From 3dfbacc7b6bdffec18335f03c43d3e3793149ece Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 9 Sep 2024 17:00:50 -0400 Subject: [PATCH] Implement proposal 351 This proposal adds new syntax to the SOCKS5 username/password extension scheme, so that requests with usernames starting with are now reserved. For C tor, all we need to do is reject every username starting with unless it is exactly "0". --- changes/prop351 | 7 +++++++ src/core/proto/proto_socks.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 changes/prop351 diff --git a/changes/prop351 b/changes/prop351 new file mode 100644 index 0000000000..fca604f1a1 --- /dev/null +++ b/changes/prop351 @@ -0,0 +1,7 @@ + o Minor features (SOCKS): + - Detect invalid SOCKS5 username/password combinations according to + new extended parameters syntax. (Currently, this rejects any + SOCKS5 username beginning with "", except for the username + "0". Such usernames are now reserved to communicate additional + parameters with other Tor implementations.) + Implements proposal 351. diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 78767a94ff..90ec3a9636 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -451,6 +451,19 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, const char *password = socks5_client_userpass_auth_getconstarray_passwd(trunnel_req); + /* Detect invalid SOCKS5 extended-parameter requests. */ + if (usernamelen >= 8 && + tor_memeq(username, "", 8)) { + /* This is indeed an extended-parameter request. */ + if (usernamelen != 9 || + tor_memneq(username, "0", 9)) { + /* This request is an unrecognized version, or it includes an Arti RPC + * object ID (which we do not recognize). */ + res = SOCKS_RESULT_INVALID; + goto end; + } + } + if (usernamelen && username) { tor_free(req->username); req->username = tor_memdup_nulterm(username, usernamelen);