Google Git
Sign in
go/net/cd34c46d3f8cc7bafd96cb48cda8f12bb6f9b41b^!/./proxy
commit
cd34c46d3f8cc7bafd96cb48cda8f12bb6f9b41b
[log] [tgz]
author
Mikio Hara <mikioh.mikioh@gmail.com>
Tue Jan 29 03:24:44 2013 +0900
committer
Mikio Hara <mikioh.mikioh@gmail.com>
Tue Jan 29 03:24:44 2013 +0900
tree
1c693ee6a171356580142ff18674f20c701086ba
parent
617911444df94f2e45e599b89409831d7d6741f0 [diff]
go.net/proxy: fix desired destination address in SOCKS5 CONNECT

Both types IPv6 IPv4-mapped address and IPv4-compatible
address are not allowed to be used in wire protocols.

Fixes golang/go#4709.

Thank you raptium for original CL 6922050.

R=golang-dev, agl
CC=golang-dev, raptium
https://golang.org/cl/7220047

diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go
index 4078bc7..822d08b 100644
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go

@@ -5,23 +5,26 @@
 package proxy
 
 import (
+	"io"
 	"net"
 	"net/url"
+	"strconv"
+	"sync"
 	"testing"
 )
 
-type testDialer struct {
+type testFromURLDialer struct {
 	network, addr string
 }
 
-func (t *testDialer) Dial(network, addr string) (net.Conn, error) {
+func (t *testFromURLDialer) Dial(network, addr string) (net.Conn, error) {
 	t.network = network
 	t.addr = addr
 	return nil, t
 }
 
-func (t *testDialer) Error() string {
-	return "testDialer " + t.network + " " + t.addr
+func (t *testFromURLDialer) Error() string {
+	return "testFromURLDialer " + t.network + " " + t.addr
 }
 
 func TestFromURL(t *testing.T) {
@@ -30,7 +33,7 @@
 		t.Fatalf("failed to parse URL: %s", err)
 	}
 
-	tp := &testDialer{}
+	tp := &testFromURLDialer{}
 	proxy, err := FromURL(u, tp)
 	if err != nil {
 		t.Fatalf("FromURL failed: %s", err)
@@ -40,7 +43,7 @@
 	if conn != nil {
 		t.Error("Dial unexpected didn't return an error")
 	}
-	if tp, ok := err.(*testDialer); ok {
+	if tp, ok := err.(*testFromURLDialer); ok {
 		if tp.network != "tcp" || tp.addr != "1.2.3.4:5678" {
 			t.Errorf("Dialer connected to wrong host. Wanted 1.2.3.4:5678, got: %v", tp)
 		}
@@ -48,3 +51,70 @@
 		t.Errorf("Unexpected error from Dial: %s", err)
 	}
 }
+
+func TestSOCKS5(t *testing.T) {
+	endSystem, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("net.Listen failed: %v", err)
+	}
+	defer endSystem.Close()
+	gateway, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("net.Listen failed: %v", err)
+	}
+	defer gateway.Close()
+
+	wg := &sync.WaitGroup{}
+	go socks5Gateway(t, gateway, endSystem, wg)
+	wg.Add(1)
+
+	proxy, err := SOCKS5("tcp", gateway.Addr().String(), nil, Direct)
+	if err != nil {
+		t.Fatalf("SOCKS5 failed: %v", err)
+	}
+	if c, err := proxy.Dial("tcp", endSystem.Addr().String()); err != nil {
+		t.Fatalf("SOCKS5.Dial failed: %v", err)
+	} else {
+		c.Close()
+	}
+
+	wg.Wait()
+}
+
+func socks5Gateway(t *testing.T, gateway, endSystem net.Listener, wg *sync.WaitGroup) {
+	defer wg.Done()
+
+	c, err := gateway.Accept()
+	if err != nil {
+		t.Fatalf("net.Listener.Accept failed: %v", err)
+	}
+	defer c.Close()
+
+	b := make([]byte, 32)
+	if _, err := io.ReadFull(c, b[:3]); err != nil {
+		t.Fatalf("net.Conn.Read failed: %v", err)
+	}
+	if _, err := c.Write([]byte{socks5Version, socks5AuthNone}); err != nil {
+		t.Fatalf("net.Conn.Write failed: %v", err)
+	}
+	if _, err := io.ReadFull(c, b[:10]); err != nil {
+		t.Fatalf("net.Conn.Read failed: %v", err)
+	}
+	if b[0] != socks5Version || b[1] != socks5Connect || b[2] != 0x00 || b[3] != socks5IP4 {
+		t.Fatalf("got an unexpected packet: %v, %v, %v, %v", b[0], b[1], b[2], b[3])
+	}
+	copy(b[:4], []byte{socks5Version, 0x00, 0x00, socks5IP4})
+	host, port, err := net.SplitHostPort(endSystem.Addr().String())
+	if err != nil {
+		t.Fatalf("net.SplitHostPort failed: %v", err)
+	}
+	b = append(b, []byte(net.ParseIP(host).To4())...)
+	p, err := strconv.Atoi(port)
+	if err != nil {
+		t.Fatalf("strconv.Atoi failed: %v", err)
+	}
+	b = append(b, []byte{byte(p >> 8), byte(p)}...)
+	if _, err := c.Write(b); err != nil {
+		t.Fatalf("net.Conn.Write failed: %v", err)
+	}
+}

diff --git a/proxy/socks5.go b/proxy/socks5.go
index 41a3aff..4319ffc 100644
--- a/proxy/socks5.go
+++ b/proxy/socks5.go

@@ -64,7 +64,6 @@
 func (s *socks5) Dial(network, addr string) (net.Conn, error) {
 	switch network {
 	case "tcp", "tcp6", "tcp4":
-		break
 	default:
 		return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
 	}
@@ -103,11 +102,11 @@
 		buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
 	}
 
-	if _, err = conn.Write(buf); err != nil {
+	if _, err := conn.Write(buf); err != nil {
 		return nil, errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}
 
-	if _, err = io.ReadFull(conn, buf[:2]); err != nil {
+	if _, err := io.ReadFull(conn, buf[:2]); err != nil {
 		return nil, errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}
 	if buf[0] != 5 {
@@ -125,11 +124,11 @@
 		buf = append(buf, uint8(len(s.password)))
 		buf = append(buf, s.password...)
 
-		if _, err = conn.Write(buf); err != nil {
+		if _, err := conn.Write(buf); err != nil {
 			return nil, errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
 		}
 
-		if _, err = io.ReadFull(conn, buf[:2]); err != nil {
+		if _, err := io.ReadFull(conn, buf[:2]); err != nil {
 			return nil, errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
 		}
 
@@ -142,12 +141,13 @@
 	buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
 
 	if ip := net.ParseIP(host); ip != nil {
-		if ip.To4() != nil {
+		if ip4 := ip.To4(); ip4 != nil {
 			buf = append(buf, socks5IP4)
+			ip = ip4
 		} else {
 			buf = append(buf, socks5IP6)
 		}
-		buf = append(buf, []byte(ip)...)
+		buf = append(buf, ip...)
 	} else {
 		buf = append(buf, socks5Domain)
 		buf = append(buf, byte(len(host)))
@@ -155,11 +155,11 @@
 	}
 	buf = append(buf, byte(port>>8), byte(port))
 
-	if _, err = conn.Write(buf); err != nil {
+	if _, err := conn.Write(buf); err != nil {
 		return nil, errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}
 
-	if _, err = io.ReadFull(conn, buf[:4]); err != nil {
+	if _, err := io.ReadFull(conn, buf[:4]); err != nil {
 		return nil, errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}
 
@@ -193,12 +193,12 @@
 	} else {
 		buf = buf[:bytesToDiscard]
 	}
-	if _, err = io.ReadFull(conn, buf); err != nil {
+	if _, err := io.ReadFull(conn, buf); err != nil {
 		return nil, errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}
 
 	// Also need to discard the port number
-	if _, err = io.ReadFull(conn, buf[:2]); err != nil {
+	if _, err := io.ReadFull(conn, buf[:2]); err != nil {
 		return nil, errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
 	}