ensure all bytes are read in socks handshake. fixes #4188
This commit is contained in:
Daniel Gultsch
parent
586fff5485
commit
da14f83a42
|
|
@ -1,5 +1,7 @@
|
||||||
package eu.siacs.conversations.utils;
|
package eu.siacs.conversations.utils;
|
||||||
|
|
||||||
|
import com.google.common.io.ByteStreams;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
|
@ -12,15 +14,16 @@ import eu.siacs.conversations.Config;
|
||||||
|
|
||||||
public class SocksSocketFactory {
|
public class SocksSocketFactory {
|
||||||
|
|
||||||
private static final byte[] LOCALHOST = new byte[]{127,0,0,1};
|
private static final byte[] LOCALHOST = new byte[]{127, 0, 0, 1};
|
||||||
|
|
||||||
public static void createSocksConnection(final Socket socket, final String destination, final int port) throws IOException {
|
public static void createSocksConnection(final Socket socket, final String destination, final int port) throws IOException {
|
||||||
|
//TODO use different Socks Addr Type if destination is IP or IPv6
|
||||||
final InputStream proxyIs = socket.getInputStream();
|
final InputStream proxyIs = socket.getInputStream();
|
||||||
final OutputStream proxyOs = socket.getOutputStream();
|
final OutputStream proxyOs = socket.getOutputStream();
|
||||||
proxyOs.write(new byte[]{0x05, 0x01, 0x00});
|
proxyOs.write(new byte[]{0x05, 0x01, 0x00});
|
||||||
proxyOs.flush();
|
proxyOs.flush();
|
||||||
final byte[] handshake = new byte[2];
|
final byte[] handshake = new byte[2];
|
||||||
proxyIs.read(handshake);
|
ByteStreams.readFully(proxyIs, handshake);
|
||||||
if (handshake[0] != 0x05 || handshake[1] != 0x00) {
|
if (handshake[0] != 0x05 || handshake[1] != 0x00) {
|
||||||
throw new SocksConnectionException("Socks 5 handshake failed");
|
throw new SocksConnectionException("Socks 5 handshake failed");
|
||||||
}
|
}
|
||||||
|
|
@ -32,21 +35,52 @@ public class SocksSocketFactory {
|
||||||
request.putShort((short) port);
|
request.putShort((short) port);
|
||||||
proxyOs.write(request.array());
|
proxyOs.write(request.array());
|
||||||
proxyOs.flush();
|
proxyOs.flush();
|
||||||
final byte[] response = new byte[7 + dest.length];
|
final byte[] response = new byte[4];
|
||||||
proxyIs.read(response);
|
ByteStreams.readFully(proxyIs, response);
|
||||||
if (response[1] != 0x00) {
|
final byte ver = response[0];
|
||||||
if (response[1] == 0x04) {
|
if (ver != 0x05) {
|
||||||
|
throw new IOException(String.format("Unknown Socks version %02X ", ver));
|
||||||
|
}
|
||||||
|
final byte status = response[1];
|
||||||
|
final byte bndAddrType = response[3];
|
||||||
|
final byte[] bndDestination = readDestination(bndAddrType, proxyIs);
|
||||||
|
final byte[] bndPort = new byte[2];
|
||||||
|
if (bndAddrType == 0x03) {
|
||||||
|
final String receivedDestination = new String(bndDestination);
|
||||||
|
if (!receivedDestination.equalsIgnoreCase(destination)) {
|
||||||
|
throw new IOException(String.format("Destination mismatch. Received %s Expected %s", receivedDestination, destination));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ByteStreams.readFully(proxyIs, bndPort);
|
||||||
|
if (status != 0x00) {
|
||||||
|
if (status == 0x04) {
|
||||||
throw new HostNotFoundException("Host unreachable");
|
throw new HostNotFoundException("Host unreachable");
|
||||||
}
|
}
|
||||||
if (response[1] == 0x05) {
|
if (status == 0x05) {
|
||||||
throw new HostNotFoundException("Connection refused");
|
throw new HostNotFoundException("Connection refused");
|
||||||
}
|
}
|
||||||
throw new SocksConnectionException("Unable to connect to destination "+(int) (response[1]));
|
throw new IOException(String.format("Unknown status code %02X ", status));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static byte[] readDestination(final byte type, final InputStream inputStream) throws IOException {
|
||||||
|
final byte[] bndDestination;
|
||||||
|
if (type == 0x01) {
|
||||||
|
bndDestination = new byte[4];
|
||||||
|
} else if (type == 0x03) {
|
||||||
|
final int length = inputStream.read();
|
||||||
|
bndDestination = new byte[length];
|
||||||
|
} else if (type == 0x04) {
|
||||||
|
bndDestination = new byte[16];
|
||||||
|
} else {
|
||||||
|
throw new IOException(String.format("Unknown Socks address type %02X ", type));
|
||||||
|
}
|
||||||
|
ByteStreams.readFully(inputStream, bndDestination);
|
||||||
|
return bndDestination;
|
||||||
|
}
|
||||||
|
|
||||||
public static boolean contains(byte needle, byte[] haystack) {
|
public static boolean contains(byte needle, byte[] haystack) {
|
||||||
for(byte hay : haystack) {
|
for (byte hay : haystack) {
|
||||||
if (hay == needle) {
|
if (hay == needle) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,8 @@ package eu.siacs.conversations.xmpp.jingle;
|
||||||
import android.os.PowerManager;
|
import android.os.PowerManager;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
|
|
||||||
|
import com.google.common.io.ByteStreams;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
|
@ -114,26 +116,26 @@ public class JingleSocks5Transport extends JingleTransport {
|
||||||
final byte[] authBegin = new byte[2];
|
final byte[] authBegin = new byte[2];
|
||||||
final InputStream inputStream = socket.getInputStream();
|
final InputStream inputStream = socket.getInputStream();
|
||||||
final OutputStream outputStream = socket.getOutputStream();
|
final OutputStream outputStream = socket.getOutputStream();
|
||||||
inputStream.read(authBegin);
|
ByteStreams.readFully(inputStream, authBegin);
|
||||||
if (authBegin[0] != 0x5) {
|
if (authBegin[0] != 0x5) {
|
||||||
socket.close();
|
socket.close();
|
||||||
}
|
}
|
||||||
final short methodCount = authBegin[1];
|
final short methodCount = authBegin[1];
|
||||||
final byte[] methods = new byte[methodCount];
|
final byte[] methods = new byte[methodCount];
|
||||||
inputStream.read(methods);
|
ByteStreams.readFully(inputStream, methods);
|
||||||
if (SocksSocketFactory.contains((byte) 0x00, methods)) {
|
if (SocksSocketFactory.contains((byte) 0x00, methods)) {
|
||||||
outputStream.write(new byte[]{0x05, 0x00});
|
outputStream.write(new byte[]{0x05, 0x00});
|
||||||
} else {
|
} else {
|
||||||
outputStream.write(new byte[]{0x05, (byte) 0xff});
|
outputStream.write(new byte[]{0x05, (byte) 0xff});
|
||||||
}
|
}
|
||||||
byte[] connectCommand = new byte[4];
|
final byte[] connectCommand = new byte[4];
|
||||||
inputStream.read(connectCommand);
|
ByteStreams.readFully(inputStream, connectCommand);
|
||||||
if (connectCommand[0] == 0x05 && connectCommand[1] == 0x01 && connectCommand[3] == 0x03) {
|
if (connectCommand[0] == 0x05 && connectCommand[1] == 0x01 && connectCommand[3] == 0x03) {
|
||||||
int destinationCount = inputStream.read();
|
int destinationCount = inputStream.read();
|
||||||
final byte[] destination = new byte[destinationCount];
|
final byte[] destination = new byte[destinationCount];
|
||||||
inputStream.read(destination);
|
ByteStreams.readFully(inputStream, destination);
|
||||||
final byte[] port = new byte[2];
|
final byte[] port = new byte[2];
|
||||||
inputStream.read(port);
|
ByteStreams.readFully(inputStream, port);
|
||||||
final String receivedDestination = new String(destination);
|
final String receivedDestination = new String(destination);
|
||||||
final ByteBuffer response = ByteBuffer.allocate(7 + destination.length);
|
final ByteBuffer response = ByteBuffer.allocate(7 + destination.length);
|
||||||
final byte[] responseHeader;
|
final byte[] responseHeader;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue