From 44bc09b0078ab608ea98a9a8ca08d8e0a44a28e8 Mon Sep 17 00:00:00 2001 From: "Francisco Blas (klondike) Izquierdo Riera" Date: Sat, 3 Jan 2015 15:39:03 +0100 Subject: [PATCH 1/2] Rewrite SOCKS proxy parsing to allow for SOCKS5, also fix any remaining logs --- SOCKS.cpp | 216 +++++++++++++++++++++++++++++++++++------------------- SOCKS.h | 72 +++++++++++------- 2 files changed, 187 insertions(+), 101 deletions(-) diff --git a/SOCKS.cpp b/SOCKS.cpp index 74887462..54ad8e57 100644 --- a/SOCKS.cpp +++ b/SOCKS.cpp @@ -5,6 +5,7 @@ #include "ClientContext.h" #include "I2PEndian.h" #include +#include namespace i2p { @@ -15,17 +16,13 @@ namespace proxy void SOCKS4AHandler::AsyncSockRead() { - LogPrint("--- socks4a async sock read"); + LogPrint(eLogDebug,"--- SOCKS async sock read"); if(m_sock) { - if (m_state == INITIAL) { - m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size), - std::bind(&SOCKS4AHandler::HandleSockRecv, this, - std::placeholders::_1, std::placeholders::_2)); - } else { - LogPrint("--- socks4a state?? ", m_state); - } + m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size), + std::bind(&SOCKS4AHandler::HandleSockRecv, this, + std::placeholders::_1, std::placeholders::_2)); } else { - LogPrint("--- socks4a no socket for read"); + LogPrint(eLogError,"--- SOCKS no socket for read"); } } @@ -37,7 +34,7 @@ namespace proxy void SOCKS4AHandler::SocksFailed() { - LogPrint("--- socks4a failed"); + LogPrint(eLogWarning,"--- SOCKS failed"); //TODO: send the right response boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5b 12345"), std::bind(&SOCKS4AHandler::SentSocksFailed, this, @@ -47,7 +44,7 @@ namespace proxy void SOCKS4AHandler::CloseSock() { if (m_sock) { - LogPrint("--- socks4a close sock"); + LogPrint(eLogDebug,"--- SOCKS close sock"); m_sock->close(); delete m_sock; m_sock = nullptr; @@ -57,7 +54,7 @@ namespace proxy void SOCKS4AHandler::CloseStream() { if (m_stream) { - LogPrint("--- socks4a close stream"); + LogPrint(eLogDebug,"--- SOCKS close stream"); m_stream.reset (); } } @@ -66,78 +63,147 @@ namespace proxy const size_t socks_ident_size = 1024; const size_t destb32_len = 52; - void SOCKS4AHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len) + std::size_t SOCKS4AHandler::HandleData(uint8_t *sock_buff, std::size_t len) { - LogPrint("--- socks4a sock recv: ", len); - //TODO: we may not have received all the data :( - if(ecode) { - LogPrint(" --- sock recv got error: ", ecode); - Terminate(); - return; + assert(len); // This should always be called with a least a byte left to parse + switch (m_state) { + case GET_VERSION: + return HandleVersion(sock_buff); + case SOCKS4A: + return HandleSOCKS4A(sock_buff,len); + default: + LogPrint(eLogError,"--- SOCKS state?? ", m_state); + Terminate(); + return 0; } + } - char hostbuff[socks_hostname_size]; - char identbuff[socks_ident_size]; - std::memset(hostbuff, 0, sizeof(hostbuff)); - std::memset(identbuff, 0, sizeof(hostbuff)); - std::string dest; - - uint16_t port = 0; - uint32_t address = 0; - uint16_t idx1 = 0; - uint16_t idx2 = 0; - - LogPrint(eLogDebug,"--- socks4a state initial ", len); - - // check valid request - if( m_sock_buff[0] != 4 || m_sock_buff[1] != 1 || m_sock_buff[len-1] ) { - LogPrint(eLogError,"--- socks4a rejected invalid"); - SocksFailed(); - return; + std::size_t SOCKS4AHandler::HandleVersion(uint8_t *sock_buff) + { + switch (*sock_buff) { + case 4: + m_state = SOCKS4A; // Switch to the 4a handler + m_pstate = GET4A_COMMAND; //Initialize the parser at the right position + return 1; + default: + LogPrint(eLogError,"--- SOCKS rejected invalid version", ((int)*sock_buff)); + Terminate(); + return 0; } + } - // get port - port = bufbe16toh(m_sock_buff + 2); - - // get address - address = bufbe32toh(m_sock_buff + 4); + std::size_t SOCKS4AHandler::HandleSOCKS4A(uint8_t *sock_buff, std::size_t len) + { + std::size_t rv = 0; + while (len > 0) { + rv++; + switch (m_pstate) + { + case GET4A_COMMAND: + if ( *sock_buff != 1 ) { + LogPrint(eLogError,"--- SOCKS4a unsupported command", ((int)*sock_buff)); + SocksFailed(); + return 0; + } + m_pstate = GET4A_PORT1; + break; + case GET4A_PORT1: + m_port = ((uint16_t)*sock_buff) << 8; + m_pstate = GET4A_PORT2; + break; + case GET4A_PORT2: + m_port |= ((uint16_t)*sock_buff); + m_pstate = GET4A_IP1; + break; + case GET4A_IP1: + m_ip = ((uint32_t)*sock_buff) << 24; + m_pstate = GET4A_IP2; + break; + case GET4A_IP2: + m_ip |= ((uint32_t)*sock_buff) << 16; + m_pstate = GET4A_IP3; + break; + case GET4A_IP3: + m_ip |= ((uint32_t)*sock_buff) << 8; + m_pstate = GET4A_IP4; + break; + case GET4A_IP4: + m_ip |= ((uint32_t)*sock_buff); + m_pstate = GET4A_IDENT; + if( m_ip == 0 || m_ip > 255 ) { + LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4"); + SocksFailed(); + return 0; + } + break; + case GET4A_IDENT: + if (!*sock_buff) + m_pstate = GET4A_HOST; + break; + case GET4A_HOST: + if (!*sock_buff) { + m_pstate = DONE; + m_state = READY; + return rv; + } + if (m_destination.size() > HOST_NAME_MAX) { + LogPrint(eLogError,"--- SOCKS4a destination is too large "); + SocksFailed(); + return 0; + } + m_destination.push_back(*sock_buff); + break; + default: + LogPrint(eLogError,"--- SOCKS4a parse state?? ", m_pstate); + Terminate(); + return 0; + } + sock_buff++; + len--; + } + return rv; + } - // check valid request - if( address == 0 || address > 255 ) { - LogPrint(eLogError,"--- socks4a rejected because it's actually socks4"); - SocksFailed(); + void SOCKS4AHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len) + { + LogPrint(eLogDebug,"--- SOCKS sock recv: ", len); + if(ecode) { + LogPrint(eLogWarning," --- SOCKS sock recv got error: ", ecode); + Terminate(); return; } - // read ident - do { - LogPrint(eLogDebug,"--- socks4a ", (int) m_sock_buff[9+idx1]); - identbuff[idx1] = m_sock_buff[8+idx1]; - } while( identbuff[idx1++] && idx1 < socks_ident_size ); - - LogPrint(eLogInfo,"--- socks4a ident ", identbuff); - // read hostname - do { - hostbuff[idx2] = m_sock_buff[8+idx1+idx2]; - } while( hostbuff[idx2++] && idx2 < socks_hostname_size ); + std::size_t pos = 0; + while (pos != len && m_state != READY) { + assert(pos < len); //We are overflowing the buffer otherwise + std::size_t rv = HandleData(m_sock_buff + pos, len - pos); + if (!rv) return; //Something went wrong die misserably + pos += rv; + } - LogPrint(eLogInfo,"--- socks4a requested ", hostbuff, ":" , port); + if (m_state == READY) { + LogPrint(eLogInfo,"--- SOCKS requested ", m_destination, ":" , m_port); + if (pos != len) { + LogPrint(eLogError,"--- SOCKS rejected because be can't handle extra data"); + SocksFailed(); + return ; + } + if(m_destination.find(".i2p") == std::string::npos) { + LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_destination); + SocksFailed(); + return; + } - dest = std::string(hostbuff); - if(dest.find(".i2p") == std::string::npos) { - LogPrint("--- socks4a invalid hostname: ", dest); - SocksFailed(); - return; + // TODO: Pass port see m_port + m_parent->GetLocalDestination ()->CreateStream ( + std::bind (&SOCKS4AHandler::HandleStreamRequestComplete, + this, std::placeholders::_1), m_destination); } - - m_parent->GetLocalDestination ()->CreateStream ( - std::bind (&SOCKS4AHandler::HandleStreamRequestComplete, - this, std::placeholders::_1), dest); } - + void SOCKS4AHandler::ConnectionSuccess() { - LogPrint(eLogInfo,"--- socks4a connection success"); + LogPrint(eLogInfo,"--- SOCKS connection success"); //TODO: send the right response boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5a 12345"), std::bind(&SOCKS4AHandler::SentConnectionSuccess, this, @@ -151,7 +217,7 @@ namespace proxy } else { - LogPrint (eLogError,"--- socks4a Closing socket after sending failure because: ", ecode.message ()); + LogPrint (eLogError,"--- SOCKS Closing socket after sending failure because: ", ecode.message ()); Terminate(); } } @@ -159,14 +225,14 @@ namespace proxy void SOCKS4AHandler::SentConnectionSuccess(const boost::system::error_code & ecode) { if (!ecode) { - LogPrint (eLogInfo,"--- socks4a New I2PTunnel connection"); + LogPrint (eLogInfo,"--- SOCKS New I2PTunnel connection"); auto connection = std::make_shared((i2p::client::I2PTunnel *)m_parent, m_sock, m_stream); m_parent->AddConnection (connection); connection->I2PConnect (); } else { - LogPrint (eLogError,"--- socks4a Closing socket after sending success because: ", ecode.message ()); + LogPrint (eLogError,"--- SOCKS Closing socket after sending success because: ", ecode.message ()); Terminate(); } } @@ -180,7 +246,7 @@ namespace proxy } else { - LogPrint (eLogError,"--- socks4a Issue when creating the stream, check the previous warnings for more info."); + LogPrint (eLogError,"--- SOCKS Issue when creating the stream, check the previous warnings for more info."); SocksFailed(); } } @@ -210,13 +276,13 @@ namespace proxy { if (!ecode) { - LogPrint(eLogDebug,"--- socks4a accepted"); + LogPrint(eLogDebug,"--- SOCKS accepted"); new SOCKS4AHandler(this, socket); Accept(); } else { - LogPrint (eLogError,"--- socks4a Closing socket on accept because: ", ecode.message ()); + LogPrint (eLogError,"--- SOCKS Closing socket on accept because: ", ecode.message ()); delete socket; } } diff --git a/SOCKS.h b/SOCKS.h index 66e62f66..a0a6a9a2 100644 --- a/SOCKS.h +++ b/SOCKS.h @@ -1,6 +1,7 @@ #ifndef SOCKS4A_H__ #define SOCKS4A_H__ +#include #include #include #include "Identity.h" @@ -18,39 +19,58 @@ namespace proxy class SOCKS4AHandler { private: - enum state { - INITIAL, - OKAY, - END - }; - - void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port); - void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); - void Terminate(); - void CloseSock(); - void CloseStream(); - void AsyncSockRead(); - void SocksFailed(); - void SentSocksFailed(const boost::system::error_code & ecode); - void SentConnectionSuccess(const boost::system::error_code & ecode); - void ConnectionSuccess(); - void HandleStreamRequestComplete (std::shared_ptr stream); + enum state { + GET_VERSION, + SOCKS4A, + READY + }; + enum parseState { + GET4A_COMMAND, + GET4A_PORT1, + GET4A_PORT2, + GET4A_IP1, + GET4A_IP2, + GET4A_IP3, + GET4A_IP4, + GET4A_IDENT, + GET4A_HOST, + DONE + }; + + void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port); + std::size_t HandleData(uint8_t *sock_buff, std::size_t len); + std::size_t HandleVersion(uint8_t *sock_buff); + std::size_t HandleSOCKS4A(uint8_t *sock_buff, std::size_t len); + void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); + void Terminate(); + void CloseSock(); + void CloseStream(); + void AsyncSockRead(); + void SocksFailed(); + void SentSocksFailed(const boost::system::error_code & ecode); + void SentConnectionSuccess(const boost::system::error_code & ecode); + void ConnectionSuccess(); + void HandleStreamRequestComplete (std::shared_ptr stream); + + uint8_t m_sock_buff[socks_buffer_size]; - uint8_t m_sock_buff[socks_buffer_size]; - - SOCKS4AServer * m_parent; - boost::asio::ip::tcp::socket * m_sock; - std::shared_ptr m_stream; - state m_state; + SOCKS4AServer * m_parent; + boost::asio::ip::tcp::socket * m_sock; + std::shared_ptr m_stream; + state m_state; + parseState m_pstate; + uint8_t m_command; + uint16_t m_port; + uint32_t m_ip; + std::string m_destination; public: SOCKS4AHandler(SOCKS4AServer * parent, boost::asio::ip::tcp::socket * sock) : - m_parent(parent), m_sock(sock), m_stream(nullptr), m_state(INITIAL) - { AsyncSockRead(); } + m_parent(parent), m_sock(sock), m_stream(nullptr), m_state(GET_VERSION) + { AsyncSockRead(); m_destination.reserve(HOST_NAME_MAX+1); } ~SOCKS4AHandler() { CloseSock(); CloseStream(); } - bool isComplete() { return m_state == END; } }; class SOCKS4AServer: public i2p::client::I2PTunnel From 27d510d1b71b4e9e8288358418f5532b256cdb32 Mon Sep 17 00:00:00 2001 From: "Francisco Blas (klondike) Izquierdo Riera" Date: Sat, 3 Jan 2015 16:16:27 +0100 Subject: [PATCH 2/2] Handle port correctly --- SOCKS.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SOCKS.cpp b/SOCKS.cpp index 54ad8e57..db38d358 100644 --- a/SOCKS.cpp +++ b/SOCKS.cpp @@ -101,6 +101,7 @@ namespace proxy { case GET4A_COMMAND: if ( *sock_buff != 1 ) { + //TODO: we need to support binds and other shit! LogPrint(eLogError,"--- SOCKS4a unsupported command", ((int)*sock_buff)); SocksFailed(); return 0; @@ -194,10 +195,9 @@ namespace proxy return; } - // TODO: Pass port see m_port m_parent->GetLocalDestination ()->CreateStream ( std::bind (&SOCKS4AHandler::HandleStreamRequestComplete, - this, std::placeholders::_1), m_destination); + this, std::placeholders::_1), m_destination, m_port); } }