mirror of
https://github.com/golang/net.git
synced 2026-03-31 10:27:08 +09:00
go.net/proxy: fix desired destination address in SOCKS5 CONNECT
Both types IPv6 IPv4-mapped address and IPv4-compatible address are not allowed to be used in wire protocols. Fixes golang/go#4709. Thank you raptium for original CL 6922050. R=golang-dev, agl CC=golang-dev, raptium https://golang.org/cl/7220047
This commit is contained in:
Mikio Hara
@@ -5,23 +5,26 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"io"
|
||||
"net"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"sync"
|
||||
"testing"
|
||||
)
|
||||
|
||||
type testDialer struct {
|
||||
type testFromURLDialer struct {
|
||||
network, addr string
|
||||
}
|
||||
|
||||
func (t *testDialer) Dial(network, addr string) (net.Conn, error) {
|
||||
func (t *testFromURLDialer) Dial(network, addr string) (net.Conn, error) {
|
||||
t.network = network
|
||||
t.addr = addr
|
||||
return nil, t
|
||||
}
|
||||
|
||||
func (t *testDialer) Error() string {
|
||||
return "testDialer " + t.network + " " + t.addr
|
||||
func (t *testFromURLDialer) Error() string {
|
||||
return "testFromURLDialer " + t.network + " " + t.addr
|
||||
}
|
||||
|
||||
func TestFromURL(t *testing.T) {
|
||||
@@ -30,7 +33,7 @@ func TestFromURL(t *testing.T) {
|
||||
t.Fatalf("failed to parse URL: %s", err)
|
||||
}
|
||||
|
||||
tp := &testDialer{}
|
||||
tp := &testFromURLDialer{}
|
||||
proxy, err := FromURL(u, tp)
|
||||
if err != nil {
|
||||
t.Fatalf("FromURL failed: %s", err)
|
||||
@@ -40,7 +43,7 @@ func TestFromURL(t *testing.T) {
|
||||
if conn != nil {
|
||||
t.Error("Dial unexpected didn't return an error")
|
||||
}
|
||||
if tp, ok := err.(*testDialer); ok {
|
||||
if tp, ok := err.(*testFromURLDialer); ok {
|
||||
if tp.network != "tcp" || tp.addr != "1.2.3.4:5678" {
|
||||
t.Errorf("Dialer connected to wrong host. Wanted 1.2.3.4:5678, got: %v", tp)
|
||||
}
|
||||
@@ -48,3 +51,70 @@ func TestFromURL(t *testing.T) {
|
||||
t.Errorf("Unexpected error from Dial: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSOCKS5(t *testing.T) {
|
||||
endSystem, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("net.Listen failed: %v", err)
|
||||
}
|
||||
defer endSystem.Close()
|
||||
gateway, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("net.Listen failed: %v", err)
|
||||
}
|
||||
defer gateway.Close()
|
||||
|
||||
wg := &sync.WaitGroup{}
|
||||
go socks5Gateway(t, gateway, endSystem, wg)
|
||||
wg.Add(1)
|
||||
|
||||
proxy, err := SOCKS5("tcp", gateway.Addr().String(), nil, Direct)
|
||||
if err != nil {
|
||||
t.Fatalf("SOCKS5 failed: %v", err)
|
||||
}
|
||||
if c, err := proxy.Dial("tcp", endSystem.Addr().String()); err != nil {
|
||||
t.Fatalf("SOCKS5.Dial failed: %v", err)
|
||||
} else {
|
||||
c.Close()
|
||||
}
|
||||
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
func socks5Gateway(t *testing.T, gateway, endSystem net.Listener, wg *sync.WaitGroup) {
|
||||
defer wg.Done()
|
||||
|
||||
c, err := gateway.Accept()
|
||||
if err != nil {
|
||||
t.Fatalf("net.Listener.Accept failed: %v", err)
|
||||
}
|
||||
defer c.Close()
|
||||
|
||||
b := make([]byte, 32)
|
||||
if _, err := io.ReadFull(c, b[:3]); err != nil {
|
||||
t.Fatalf("net.Conn.Read failed: %v", err)
|
||||
}
|
||||
if _, err := c.Write([]byte{socks5Version, socks5AuthNone}); err != nil {
|
||||
t.Fatalf("net.Conn.Write failed: %v", err)
|
||||
}
|
||||
if _, err := io.ReadFull(c, b[:10]); err != nil {
|
||||
t.Fatalf("net.Conn.Read failed: %v", err)
|
||||
}
|
||||
if b[0] != socks5Version || b[1] != socks5Connect || b[2] != 0x00 || b[3] != socks5IP4 {
|
||||
t.Fatalf("got an unexpected packet: %v, %v, %v, %v", b[0], b[1], b[2], b[3])
|
||||
}
|
||||
copy(b[:4], []byte{socks5Version, 0x00, 0x00, socks5IP4})
|
||||
host, port, err := net.SplitHostPort(endSystem.Addr().String())
|
||||
if err != nil {
|
||||
t.Fatalf("net.SplitHostPort failed: %v", err)
|
||||
}
|
||||
b = append(b, []byte(net.ParseIP(host).To4())...)
|
||||
p, err := strconv.Atoi(port)
|
||||
if err != nil {
|
||||
t.Fatalf("strconv.Atoi failed: %v", err)
|
||||
}
|
||||
b = append(b, []byte{byte(p >> 8), byte(p)}...)
|
||||
if _, err := c.Write(b); err != nil {
|
||||
t.Fatalf("net.Conn.Write failed: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,7 +64,6 @@ var socks5Errors = []string{
|
||||
func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
switch network {
|
||||
case "tcp", "tcp6", "tcp4":
|
||||
break
|
||||
default:
|
||||
return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
|
||||
}
|
||||
@@ -103,11 +102,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
|
||||
}
|
||||
|
||||
if _, err = conn.Write(buf); err != nil {
|
||||
if _, err := conn.Write(buf); err != nil {
|
||||
return nil, errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
if _, err = io.ReadFull(conn, buf[:2]); err != nil {
|
||||
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
||||
return nil, errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
if buf[0] != 5 {
|
||||
@@ -125,11 +124,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
buf = append(buf, uint8(len(s.password)))
|
||||
buf = append(buf, s.password...)
|
||||
|
||||
if _, err = conn.Write(buf); err != nil {
|
||||
if _, err := conn.Write(buf); err != nil {
|
||||
return nil, errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
if _, err = io.ReadFull(conn, buf[:2]); err != nil {
|
||||
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
||||
return nil, errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
@@ -142,12 +141,13 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
|
||||
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
if ip.To4() != nil {
|
||||
if ip4 := ip.To4(); ip4 != nil {
|
||||
buf = append(buf, socks5IP4)
|
||||
ip = ip4
|
||||
} else {
|
||||
buf = append(buf, socks5IP6)
|
||||
}
|
||||
buf = append(buf, []byte(ip)...)
|
||||
buf = append(buf, ip...)
|
||||
} else {
|
||||
buf = append(buf, socks5Domain)
|
||||
buf = append(buf, byte(len(host)))
|
||||
@@ -155,11 +155,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
}
|
||||
buf = append(buf, byte(port>>8), byte(port))
|
||||
|
||||
if _, err = conn.Write(buf); err != nil {
|
||||
if _, err := conn.Write(buf); err != nil {
|
||||
return nil, errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
if _, err = io.ReadFull(conn, buf[:4]); err != nil {
|
||||
if _, err := io.ReadFull(conn, buf[:4]); err != nil {
|
||||
return nil, errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
@@ -193,12 +193,12 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) {
|
||||
} else {
|
||||
buf = buf[:bytesToDiscard]
|
||||
}
|
||||
if _, err = io.ReadFull(conn, buf); err != nil {
|
||||
if _, err := io.ReadFull(conn, buf); err != nil {
|
||||
return nil, errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
// Also need to discard the port number
|
||||
if _, err = io.ReadFull(conn, buf[:2]); err != nil {
|
||||
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
||||
return nil, errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user