summaryrefslogtreecommitdiff
path: root/indra/llmessage
diff options
context:
space:
mode:
Diffstat (limited to 'indra/llmessage')
-rw-r--r--indra/llmessage/llproxy.cpp79
-rw-r--r--indra/llmessage/llproxy.h18
2 files changed, 68 insertions, 29 deletions
diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp
index e1970f1368..381308fb2a 100644
--- a/indra/llmessage/llproxy.cpp
+++ b/indra/llmessage/llproxy.cpp
@@ -68,7 +68,7 @@ LLProxy::LLProxy():
LLProxy::~LLProxy()
{
- stopProxy();
+ stopSOCKSProxy();
sUDPProxyEnabled = false;
sHTTPProxyEnabled = false;
@@ -95,14 +95,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port)
if (result != 0)
{
LL_WARNS("Proxy") << "SOCKS authentication request failed, error on TCP control channel : " << result << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_CONNECT_ERROR;
}
if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE)
{
LL_WARNS("Proxy") << "SOCKS 5 server refused all our authentication methods" << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_NOT_ACCEPTABLE;
}
@@ -126,14 +126,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port)
if (result != 0)
{
LL_WARNS("Proxy") << "SOCKS authentication failed, error on TCP control channel : " << result << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_CONNECT_ERROR;
}
if (password_reply.status != AUTH_SUCCESS)
{
LL_WARNS("Proxy") << "SOCKS authentication failed" << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_AUTH_FAIL;
}
}
@@ -156,14 +156,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port)
if (result != 0)
{
LL_WARNS("Proxy") << "SOCKS connect request failed, error on TCP control channel : " << result << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_CONNECT_ERROR;
}
if (connect_reply.reply != REPLY_REQUEST_GRANTED)
{
LL_WARNS("Proxy") << "Connection to SOCKS 5 server failed, UDP forward request not granted" << LL_ENDL;
- stopProxy();
+ stopSOCKSProxy();
return SOCKS_UDP_FWD_NOT_GRANTED;
}
@@ -174,37 +174,49 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port)
return SOCKS_OK;
}
-S32 LLProxy::startProxy(std::string host, U32 port)
+S32 LLProxy::startSOCKSProxy(LLHost host)
{
- mTCPProxy.setHostByName(host);
- mTCPProxy.setPort(port);
+ S32 status = SOCKS_OK;
- S32 status;
+ if (host.isOk())
+ {
+ mTCPProxy = host;
+ }
+ else
+ {
+ status = SOCKS_INVALID_HOST;
+ }
- if (mProxyControlChannel)
+ if (mProxyControlChannel && status == SOCKS_OK)
{
tcp_close_channel(&mProxyControlChannel);
}
- mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy);
- if (!mProxyControlChannel)
+ if (status == SOCKS_OK)
+ {
+ mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy);
+ if (!mProxyControlChannel)
+ {
+ status = SOCKS_HOST_CONNECT_FAILED;
+ }
+ }
+
+ if (status == SOCKS_OK)
{
- return SOCKS_HOST_CONNECT_FAILED;
+ status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort);
}
- status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort);
if (status == SOCKS_OK)
{
sUDPProxyEnabled = true;
}
else
{
- stopProxy();
+ stopSOCKSProxy();
}
return status;
-
}
-void LLProxy::stopProxy()
+void LLProxy::stopSOCKSProxy()
{
sUDPProxyEnabled = false;
@@ -228,8 +240,15 @@ void LLProxy::setAuthNone()
mAuthMethodSelected = METHOD_NOAUTH;
}
-void LLProxy::setAuthPassword(const std::string &username, const std::string &password)
+bool LLProxy::setAuthPassword(const std::string &username, const std::string &password)
{
+ if (username.length() > SOCKSMAXUSERNAMELEN || password.length() > SOCKSMAXPASSWORDLEN ||
+ username.length() < SOCKSMINUSERNAMELEN || password.length() < SOCKSMINPASSWORDLEN)
+ {
+ LL_WARNS("Proxy") << "Invalid SOCKS 5 password or username length." << LL_ENDL;
+ return false;
+ }
+
mAuthMethodSelected = METHOD_PASSWORD;
mSocksUsername = username;
mSocksPassword = password;
@@ -240,10 +259,18 @@ void LLProxy::setAuthPassword(const std::string &username, const std::string &pa
LLMutexLock lock(&mProxyMutex);
mSOCKSAuthStrings.push_back(curl_auth_string);
+
+ return true;
}
-void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type)
-{
+bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type)
+{
+ if (httpHost.isOk())
+ {
+ LL_WARNS("Proxy") << "Invalid SOCKS 5 Server" << LL_ENDL;
+ return false;
+ }
+
LLMutexLock lock(&mProxyMutex);
sHTTPProxyEnabled = true;
@@ -254,13 +281,17 @@ void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type)
char* http_addr_string = new char[size];
strncpy(http_addr_string, httpHost.getIPString().c_str(), size);
mHTTPProxyAddrStrings.push_back(http_addr_string);
+
+ return true;
}
-void LLProxy::enableHTTPProxy()
+bool LLProxy::enableHTTPProxy()
{
LLMutexLock lock(&mProxyMutex);
sHTTPProxyEnabled = true;
+
+ return true;
}
void LLProxy::disableHTTPProxy()
@@ -273,7 +304,7 @@ void LLProxy::disableHTTPProxy()
//static
void LLProxy::cleanupClass()
{
- getInstance()->stopProxy();
+ getInstance()->stopSOCKSProxy();
deleteSingleton();
}
diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h
index df1ec9121e..ce5bdec5ad 100644
--- a/indra/llmessage/llproxy.h
+++ b/indra/llmessage/llproxy.h
@@ -44,11 +44,19 @@
#define SOCKS_AUTH_FAIL (-4)
#define SOCKS_UDP_FWD_NOT_GRANTED (-5)
#define SOCKS_HOST_CONNECT_FAILED (-6)
+#define SOCKS_INVALID_HOST (-7)
+
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */
#endif
+#define SOCKSMAXUSERNAMELEN 255
+#define SOCKSMAXPASSWORDLEN 255
+
+#define SOCKSMINUSERNAMELEN 1
+#define SOCKSMINPASSWORDLEN 1
+
#define SOCKS_VERSION 0x05 // we are using SOCKS 5
#define SOCKS_HEADER_SIZE 10
@@ -165,16 +173,16 @@ public:
~LLProxy();
// Start a connection to the SOCKS 5 proxy
- S32 startProxy(std::string host, U32 port);
+ S32 startSOCKSProxy(LLHost host);
// Disconnect and clean up any connection to the SOCKS 5 proxy
- void stopProxy();
+ void stopSOCKSProxy();
// Delete LLProxy singleton, destroying the APR pool used by the control channel.
static void cleanupClass();
// Set up to use Password auth when connecting to the SOCKS proxy
- void setAuthPassword(const std::string &username, const std::string &password);
+ bool setAuthPassword(const std::string &username, const std::string &password);
// Set up to use No Auth when connecting to the SOCKS proxy
void setAuthNone();
@@ -190,8 +198,8 @@ public:
// Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy
// as specified in type
- void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type);
- void enableHTTPProxy();
+ bool enableHTTPProxy(LLHost httpHost, LLHttpProxyType type);
+ bool enableHTTPProxy();
// Stop proxying HTTP packets
void disableHTTPProxy();