socks5 support for -D
Darren Tucker
dtucker at zip.com.au
Thu Jun 26 09:20:23 EST 2003
Markus Friedl wrote:
> here's an up-to-date patch, should apply to both
> openbsd and non-openbsd versions of openssh.
>
> i did only test ipv4 addresses.
Hi. I just tried this and found that it does not work for the
SSH_SOCKS5_DOMAIN case because the destination host is not decoded
correctly. RFC1928 says the host name has a leading length record (1
byte) and is not null terminated, so the code as presented has an
off-by-one error. The patch below works for me.
-Daz.
--- channels.c.markus 2003-06-26 08:42:10.000000000 +1000
+++ channels.c 2003-06-26 09:04:50.000000000 +1000
@@ -1025,6 +1025,8 @@
if (have < 4 + addrlen + 2)
return 0;
buffer_consume(&c->input, sizeof(s5_req));
+ if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
+ buffer_consume(&c->input, 1); /* host string length */
buffer_get(&c->input, (char *)&dest_addr, addrlen);
buffer_get(&c->input, (char *)&dest_port, 2);
dest_addr[addrlen] = '\0';
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list