(FWD) [rieger at dest-unreach.org: Re: SOCKS4A broken in 1.4.0?]
Roger Dingledine
arma at mit.edu
Mon Jul 5 07:53:20 UTC 2004
It seems that socat (http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp)
isn't providing the anonymity that we think it is. Fyi. :)
--Roger
----- Forwarded message from Thomas Themel <themel at iwoars.net> -----
From: Thomas Themel <themel at iwoars.net>
Date: Mon, 5 Jul 2004 02:09:42 +0200
To: arma at mit.edu
Subject: [rieger at dest-unreach.org: Re: SOCKS4A broken in 1.4.0?]
Hi,
Since you're recommending socat for use with tor and you specifically
mentioned the anonymity problems inherent in doing DNS lookups on the
anon client in your Codecon talk, I thought you might find this
interesting - I verified it's true with socat-1.3.2.2. socat-1.4.0.0
with my patch works as expected.
----- Forwarded message from Gerhard Rieger <rieger at dest-unreach.org> -----
Date: Sun, 04 Jul 2004 21:24:48 +0200
From: Gerhard Rieger <rieger at dest-unreach.org>
To: Thomas Themel <themel at iwoars.net>
CC: socat at dest-unreach.org
Subject: Re: SOCKS4A broken in 1.4.0?
Hi Thomas,
you uncovered a dark chapter of socat.
First problem: just as you found out, socat 1.4.0.0 constructed bad
socks4a headers. This should be corrected with your patch, thank you!
Second, bad news for both of us: previous versions of socat used socks4a
only when the hostname could not be resolved. The above socks4a bug has
certainly always existed in socat; that means that your work a month ago
used socks4, not socks4a protocol, because it would have failed
otherwise. I hope that this truth does not destroy your world,
reputation or project...
Thanks for finding this bug and providing a patch!
Regards
Gerhard Rieger
Thomas Themel wrote:
>Hi there,
>
>I'm having problems connecting through a SOCKS4A proxy, which worked
>fine a month ago. I assume that this was caused by the switchover to 1.4
>in the Debian package.
>
>The command line used for the connection was:
>
>socat TCP4-LISTEN:5223,reuseaddr
>SOCKS4A:localhost:jabber.at:5223,socksport=9050
>
>Ethereal decoded the request that socat sent as:
>
>| Frame 11 (91 bytes on wire, 91 bytes captured)
>| Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
>| Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1
>(127.0.0.1)
>| Transmission Control Protocol, Src Port: 36612 (36612), Dst Port: 9050
>(9050), Seq: 1, Ack: 1, Len: 25
>| Socks Protocol
>| Version: 4
>| Command: 1 (Connect)
>| Remote Port: 5223
>| Remote Address: 0.0.0.106 (0.0.0.106)
>| User Name: abber.at
>
>Comparing this to the SOCKS4A spec at
><http://archive.socks.permeo.com/protocol/socks4a.protocol>, it seems
>like socat puts the host name one byte _before_ the user name instead of
>after the trailing 0 byte of the user name.
>
>The following patch fixes it for me:
>
>themel at sophokles:~/socat-1.4$ diff -u xio-socks.c ../xio-socks.c
>--- xio-socks.c 2004-06-20 23:30:02.000000000 +0200
>+++ ../xio-socks.c 2004-07-04 15:04:37.000000000 +0200
>@@ -269,9 +269,12 @@
> }
>#endif /* WITH_SOCKS4A */
>#if WITH_SOCKS4A
>- /* this has not really been tested */
> if (host == NULL) {
>- strncpy((char *)&sockhead->dest+3, hostname, 256+8-*headlen);
>+ /* SOCKS4A requires us to append the host name to resolve
>+ after the user name's trailing 0 byte. */
>+ char* insert_position = (char*) sockhead + *headlen;
>+
>+ strncpy(insert_position, hostname, 256+8-*headlen);
> *headlen += strlen(hostname) + 1;
> }
>#endif /* WITH_SOCKS4A */
>
>I've tested SOCKS4A with tor - <http://www.freehaven.net/tor/>, might
>be useful for future changes.
>
>ciao,
>
>
----- End forwarded message -----
ciao,
--
[*Thomas Themel*] Deposing a harmless tyrant: $87,000,000,000
[extended contact] Generating 2 Islamic republics plus an ethnic republic
[info provided in] that destabilizes Turkey: priceless
[*message header*] - "Major Variola" on cypherpunks
----- End forwarded message -----
More information about the tor-dev
mailing list