socks5 support for -D

Darren Tucker dtucker at
Thu Jun 26 09:20:23 EST 2003

Markus Friedl wrote:
> here's an up-to-date patch, should apply to both
> openbsd and non-openbsd versions of openssh.
> i did only test ipv4 addresses.

Hi.  I just tried this and found that it does not work for the
SSH_SOCKS5_DOMAIN case because the destination host is not decoded
correctly.  RFC1928 says the host name has a leading length record (1
byte) and is not null terminated, so the code as presented has an
off-by-one error.  The patch below works for me.


--- channels.c.markus   2003-06-26 08:42:10.000000000 +1000
+++ channels.c  2003-06-26 09:04:50.000000000 +1000
@@ -1025,6 +1025,8 @@
        if (have < 4 + addrlen + 2)
                return 0;
        buffer_consume(&c->input, sizeof(s5_req));
+       if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
+              buffer_consume(&c->input, 1);    /* host string length */
        buffer_get(&c->input, (char *)&dest_addr, addrlen);
        buffer_get(&c->input, (char *)&dest_port, 2);
        dest_addr[addrlen] = '\0';

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list