From patchwork Thu Oct 16 10:31:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4510 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp3790363mab; Thu, 16 Oct 2025 03:32:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVdcjQHbyl9IjZSn8uvPMS853YolpSfissbmjkXP32qRXsVpVCA97VzWYMCtdhyd4i8Heahfpj8r0M=@openvpn.net X-Google-Smtp-Source: AGHT+IHKei2GNgB3hd9hVhKY0CqJzJ2YhtFqLLkDQDOQyGHEe2ExlEz1R/rcxKVRCP+0Bzk3SOp7 X-Received: by 2002:a05:6820:8389:b0:63d:bc20:a61a with SMTP id 006d021491bc7-64fffe9a56cmr11935666eaf.7.1760610721807; Thu, 16 Oct 2025 03:32:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1760610721; cv=none; d=google.com; s=arc-20240605; b=JfjXFx69EZQEHpqpgsmEW2jDfVkz21xvvtsGdTxM4DvB/tQRcWnecwXDo7BVbx++Md UaDaXSuenDZxpUNTqHSM9pGM+cp0/oUuNYSQGnpbMRTeZSR9+dMWzYwtkonMLK2Q7/2k xyHVTQUbpi+DzrNgKVlQncLNTapPtwd+8S1Bl3sJ+eTFzjOAdQTmEdS8hJiknLdxF0WG vDFZTs9Gr7af6VLiN0+EIzKqBpxTzcIdYOI/F/T4xdl480Sl8atnKUj0VcYmS5TrIOZ6 UO4CwsOW8SeZUxxa5dbBfkDMTm6/9a5GCkXgkxZEagCAm74qZ9RvzfaEZB58fAyMmbNZ 26vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ci6atR+jKVfl7ILWPDwYyhki1PzTLWCAt/SYZgmqWHg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=E1jdYfWWH+iigXulmuPZzsP2tLYzd8zoHE1RjRISBFGu+VkZGzX5uSfxWwMxokG21B XA5SEpSN1NudOKsR/DTiLYrjx+S5OYB1j+T5lVH3gkQsttQPScHHJ+nE+qr8wq1e/4CY M4B5MHgb1/kA+SPeWq43ur9aq5IidPqVK5dF1Uc0TLeHvWjQDVcGJiCTti0rp6csj7RS 5lS+TCEjDzz7cmYRyP60b/bkFtEofdWtRxbXtxpJ2FdxO6P1ZadWADb2+KRLw4e72sVZ iO8P2lj2YunAhbYgMjaqKU7qw1BmkiA7jyYgjBhrkqOk64n1MJWlHoMg9rmIt4uMQ6Cp EkgQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=jnq0Ojho; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lNKW1P2E; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ewqLiiUE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-650181e2dabsi4315146eaf.107.2025.10.16.03.32.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Oct 2025 03:32:01 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=jnq0Ojho; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lNKW1P2E; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ewqLiiUE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ci6atR+jKVfl7ILWPDwYyhki1PzTLWCAt/SYZgmqWHg=; b=jnq0OjhofBaaHmkjPYLo69McO0 x6GxVZqYHoz0w9NMyImyknMPMcsyLiWSHhhshrN4VqUxWXcLysjC/Y6EiRD0TxZihsjbhLqeeLXnW 8eziJ9i4RTrIhuKrFKSvfzPTaod/nkOyvaaRtZh0Ihmj8bEDM6P58NYhonFX8b+q4i+I=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v9LH3-0007ii-IO; Thu, 16 Oct 2025 10:31:58 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v9LH1-0007iW-SY for openvpn-devel@lists.sourceforge.net; Thu, 16 Oct 2025 10:31:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+sZNPKM4MUuDx14uOqDyfqs4POPoMO87+ApORrvT4AU=; b=lNKW1P2EneZ7SNw07Nyp3QKp0a O1FjtKICfkyD7+8DInAo4md5uRtTppsr+pxLTOhQ+JeryPC0oRx4VJubAPwJ6xd1VPrU9cm2XDeWo Cwyk/of99dbvc5PYbxeXctW3n+IzyNN9zZXrqvRxV4LrfccgF9ow3DMBjhJlteTziHSg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+sZNPKM4MUuDx14uOqDyfqs4POPoMO87+ApORrvT4AU=; b=ewqLiiUEg++u6x0AnQ+nnGETre ZvpU+3hCkoeOLrpeojokPNFDJHKQGhrpgFwh2RzSP+jSpl8BGg9ihh+VTkp6BqCIhHxEBiMRYhJhA 6zqRRfqlxJCldYUXiZ5iUGxfi5kcem2l9cIn3VFKPU/+AesN2o94oyp2Z7fwiNTsShOo=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v9LH1-0007KP-FM for openvpn-devel@lists.sourceforge.net; Thu, 16 Oct 2025 10:31:56 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59GAVhdD004516 for ; Thu, 16 Oct 2025 12:31:43 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59GAVhOj004505 for openvpn-devel@lists.sourceforge.net; Thu, 16 Oct 2025 12:31:43 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Oct 2025 12:31:35 +0200 Message-ID: <20251016103143.4461-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Change-Id: I70620aca638847168f06b0fb23cc04bd279d7df9 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v9LH1-0007KP-FM Subject: [Openvpn-devel] [PATCH v2] proxy: factor out recv_char code common with socks proxy X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1846134147842353874?= X-GMAIL-MSGID: =?utf-8?q?1846134147842353874?= From: Frank Lichtenheld Change-Id: I70620aca638847168f06b0fb23cc04bd279d7df9 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1278 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1278 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index dfe1e59..4205991 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -57,6 +57,50 @@ /* cached proxy username/password */ static struct user_pass static_proxy_user_pass; +bool +proxy_recv_char(uint8_t *c, const char *name, socket_descriptor_t sd, + struct timeval *timeout, volatile int *signal_received) +{ + fd_set reads; + FD_ZERO(&reads); + openvpn_fd_set(sd, &reads); + + const int status = openvpn_select(sd + 1, &reads, NULL, NULL, timeout); + + get_signal(signal_received); + if (*signal_received) + { + return false; + } + + /* timeout? */ + if (status == 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read timeout expired", name); + return false; + } + + /* error */ + if (status < 0) + { + msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read failed on select()", name); + return false; + } + + /* read single char */ + const ssize_t size = recv(sd, (void *)c, 1, MSG_NOSIGNAL); + + /* error? */ + if (size != 1) + { + msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read failed on recv()", name); + return false; + } + + return true; +} + + static bool recv_line(socket_descriptor_t sd, char *buf, int len, const int timeout_sec, const bool verbose, struct buffer *lookahead, volatile int *signal_received) @@ -72,9 +116,6 @@ while (true) { - int status; - ssize_t size; - fd_set reads; struct timeval tv; uint8_t c; @@ -83,50 +124,12 @@ ASSERT(buf_init(&la, 0)); } - FD_ZERO(&reads); - openvpn_fd_set(sd, &reads); tv.tv_sec = timeout_sec; tv.tv_usec = 0; - status = openvpn_select(sd + 1, &reads, NULL, NULL, &tv); - - get_signal(signal_received); - if (*signal_received) + if (!proxy_recv_char(&c, "recv_line", sd, &tv, signal_received)) { - goto error; - } - - /* timeout? */ - if (status == 0) - { - if (verbose) - { - msg(D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read timeout expired"); - } - goto error; - } - - /* error */ - if (status < 0) - { - if (verbose) - { - msg(D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read failed on select()"); - } - goto error; - } - - /* read single char */ - size = recv(sd, (void *)&c, 1, MSG_NOSIGNAL); - - /* error? */ - if (size != 1) - { - if (verbose) - { - msg(D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read failed on recv()"); - } - goto error; + return false; } #if 0 @@ -179,9 +182,6 @@ } return true; - -error: - return false; } static bool diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index be16d83..3bfa687 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -80,6 +80,9 @@ void http_proxy_close(struct http_proxy_info *hp); +bool proxy_recv_char(uint8_t *c, const char *name, socket_descriptor_t sd, + struct timeval *timeout, volatile int *signal_received); + bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index d383ef7..9dc013e 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -81,7 +81,7 @@ } static bool -socks_proxy_recv_char(char *c, const char *name, socket_descriptor_t sd, +socks_proxy_recv_char(uint8_t *c, const char *name, socket_descriptor_t sd, struct event_timeout *server_poll_timeout, volatile int *signal_received) { @@ -93,39 +93,7 @@ tv.tv_sec = get_server_poll_remaining_time(server_poll_timeout); tv.tv_usec = 0; - const int status = openvpn_select(sd + 1, &reads, NULL, NULL, &tv); - - get_signal(signal_received); - if (*signal_received) - { - return false; - } - - /* timeout? */ - if (status == 0) - { - msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read timeout expired", name); - return false; - } - - /* error */ - if (status < 0) - { - msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read failed on select()", name); - return false; - } - - /* read single char */ - const ssize_t size = recv(sd, c, 1, MSG_NOSIGNAL); - - /* error? */ - if (size != 1) - { - msg(D_LINK_ERRORS | M_ERRNO, "%s: TCP port read failed on recv()", name); - return false; - } - - return true; + return proxy_recv_char(c, name, sd, &tv, signal_received); } static bool @@ -165,10 +133,10 @@ } int len = 0; - char buf[2]; + uint8_t buf[2]; while (len < 2) { - char c; + uint8_t c; if (!socks_proxy_recv_char(&c, __func__, sd, server_poll_timeout, signal_received)) { @@ -196,12 +164,12 @@ socks_handshake(struct socks_proxy_info *p, socket_descriptor_t sd, struct event_timeout *server_poll_timeout, volatile int *signal_received) { - char buf[2]; + uint8_t buf[2]; int len = 0; ssize_t size; /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */ - char method_sel[3] = { 0x05, 0x01, 0x00 }; + uint8_t method_sel[3] = { 0x05, 0x01, 0x00 }; if (p->authfile[0]) { method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */ @@ -215,7 +183,7 @@ while (len < 2) { - char c; + uint8_t c; if (!socks_proxy_recv_char(&c, __func__, sd, server_poll_timeout, signal_received)) { @@ -226,7 +194,7 @@ } /* VER == 5 */ - if (buf[0] != '\x05') + if (buf[0] != 5) { msg(D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status"); return false; @@ -273,7 +241,7 @@ recv_socks_reply(socket_descriptor_t sd, struct openvpn_sockaddr *addr, struct event_timeout *server_poll_timeout, volatile int *signal_received) { - char atyp = '\0'; + uint8_t atyp = 0; int alen = 0; int len = 0; char buf[270]; /* 4 + alen(max 256) + 2 */ @@ -287,7 +255,7 @@ while (len < 4 + alen + 2) { - char c; + uint8_t c; if (!socks_proxy_recv_char(&c, __func__, sd, server_poll_timeout, signal_received)) { @@ -303,18 +271,18 @@ { switch (atyp) { - case '\x01': /* IP V4 */ + case 1: /* IP V4 */ alen = 4; break; - case '\x03': /* DOMAINNAME */ + case 3: /* DOMAINNAME */ /* RFC 1928, section 5: 1 byte length, bytes name, * so the total "address length" is (length+1) */ - alen = (unsigned char)c + 1; + alen = c + 1; break; - case '\x04': /* IP V6 */ + case 4: /* IP V6 */ alen = 16; break; @@ -333,14 +301,14 @@ } /* VER == 5 && REP == 0 (succeeded) */ - if (buf[0] != '\x05' || buf[1] != '\x00') + if (buf[0] != 5 || buf[1] != 0) { msg(D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply"); return false; } /* ATYP == 1 (IP V4 address) */ - if (atyp == '\x01' && addr != NULL) + if (atyp == 1 && addr != NULL) { memcpy(&addr->addr.in4.sin_addr, buf + 4, sizeof(addr->addr.in4.sin_addr)); memcpy(&addr->addr.in4.sin_port, buf + 8, sizeof(addr->addr.in4.sin_port));