyval { - u16 keylen; - char key[keylen]; - u16 vallen; - char val[vallen]; -} - -struct tor_extended_socks_auth_request { - u8 version IN [1]; - u16 npairs; - struct tor_socksauth_keyval pairs[npairs]; -} - -struct tor_extended_socks_auth_response { - u8 version IN [1]; - u8 status; - u16 npairs; - struct tor_socksauth_keyval pairs[npairs]; -} - From ba3121191b59ea254e3ebab697430bdc03857b6d Mon Sep 17 00:00:00 2001 From: rl1987 Date: Tue, 26 Jun 2018 20:48:35 +0300 Subject: [PATCH 22/24] Use constants for possible values of first octet --- src/or/proto_socks.c | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 9dbd688b75..998fd72ba5 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -17,6 +17,10 @@ #include "trunnel/socks5.h" #include "or/socks_request_st.h" +#define SOCKS_VER_5 0x05 /* First octet of non-auth SOCKS5 messages */ +#define SOCKS_VER_4 0x04 /* SOCKS4 messages */ +#define SOCKS_AUTH 0x01 /* SOCKS5 auth messages */ + typedef enum { SOCKS_RESULT_INVALID = -1, /* Message invalid. */ SOCKS_RESULT_TRUNCATED = 0, /* Message incomplete/truncated. */ @@ -121,7 +125,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, *is_socks4a = 0; *drain_out = 0; - req->socks_version = 4; + req->socks_version = SOCKS_VER_4; socks4_client_request_t *trunnel_req; @@ -347,21 +351,22 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass, socks_result_t res = SOCKS_RESULT_DONE; socks5_server_method_t *trunnel_resp = socks5_server_method_new(); - socks5_server_method_set_version(trunnel_resp, 5); + socks5_server_method_set_version(trunnel_resp, SOCKS_VER_5); if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) { req->auth_type = SOCKS_USER_PASS; socks5_server_method_set_method(trunnel_resp, SOCKS_USER_PASS); - req->socks_version = 5; // FIXME: come up with better way to remember - // that we negotiated auth + req->socks_version = SOCKS_VER_5; + // FIXME: come up with better way to remember + // that we negotiated auth log_debug(LD_APP,"socks5: accepted method 2 (username/password)"); } else if (have_no_auth) { req->auth_type = SOCKS_NO_AUTH; socks5_server_method_set_method(trunnel_resp, SOCKS_NO_AUTH); - req->socks_version = 5; + req->socks_version = SOCKS_VER_5; log_debug(LD_APP,"socks5: accepted method 0 (no authentication)"); } else { @@ -469,7 +474,7 @@ process_socks5_userpass_auth(socks_request_t *req) socks5_server_userpass_auth_t *trunnel_resp = socks5_server_userpass_auth_new(); - if (req->socks_version != 5) { + if (req->socks_version != SOCKS_VER_5) { res = SOCKS_RESULT_INVALID; goto end; } @@ -480,7 +485,7 @@ process_socks5_userpass_auth(socks_request_t *req) goto end; } - socks5_server_userpass_auth_set_version(trunnel_resp, 1); + socks5_server_userpass_auth_set_version(trunnel_resp, SOCKS_AUTH); socks5_server_userpass_auth_set_status(trunnel_resp, 0); // auth OK const char *errmsg = socks5_server_userpass_auth_check(trunnel_resp); @@ -684,10 +689,10 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, uint8_t socks_version = raw_data[0]; - if (socks_version == 1) - socks_version = 5; // SOCKS5 username/pass subnegotiation + if (socks_version == SOCKS_AUTH) + socks_version = SOCKS_VER_5; // SOCKS5 username/pass subnegotiation - if (socks_version == 4) { + if (socks_version == SOCKS_VER_4) { if (datalen < SOCKS4_NETWORK_LEN) { res = 0; goto end; @@ -709,7 +714,7 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, } goto end; - } else if (socks_version == 5) { + } else if (socks_version == SOCKS_VER_5) { if (datalen < 2) { /* version and another byte */ res = 0; goto end; @@ -731,7 +736,7 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, res = SOCKS_RESULT_MORE_EXPECTED; goto end; - } else if (req->socks_version != 5) { + } else if (req->socks_version != SOCKS_VER_5) { int have_user_pass, have_no_auth; res = parse_socks5_methods_request(raw_data, req, datalen, &have_user_pass, @@ -860,7 +865,7 @@ socks_request_set_socks5_error(socks_request_t *req, { socks5_server_reply_t *trunnel_resp = socks5_server_reply_new(); - socks5_server_reply_set_version(trunnel_resp, 0x05); + socks5_server_reply_set_version(trunnel_resp, SOCKS_VER_5); socks5_server_reply_set_reply(trunnel_resp, reason); socks5_server_reply_set_atype(trunnel_resp, 0x01); @@ -922,22 +927,22 @@ static int parse_socks(const char *data, size_t datalen, socks_request_t *req, int log_sockstype, int safe_socks, size_t *drain_out) { - uint8_t socksver; + uint8_t first_octet; if (datalen < 2) { /* We always need at least 2 bytes. */ return 0; } - socksver = get_uint8(data); + first_octet = get_uint8(data); - if (socksver == 5 || socksver == 4 || - socksver == 1) { // XXX: RFC 1929 + if (first_octet == SOCKS_VER_5 || first_octet == SOCKS_VER_4 || + first_octet == SOCKS_AUTH) { // XXX: RFC 1929 return handle_socks_message((const uint8_t *)data, datalen, req, log_sockstype, safe_socks, drain_out); } - switch (socksver) { /* which version of socks? */ + switch (first_octet) { /* which version of socks? */ case 'G': /* get */ case 'H': /* head */ case 'P': /* put/post */ From 2d0e1cef20036412ed57c287553623293ab65031 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 12 Jul 2018 14:20:46 -0400 Subject: [PATCH 23/24] Add fuzzing wrapper for fetch_from_buf_socks() --- scripts/codegen/fuzzing_include_am.py | 1 + src/test/fuzz/fuzz_socks.c | 50 +++++++++++++++++++++++++++ src/test/fuzz/include.am | 25 +++++++++++++- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 src/test/fuzz/fuzz_socks.c diff --git a/scripts/codegen/fuzzing_include_am.py b/scripts/codegen/fuzzing_include_am.py index 42a61876e8..68f43379ce 100755 --- a/scripts/codegen/fuzzing_include_am.py +++ b/scripts/codegen/fuzzing_include_am.py @@ -12,6 +12,7 @@ FUZZERS = """ http-connect iptsv2 microdesc + socks vrs """ diff --git a/src/test/fuzz/fuzz_socks.c b/src/test/fuzz/fuzz_socks.c new file mode 100644 index 0000000000..14c25304b1 --- /dev/null +++ b/src/test/fuzz/fuzz_socks.c @@ -0,0 +1,50 @@ +/* Copyright (c) 2016-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" + +#define BUFFERS_PRIVATE +#include "core/or/or.h" + +#include "lib/container/buffers.h" +#include "lib/err/backtrace.h" +#include "lib/log/log.h" +#include "core/proto/proto_socks.h" +#include "feature/client/addressmap.h" + +#include "test/fuzz/fuzzing.h" + +int +fuzz_init(void) +{ + addressmap_init(); + return 0; +} + +int +fuzz_cleanup(void) +{ + addressmap_free_all(); + return 0; +} + +int +fuzz_main(const uint8_t *stdin_buf, size_t data_size) +{ + buf_t *buffer = buf_new_with_data((char*)stdin_buf, data_size); + if (!buffer) { + tor_assert(data_size==0); + buffer = buf_new(); + } + + socks_request_t *request = socks_request_new(); + + int r = fetch_from_buf_socks(buffer, request, 0, 0); + log_info(LD_GENERAL, "Socks request status: %d", r); + + /* Reset. */ + buf_free(buffer); + socks_request_free(request); + + return 0; +} diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am index 87dfe91675..fe735a2497 100644 --- a/src/test/fuzz/include.am +++ b/src/test/fuzz/include.am @@ -17,7 +17,7 @@ FUZZING_LIBS = \ @TOR_ZSTD_LIBS@ oss-fuzz-prereqs: \ - $(TOR_INTERNAL_TESTING_LIBS) + $(TOR_INTERNAL_TESTING_LIBS) noinst_HEADERS += \ src/test/fuzz/fuzzing.h @@ -120,6 +120,14 @@ src_test_fuzz_fuzz_microdesc_CFLAGS = $(FUZZING_CFLAGS) src_test_fuzz_fuzz_microdesc_LDFLAGS = $(FUZZING_LDFLAG) src_test_fuzz_fuzz_microdesc_LDADD = $(FUZZING_LIBS) +src_test_fuzz_fuzz_socks_SOURCES = \ + src/test/fuzz/fuzzing_common.c \ + src/test/fuzz/fuzz_socks.c +src_test_fuzz_fuzz_socks_CPPFLAGS = $(FUZZING_CPPFLAGS) +src_test_fuzz_fuzz_socks_CFLAGS = $(FUZZING_CFLAGS) +src_test_fuzz_fuzz_socks_LDFLAGS = $(FUZZING_LDFLAG) +src_test_fuzz_fuzz_socks_LDADD = $(FUZZING_LIBS) + src_test_fuzz_fuzz_vrs_SOURCES = \ src/test/fuzz/fuzzing_common.c \ src/test/fuzz/fuzz_vrs.c @@ -140,6 +148,7 @@ FUZZERS = \ src/test/fuzz/fuzz-http-connect \ src/test/fuzz/fuzz-iptsv2 \ src/test/fuzz/fuzz-microdesc \ + src/test/fuzz/fuzz-socks \ src/test/fuzz/fuzz-vrs # ===== libfuzzer @@ -222,6 +231,13 @@ src_test_fuzz_lf_fuzz_microdesc_CFLAGS = $(LIBFUZZER_CFLAGS) src_test_fuzz_lf_fuzz_microdesc_LDFLAGS = $(LIBFUZZER_LDFLAG) src_test_fuzz_lf_fuzz_microdesc_LDADD = $(LIBFUZZER_LIBS) +src_test_fuzz_lf_fuzz_socks_SOURCES = \ + $(src_test_fuzz_fuzz_socks_SOURCES) +src_test_fuzz_lf_fuzz_socks_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) +src_test_fuzz_lf_fuzz_socks_CFLAGS = $(LIBFUZZER_CFLAGS) +src_test_fuzz_lf_fuzz_socks_LDFLAGS = $(LIBFUZZER_LDFLAG) +src_test_fuzz_lf_fuzz_socks_LDADD = $(LIBFUZZER_LIBS) + src_test_fuzz_lf_fuzz_vrs_SOURCES = \ $(src_test_fuzz_fuzz_vrs_SOURCES) src_test_fuzz_lf_fuzz_vrs_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) @@ -241,6 +257,7 @@ LIBFUZZER_FUZZERS = \ src/test/fuzz/lf-fuzz-http-connect \ src/test/fuzz/lf-fuzz-iptsv2 \ src/test/fuzz/lf-fuzz-microdesc \ + src/test/fuzz/lf-fuzz-socks \ src/test/fuzz/lf-fuzz-vrs else @@ -305,6 +322,11 @@ src_test_fuzz_liboss_fuzz_microdesc_a_SOURCES = \ src_test_fuzz_liboss_fuzz_microdesc_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) src_test_fuzz_liboss_fuzz_microdesc_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) +src_test_fuzz_liboss_fuzz_socks_a_SOURCES = \ + $(src_test_fuzz_fuzz_socks_SOURCES) +src_test_fuzz_liboss_fuzz_socks_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) +src_test_fuzz_liboss_fuzz_socks_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) + src_test_fuzz_liboss_fuzz_vrs_a_SOURCES = \ $(src_test_fuzz_fuzz_vrs_SOURCES) src_test_fuzz_liboss_fuzz_vrs_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) @@ -322,6 +344,7 @@ OSS_FUZZ_FUZZERS = \ src/test/fuzz/liboss-fuzz-http-connect.a \ src/test/fuzz/liboss-fuzz-iptsv2.a \ src/test/fuzz/liboss-fuzz-microdesc.a \ + src/test/fuzz/liboss-fuzz-socks.a \ src/test/fuzz/liboss-fuzz-vrs.a else From 04512d9fcd03bde1cedfa09f208a4c410172fe22 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 12 Jul 2018 14:20:56 -0400 Subject: [PATCH 24/24] SOCKS: Always free username/password before setting them. This fixes a memory leak found by fuzzing. --- src/core/proto/proto_socks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 530436c41b..9cc9568a41 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -174,6 +174,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req, goto end; } + tor_free(req->username); req->got_auth = 1; req->username = tor_strdup(username); req->usernamelen = usernamelen; @@ -445,6 +446,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, socks5_client_userpass_auth_getconstarray_passwd(trunnel_req); if (usernamelen && username) { + tor_free(req->username); req->username = tor_memdup_nulterm(username, usernamelen); req->usernamelen = usernamelen; @@ -452,6 +454,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, } if (passwordlen && password) { + tor_free(req->password); req->password = tor_memdup_nulterm(password, passwordlen); req->passwordlen = passwordlen;