Commit 59580e12 authored by Marc Hoersken's avatar Marc Hoersken
Browse files

socks.c: Move error output after reading the whole response packet 

First commit to fix issue #944 regarding SOCKS5 error handling.

Reported-by: David Kalnischkies
parent cdaed772

lib/socks.c

+34 −33
Original line number Diff line number Diff line
@@ -668,39 +668,6 @@ CURLcode Curl_SOCKS5(const char *proxy_name, 
          "SOCKS5 reply has wrong version, version should be 5.");

    return CURLE_COULDNT_CONNECT;

  }

  if(socksreq[1] != 0) { /* Anything besides 0 is an error */

    if(socksreq[3] == 1) {

      failf(data,

            "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",

            (unsigned char)socksreq[4], (unsigned char)socksreq[5],

            (unsigned char)socksreq[6], (unsigned char)socksreq[7],

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    else if(socksreq[3] == 3) {

      failf(data,

            "Can't complete SOCKS5 connection to %s:%d. (%d)",

            hostname,

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    else if(socksreq[3] == 4) {

      failf(data,

            "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"

            "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",

            (unsigned char)socksreq[4], (unsigned char)socksreq[5],

            (unsigned char)socksreq[6], (unsigned char)socksreq[7],

            (unsigned char)socksreq[8], (unsigned char)socksreq[9],

            (unsigned char)socksreq[10], (unsigned char)socksreq[11],

            (unsigned char)socksreq[12], (unsigned char)socksreq[13],

            (unsigned char)socksreq[14], (unsigned char)socksreq[15],

            (unsigned char)socksreq[16], (unsigned char)socksreq[17],

            (unsigned char)socksreq[18], (unsigned char)socksreq[19],

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    return CURLE_COULDNT_CONNECT;

  }



  /* Fix: in general, returned BND.ADDR is variable length parameter by RFC

     1928, so the reply packet should be read until the end to avoid errors at
@@ -747,6 +714,40 @@ CURLcode Curl_SOCKS5(const char *proxy_name, 
  }

#endif



  if(socksreq[1] != 0) { /* Anything besides 0 is an error */

    if(socksreq[3] == 1) {

      failf(data,

            "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",

            (unsigned char)socksreq[4], (unsigned char)socksreq[5],

            (unsigned char)socksreq[6], (unsigned char)socksreq[7],

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    else if(socksreq[3] == 3) {

      failf(data,

            "Can't complete SOCKS5 connection to %s:%d. (%d)",

            hostname,

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    else if(socksreq[3] == 4) {

      failf(data,

            "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"

            "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",

            (unsigned char)socksreq[4], (unsigned char)socksreq[5],

            (unsigned char)socksreq[6], (unsigned char)socksreq[7],

            (unsigned char)socksreq[8], (unsigned char)socksreq[9],

            (unsigned char)socksreq[10], (unsigned char)socksreq[11],

            (unsigned char)socksreq[12], (unsigned char)socksreq[13],

            (unsigned char)socksreq[14], (unsigned char)socksreq[15],

            (unsigned char)socksreq[16], (unsigned char)socksreq[17],

            (unsigned char)socksreq[18], (unsigned char)socksreq[19],

            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),

            (unsigned char)socksreq[1]);

    }

    return CURLE_COULDNT_CONNECT;

  }



  (void)curlx_nonblock(sock, TRUE);

  return CURLE_OK; /* Proxy was successful! */

}