Opened 19 months ago

Last modified 14 months ago

#848 accepted Bug / Defect

SOCKS5 Replies Parsed Incorrectly

Reported by: tpw_rules Owned by: Gert Döring
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

OpenVPN parses SOCKS5 replies incorrectly when establishing a connection. The RFC specifies that type 03 (Domain) server names are composed of a length byte which tells how many bytes follow. In the source code the length byte is not accounted for when calculating how many bytes to receive for the reply. There should be a + 1 to account for the length byte. As a result, the entire SOCKS5 reply is not read and the header of the next received packet has the low byte of the port prepended to it, usually resulting in a "bad encapsulated packet length" error and connection failure.

Change History (3)

comment:1 Changed 19 months ago by tpw_rules

To clarify: RFC1928 page 4 explains the server name encoding. Line 385 (alen = (unsigned char) c;) in function recv_socks_reply in src/openvpn/socks.c is what I believe to be the problem.

comment:2 Changed 19 months ago by Gert Döring

Owner: set to Gert Döring
Status: newaccepted

thanks. Will look into it.

comment:3 Changed 14 months ago by tpw_rules

Is there any update on this issue? It's a simple two character fix. I can open a PR or such if that would help resolve it faster.

Note: See TracTickets for help on using tickets.