bugzilla-daemon at mindrot.org
2015-Jun-25 12:15 UTC
[Bug 2417] New: SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Bug ID: 2417
Summary: SOCKS5 should respond with appropriate error reply in
error situations
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mindrot.org at outerspace.dyndns.org
Created attachment 2656
--> https://bugzilla.mindrot.org/attachment.cgi?id=2656&action=edit
Initial implementation proposal with a few TODOs that I don't know how
to implement
- report "bad address type" error if requested address type is not
supported
- report "ruleset block" error if requested hostname too long
- report "ruleset block", "connection refused" or
"generic error" if
server-side connection attempt failure result is "administratively
prohibited", "connect failed" or something else, respectively.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jun-25 12:17 UTC
[Bug 2417] SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Jonas Berlin <mindrot.org at outerspace.dyndns.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.mindrot.or
| |g/show_bug.cgi?id=2250
--- Comment #1 from Jonas Berlin <mindrot.org at outerspace.dyndns.org>
---
This bug complements bug #2250 which handles one additional error
situation
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jun-25 12:22 UTC
[Bug 2417] SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Jonas Berlin <mindrot.org at outerspace.dyndns.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2656|0 |1
is obsolete| |
--- Comment #2 from Jonas Berlin <mindrot.org at outerspace.dyndns.org>
---
Created attachment 2657
--> https://bugzilla.mindrot.org/attachment.cgi?id=2657&action=edit
Initial implementation proposal with a few TODOs that I don't know how
to implement
removes #define that is already added by bug #2250 and not actually
needed for this bug
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jun-25 18:18 UTC
[Bug 2417] SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Jonas Berlin <mindrot.org at outerspace.dyndns.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS|Linux |All
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-30 22:18 UTC
[Bug 2417] SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2657|0 |1
is obsolete| |
CC| |djm at mindrot.org
Status|NEW |ASSIGNED
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Created attachment 2744
--> https://bugzilla.mindrot.org/attachment.cgi?id=2744&action=edit
tidied diff
I've tidied the diff up a bit, but I think we need some extra support
in the channels code to allow the reply to connfailed requests to be
sent in a timely manner.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jun-17 04:52 UTC
[Bug 2417] SOCKS5 should respond with appropriate error reply in error situations
https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2250
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Fixing this is required for Bug 2250 too, but I'm not going to attempt
it until the channels code has been refactored a bit.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2250
[Bug 2250] SOCKS5 should return "NO ACCEPTABLE METHODS" instead of
nothing
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2250] New: SOCKS5 should return "NO ACCEPTABLE METHODS" instead of nothing
- [Bug 533] PANIC: divide by zero in xt_connbytes
- openssh 2.9: socks5 support? and support for RSA SECURID (one-t ime password)?
- SOCKS5 and UDP
- Patch for Socks5 support for dynamic portforwaring?