Opened 3 years ago

Last modified 3 years ago

#848 accepted Bug / Defect

SOCKS5 Replies Parsed Incorrectly

Reported by: tpw_rules Owned by: Gert Döring
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


OpenVPN parses SOCKS5 replies incorrectly when establishing a connection. The RFC specifies that type 03 (Domain) server names are composed of a length byte which tells how many bytes follow. In the source code the length byte is not accounted for when calculating how many bytes to receive for the reply. There should be a + 1 to account for the length byte. As a result, the entire SOCKS5 reply is not read and the header of the next received packet has the low byte of the port prepended to it, usually resulting in a "bad encapsulated packet length" error and connection failure.

Change History (3)

comment:1 Changed 3 years ago by tpw_rules

To clarify: RFC1928 page 4 explains the server name encoding. Line 385 (alen = (unsigned char) c;) in function recv_socks_reply in src/openvpn/socks.c is what I believe to be the problem.

comment:2 Changed 3 years ago by Gert Döring

Owner: set to Gert Döring
Status: newaccepted

thanks. Will look into it.

comment:3 Changed 3 years ago by tpw_rules

Is there any update on this issue? It's a simple two character fix. I can open a PR or such if that would help resolve it faster.

Note: See TracTickets for help on using tickets.