From patchwork Wed Sep 9 02:22:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1432 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.27.255.50]) by backend30.mail.ord1d.rsapps.net with LMTP id mGDDFkrJWF8WWQAAIUCqbw (envelope-from ) for ; Wed, 09 Sep 2020 08:23:38 -0400 Received: from proxy7.mail.iad3a.rsapps.net ([172.27.255.50]) by director10.mail.ord1d.rsapps.net with LMTP id qCmpFkrJWF8gMwAApN4f7A (envelope-from ) for ; Wed, 09 Sep 2020 08:23:38 -0400 Received: from smtp16.gate.iad3a ([172.27.255.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.iad3a.rsapps.net with LMTPS id YNVfEErJWF+aSwAAnPvY+A (envelope-from ) for ; Wed, 09 Sep 2020 08:23:38 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 48ae1370-f297-11ea-99f7-5254004ee196-1-1 Received: from [216.105.38.7] ([216.105.38.7:54496] helo=lists.sourceforge.net) by smtp16.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B8/56-16162-849C85F5; Wed, 09 Sep 2020 08:23:37 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kFz7h-0002sj-50; Wed, 09 Sep 2020 12:22:49 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kFz7f-0002sJ-PB for openvpn-devel@lists.sourceforge.net; Wed, 09 Sep 2020 12:22:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=UA/zKPnSWsP32snfAjjJHzwhBZHZKAUyJOir9vQvBV0=; b=Vs7bbCnokTzwg/7gpt6nHrjIFW e21iQucBijjuVcQUd96a9UC+sAcYjrur+4eqdugl3K4YjzZq6n+56a8XrvPyVY2EcixIzGeR5Urph +GH+fAr18/CR/FPlM/T0HuPzk/2gukAmTaWJX8bX1tCC2uyESsSe1qj5nGmMjQBiCFMU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UA/zKPnSWsP32snfAjjJHzwhBZHZKAUyJOir9vQvBV0=; b=MvZaPNl8TlYemTGnMSFMaLHmyF vY+14yErWPwOYL0164vBNI7nKnlR3GHAxXey+gMlwAnsFwUWDSaDg5f6VkTaeM04OfGuHntPcgvys NZw+PUR0If4UdwqpTKla22S1mtIEkw4BaZvOulTiks/QRnR+Duj1UUHMjeJISfsXTqJM=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kFz7a-000Y2J-LC for openvpn-devel@lists.sourceforge.net; Wed, 09 Sep 2020 12:22:47 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.14.9/8.14.9) with ESMTP id 089CMO0L009270 for ; Wed, 9 Sep 2020 14:22:24 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 089CMO64009269 for openvpn-devel@lists.sourceforge.net; Wed, 9 Sep 2020 14:22:24 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 9 Sep 2020 14:22:23 +0200 Message-Id: <20200909122223.9222-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200909120707.8663-1-gert@greenie.muc.de> References: <20200909120707.8663-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: muc.de] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1kFz7a-000Y2J-LC Subject: [Openvpn-devel] [PATCH v3] socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When a SOCKS5 server sends back a reply, it encodes an "address", which can be IPv4 (4 bytes), IPv6 (16 bytes) or "a domain name", which has a lenght (1 byte) and "a string of length " - so when copying bytes, we need to hande "length +1" bytes. Our code totally doesn't use this variant of addresses on reception, but since this has been pointed out by "tpw_rules" in Trac, fix it, so if/when someone works on this again, the foundation is correct. While at it, increase buffer size used for sending to handle domain names longer than 122 characters (length was already checked, so a longer name would not overflow but just "not work"). v2: increase buf[] len in recv_socks_reply() from 22 to 270 so it is large enough to actually copy a domain name v3: increase buf[] len in establish_socks_proxy_passthru() from 128 to 270, to handle long domain names in queries Reported-By: tpw_rules in Trac Trac: #848 Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/socks.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 57f0cee2..d43d84a8 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -312,7 +312,7 @@ recv_socks_reply(socket_descriptor_t sd, char atyp = '\0'; int alen = 0; int len = 0; - char buf[22]; + char buf[270]; /* 4 + alen(max 256) + 2 */ const int timeout_sec = 5; if (addr != NULL) @@ -381,7 +381,10 @@ recv_socks_reply(socket_descriptor_t sd, break; case '\x03': /* DOMAINNAME */ - alen = (unsigned char) c; + /* RFC 1928, section 5: 1 byte length, bytes name, + * so the total "address length" is (length+1) + */ + alen = (unsigned char) c +1; break; case '\x04': /* IP V6 */ @@ -451,7 +454,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, const char *servname, /* openvpn server port */ volatile int *signal_received) { - char buf[128]; + char buf[270]; size_t len; if (!socks_handshake(p, sd, signal_received))