search for: ssh_socks5_noauth

...9 -0000 @@ -54,7 +54,7 @@ #include "key.h" #include "authfd.h" #include "pathnames.h" - +#include "bufaux.h" /* -- channel core */ @@ -940,6 +940,115 @@ return 1; } +/* try to decode a socks5 header */ +#define SSH_SOCKS5_AUTHDONE 0x1000 +#define SSH_SOCKS5_NOAUTH 0x00 +#define SSH_SOCKS5_IPV4 0x01 +#define SSH_SOCKS5_DOMAIN 0x03 +#define SSH_SOCKS5_IPV6 0x04 +#define SSH_SOCKS5_CONNECT 0x01 +#define SSH_SOCKS5_SUCCESS 0x00 + +static int +channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) +{ + struct { + u_int8_t version; + u_int8_t c...

...if (have < 2) @@ -1170,10 +1193,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) c->self); return -1; } - buffer_consume(&c->input, nmethods + 2); - buffer_put_char(&c->output, 0x05); /* version */ - buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */ - FD_SET(c->sock, writeset); + buffer_consume(input, nmethods + 2); + buffer_put_char(output, 0x05); /* version */ + buffer_put_char(output, SSH_SOCKS5_NOAUTH); /* method */ + if (c->sock >= 0) + FD_SET(c->sock, writeset); c->flags |= SSH_SOCKS5_AUTHDONE;...

...Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: guenter at weheartwebsites.de In: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c?rev=1.332;content-type=text%2Fplain Search for: "SSH_SOCKS5_NOAUTH not found" If a connection to SSH-SOCKS5 is established and a unsupported auth method is sent, SSH will not reply anything. According to http://tools.ietf.org/html/rfc1928 the server could (it does not state if the server MUST or SHOULD, hence "could" ;) ) send simply X'FF'...