Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the

proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
author: Daniel Stenberg <daniel@haxx.se> 2008-01-04 23:01:00 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2008-01-04 23:01:00 +0000
commit: 2e42b0a252416803a90ea232dc94a0a21d5a97e5 (patch)
tree: ce5c9b3a2e33408a77300563964924a73d6b464b /lib
parent: fcc485092a09811d5bfed78d13984fed5c31e652 (diff)
3 files changed, 97 insertions, 27 deletions
diff --git a/lib/socks.c b/lib/socks.c
index 5146b0dc4..90ec1f215 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -390,6 +390,17 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
   curl_socket_t sock = conn->sock[sockindex];
   struct SessionHandle *data = conn->data;
   long timeout;
+  bool socks5_resolve_local = data->set.socks5_resolve_local;
+  const size_t hostname_len = strlen(hostname);
+  int packetsize = 0;
+
+  /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+  if(!socks5_resolve_local && hostname_len > 255)
+  {
+    infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
+          "length > 255 [actual len=%d]\n", hostname_len);
+    socks5_resolve_local = TRUE;
+  }
 
   /* get timeout */
   if(data->set.timeout && data->set.connecttimeout) {
@@ -553,13 +564,26 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
   socksreq[0] = 5; /* version (SOCKS5) */
   socksreq[1] = 1; /* connect */
   socksreq[2] = 0; /* must be zero */
-  socksreq[3] = 1; /* IPv4 = 1 */
 
-  {
+  if(!socks5_resolve_local) {
+    packetsize = 5 + hostname_len + 2;
+
+    socksreq[3] = 3; /* ATYP: domain name = 3 */
+    socksreq[4] = (char) hostname_len; /* address length */
+    memcpy(&socksreq[5], hostname, hostname_len); /* address bytes w/o NULL */
+
+    *((unsigned short*)&socksreq[hostname_len+5]) =
+      htons((unsigned short)remote_port);
+  }
+  else {
     struct Curl_dns_entry *dns;
     Curl_addrinfo *hp=NULL;
     int rc = Curl_resolv(conn, hostname, remote_port, &dns);
 
+    packetsize = 10;
+
+    socksreq[3] = 1; /* IPv4 = 1 */
+
     if(rc == CURLRESOLV_ERROR)
       return CURLE_COULDNT_RESOLVE_HOST;
 
@@ -595,40 +619,76 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
             hostname);
       return CURLE_COULDNT_RESOLVE_HOST;
     }
+
+    *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
   }
 
-  *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
+  code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
+  if((code != CURLE_OK) || (written != packetsize)) {
+    failf(data, "Failed to send SOCKS5 connect request.");
+    return CURLE_COULDNT_CONNECT;
+  }
 
-  {
-    const int packetsize = 10;
+  packetsize = 10; /* minimum packet size is 10 */
+
+  result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+                           &actualread, timeout);
+  if((result != CURLE_OK) || (actualread != packetsize)) {
+    failf(data, "Failed to receive SOCKS5 connect request ack.");
+    return CURLE_COULDNT_CONNECT;
+  }
 
-    code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
-    if((code != CURLE_OK) || (written != packetsize)) {
-      failf(data, "Failed to send SOCKS5 connect request.");
+  if(socksreq[0] != 5) { /* version */
+    failf(data,
+          "SOCKS5 reply has wrong version, version should be 5.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  if(socksreq[1] != 0) { /* Anything besides 0 is an error */
+      failf(data,
+            "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
+            socksreq[1]);
       return CURLE_COULDNT_CONNECT;
-    }
+  }
 
-    result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+  /* Fix: in general, returned BND.ADDR is variable length parameter by RFC
+     1928, so the reply packet should be read until the end to avoid errors at
+     subsequent protocol level.
+
+    +----+-----+-------+------+----------+----------+
+    |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
+    +----+-----+-------+------+----------+----------+
+    | 1  |  1  | X'00' |  1   | Variable |    2     |
+    +----+-----+-------+------+----------+----------+
+
+     ATYP:
+     o  IP v4 address: X'01', BND.ADDR = 4 byte
+     o  domain name:  X'03', BND.ADDR = [ 1 byte length, string ]
+     o  IP v6 address: X'04', BND.ADDR = 16 byte
+     */
+
+  /* Calculate real packet size */
+  if(socksreq[3] == 3) {
+    /* domain name */
+    int addrlen = (int) socksreq[4];
+    packetsize = 5 + addrlen + 2;
+  }
+  else if(socksreq[3] == 4) {
+    /* IPv6 */
+    packetsize = 4 + 16 + 2;
+  }
+
+  /* At this point we already read first 10 bytes */
+  if(packetsize > 10) {
+    packetsize -= 10;
+    result = blockread_all(conn, sock, (char *)&socksreq[10], packetsize,
                            &actualread, timeout);
     if((result != CURLE_OK) || (actualread != packetsize)) {
       failf(data, "Failed to receive SOCKS5 connect request ack.");
       return CURLE_COULDNT_CONNECT;
     }
-
-    if(socksreq[0] != 5) { /* version */
-      failf(data,
-            "SOCKS5 reply has wrong version, version should be 5.");
-      return CURLE_COULDNT_CONNECT;
-    }
-    if(socksreq[1] != 0) { /* Anything besides 0 is an error */
-        failf(data,
-              "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
-              (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-              (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-              (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-              socksreq[1]);
-        return CURLE_COULDNT_CONNECT;
-    }
   }
 
   Curl_nonblock(sock, TRUE);
diff --git a/lib/url.c b/lib/url.c
index 550cb2113..774e25ff2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2054,6 +2054,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     }
     break;
 
+  case CURLOPT_SOCKS5_RESOLVE_LOCAL:
+    /*
+     * Enable or disable using of SOCKS5 proxy server to resolve domain names
+     * instead of using platform API like gethostbyname_r etc
+     */
+    data->set.socks5_resolve_local = (bool)(0 != va_arg(param, long));
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     result = CURLE_FAILED_INIT; /* correct this */
diff --git a/lib/urldata.h b/lib/urldata.h
index 9febb8415..2f061e035 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1441,7 +1441,9 @@ struct UserDefined {
   long new_directory_perms; /* Permissions to use when creating remote dirs */
   bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
                                via an HTTP proxy */
-
+  bool socks5_resolve_local; /* resolve host names locally even if a SOCKS5
+                                proxy in use.  Valid only if CURLOPT_PROXYTYPE
+                                == CURLPROXY_SOCKS5, otherwise ignored. */
   char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
 };
author	Daniel Stenberg <daniel@haxx.se>	2008-01-04 23:01:00 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2008-01-04 23:01:00 +0000
commit	2e42b0a252416803a90ea232dc94a0a21d5a97e5 (patch)
tree	ce5c9b3a2e33408a77300563964924a73d6b464b /lib
parent	fcc485092a09811d5bfed78d13984fed5c31e652 (diff)