diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-01-11 15:45:51 +0100 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-01-12 13:52:19 +0100 |
| commit | 8837083fbc794317ea4d60faf3233c3a40879327 (patch) | |
| tree | d64701ede44860df85aa235bd01c55f274e1b2f5 /mullvad-api/src | |
| parent | 2f173033f482de001420bbf348c426fa5c537604 (diff) | |
| download | mullvadvpn-8837083fbc794317ea4d60faf3233c3a40879327.tar.xz mullvadvpn-8837083fbc794317ea4d60faf3233c3a40879327.zip | |
Validate SOCKS5 credentials
Validate SOCKS credentials by checking that both `username` and
`password` both have a length between 1 and 255 bytes.
Link to RFC detailing SOCKS5 username/password authentication:
https://datatracker.ietf.org/doc/html/rfc1929
Diffstat (limited to 'mullvad-api/src')
| -rw-r--r-- | mullvad-api/src/https_client_with_sni.rs | 39 |
1 files changed, 13 insertions, 26 deletions
diff --git a/mullvad-api/src/https_client_with_sni.rs b/mullvad-api/src/https_client_with_sni.rs index 3a9bb8d75f..28f40a7d87 100644 --- a/mullvad-api/src/https_client_with_sni.rs +++ b/mullvad-api/src/https_client_with_sni.rs @@ -33,8 +33,7 @@ use std::{ task::{Context, Poll}, time::Duration, }; -use talpid_types::ErrorExt; - +use talpid_types::{net::proxy, ErrorExt}; use tokio::{ io::{AsyncRead, AsyncWrite}, net::{TcpSocket, TcpStream}, @@ -126,13 +125,16 @@ impl InnerConnectionMode { let first_hop = socks.peer; let make_proxy_stream = |tcp_stream| async { match socks.authentication { - SocksAuth::None => { + None => { tokio_socks::tcp::Socks5Stream::connect_with_socket(tcp_stream, addr) .await } - SocksAuth::Password { username, password } => { + Some(credentials) => { tokio_socks::tcp::Socks5Stream::connect_with_password_and_socket( - tcp_stream, addr, &username, &password, + tcp_stream, + addr, + credentials.username(), + credentials.password(), ) .await } @@ -217,13 +219,7 @@ impl From<ParsedShadowsocksConfig> for ServerConfig { #[derive(Clone)] struct SocksConfig { peer: SocketAddr, - authentication: SocksAuth, -} - -#[derive(Clone)] -pub enum SocksAuth { - None, - Password { username: String, password: String }, + authentication: Option<proxy::SocksAuth>, } #[derive(err_derive::Error, Debug)] @@ -237,7 +233,6 @@ impl TryFrom<ApiConnectionMode> for InnerConnectionMode { fn try_from(config: ApiConnectionMode) -> Result<Self, Self::Error> { use std::net::Ipv4Addr; - use talpid_types::net::proxy; Ok(match config { ApiConnectionMode::Direct => InnerConnectionMode::Direct, ApiConnectionMode::Proxied(proxy_settings) => match proxy_settings { @@ -254,20 +249,12 @@ impl TryFrom<ApiConnectionMode> for InnerConnectionMode { } ProxyConfig::Socks5Local(config) => InnerConnectionMode::Socks5(SocksConfig { peer: SocketAddr::new(IpAddr::from(Ipv4Addr::LOCALHOST), config.local_port), - authentication: SocksAuth::None, + authentication: None, + }), + ProxyConfig::Socks5Remote(config) => InnerConnectionMode::Socks5(SocksConfig { + peer: config.endpoint, + authentication: config.auth, }), - ProxyConfig::Socks5Remote(config) => { - let authentication = match config.auth { - Some(proxy::SocksAuth { username, password }) => { - SocksAuth::Password { username, password } - } - None => SocksAuth::None, - }; - InnerConnectionMode::Socks5(SocksConfig { - peer: config.endpoint, - authentication, - }) - } }, }) } |