[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 141/173: proxy: fix hostname resolution and IDN con
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 141/173: proxy: fix hostname resolution and IDN conversion |
Date: |
Fri, 24 Feb 2017 14:02:43 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit 2f8d0df085519351dbd7123178895ba910d756c1
Author: Michael Kaufmann <address@hidden>
AuthorDate: Sat Feb 18 13:56:56 2017 +0100
proxy: fix hostname resolution and IDN conversion
Properly resolve, convert and log the proxy host names.
Support the "--connect-to" feature for SOCKS proxies and for passive FTP
data transfers.
Follow-up to cb4e2be
Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1248
---
lib/http_proxy.c | 13 ++++---
lib/multi.c | 9 +++--
lib/url.c | 36 ++++++++++---------
lib/urldata.h | 2 --
tests/data/Makefile.inc | 4 +--
tests/data/test2055 | 80 +++++++++++++++++++++++++++++++++++++++++
tests/data/test712 | 1 -
tests/data/{test712 => test713} | 12 +++----
tests/data/test714 | 64 +++++++++++++++++++++++++++++++++
tests/data/test715 | 66 ++++++++++++++++++++++++++++++++++
10 files changed, 252 insertions(+), 35 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index d523ba519..7fde11dbb 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -98,16 +98,21 @@ CURLcode Curl_proxy_connect(struct connectdata *conn, int
sockindex)
* original pointer
*
* This function might be called several times in the multi interface case
- * if the proxy's CONNTECT response is not instant.
+ * if the proxy's CONNECT response is not instant.
*/
prot_save = conn->data->req.protop;
memset(&http_proxy, 0, sizeof(http_proxy));
conn->data->req.protop = &http_proxy;
connkeep(conn, "HTTP proxy CONNECT");
- if(sockindex == SECONDARYSOCKET)
- hostname = conn->secondaryhostname;
- else if(conn->bits.conn_to_host)
+
+ /* for the secondary socket (FTP), use the "connect to host"
+ * but ignore the "connect to port" (use the secondary port)
+ */
+
+ if(conn->bits.conn_to_host)
hostname = conn->conn_to_host.name;
+ else if(sockindex == SECONDARYSOCKET)
+ hostname = conn->secondaryhostname;
else
hostname = conn->host.name;
diff --git a/lib/multi.c b/lib/multi.c
index 950b600cb..04bf3f937 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -638,7 +638,10 @@ static CURLcode multi_done(struct connectdata **connp,
infof(data, "Connection #%ld to host %s left intact\n",
conn->connection_id,
- conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname);
+ conn->bits.socksproxy ? conn->socks_proxy.host.dispname :
+ conn->bits.httpproxy ? conn->http_proxy.host.dispname :
+ conn->bits.conn_to_host ? conn->conn_to_host.dispname :
+ conn->host.dispname);
}
else
data->state.lastconnect = NULL;
@@ -1477,8 +1480,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
struct connectdata *conn = data->easy_conn;
const char *hostname;
- if(conn->bits.proxy)
- hostname = conn->proxy.name;
+ if(conn->bits.httpproxy)
+ hostname = conn->http_proxy.host.name;
else if(conn->bits.conn_to_host)
hostname = conn->conn_to_host.name;
else
diff --git a/lib/url.c b/lib/url.c
index 8d1c0cc7f..2886abec8 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3054,7 +3054,6 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool
dead_connection)
free_fixed_hostname(&conn->host);
free_fixed_hostname(&conn->conn_to_host);
- free_fixed_hostname(&conn->proxy);
free_fixed_hostname(&conn->http_proxy.host);
free_fixed_hostname(&conn->socks_proxy.host);
@@ -3819,17 +3818,19 @@ CURLcode Curl_connected_proxy(struct connectdata *conn,
int sockindex)
if(conn->bits.socksproxy) {
#ifndef CURL_DISABLE_PROXY
- const char * const host = conn->bits.conn_to_host ?
- conn->conn_to_host.name :
- conn->bits.httpproxy ?
+ /* for the secondary socket (FTP), use the "connect to host"
+ * but ignore the "connect to port" (use the secondary port)
+ */
+ const char * const host = conn->bits.httpproxy ?
conn->http_proxy.host.name :
+ conn->bits.conn_to_host ?
+ conn->conn_to_host.name :
sockindex == SECONDARYSOCKET ?
conn->secondaryhostname : conn->host.name;
- const int port = conn->bits.conn_to_port ? conn->conn_to_port :
- conn->bits.httpproxy ?
- (int)conn->http_proxy.port :
- sockindex == SECONDARYSOCKET ?
- conn->secondary_port : conn->remote_port;
+ const int port = conn->bits.httpproxy ? (int)conn->http_proxy.port :
+ sockindex == SECONDARYSOCKET ? conn->secondary_port :
+ conn->bits.conn_to_port ? conn->conn_to_port :
+ conn->remote_port;
conn->bits.socksproxy_connecting = TRUE;
switch(conn->socks_proxy.proxytype) {
case CURLPROXY_SOCKS5:
@@ -3867,7 +3868,8 @@ void Curl_verboseconnect(struct connectdata *conn)
infof(conn->data, "Connected to %s (%s) port %ld (#%ld)\n",
conn->bits.socksproxy ? conn->socks_proxy.host.dispname :
conn->bits.httpproxy ? conn->http_proxy.host.dispname :
- conn->host.dispname,
+ conn->bits.conn_to_host ? conn->conn_to_host.dispname :
+ conn->host.dispname,
conn->ip_addr_str, conn->port, conn->connection_id);
}
#endif
@@ -4114,7 +4116,7 @@ static struct connectdata *allocate_conn(struct Curl_easy
*data)
conn->tempsock[1] = CURL_SOCKET_BAD; /* no file descriptor */
conn->connection_id = -1; /* no ID */
conn->port = -1; /* unknown at this point */
- conn->remote_port = -1; /* unknown */
+ conn->remote_port = -1; /* unknown at this point */
#if defined(USE_RECV_BEFORE_SEND_WORKAROUND) && defined(DEBUGBUILD)
conn->postponed[0].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
conn->postponed[1].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
@@ -5925,7 +5927,7 @@ static CURLcode resolve_server(struct Curl_easy *data,
if(conn->bits.conn_to_port)
conn->port = conn->conn_to_port;
else
- conn->port = conn->remote_port; /* it is the same port */
+ conn->port = conn->remote_port;
/* Resolve target host right on */
rc = Curl_resolv_timeout(conn, connhost->name, (int)conn->port,
@@ -5981,11 +5983,9 @@ static void reuse_conn(struct connectdata *old_conn,
{
free_fixed_hostname(&old_conn->http_proxy.host);
free_fixed_hostname(&old_conn->socks_proxy.host);
- free_fixed_hostname(&old_conn->proxy);
free(old_conn->http_proxy.host.rawalloc);
free(old_conn->socks_proxy.host.rawalloc);
- free(old_conn->proxy.rawalloc);
/* free the SSL config struct from this connection struct as this was
allocated in vain and is targeted for destruction */
@@ -6432,12 +6432,14 @@ static CURLcode create_conn(struct Curl_easy *data,
fix_hostname(conn, &conn->host);
if(conn->bits.conn_to_host)
fix_hostname(conn, &conn->conn_to_host);
- if(conn->proxy.name && *conn->proxy.name)
- fix_hostname(conn, &conn->proxy);
+ if(conn->bits.httpproxy)
+ fix_hostname(conn, &conn->http_proxy.host);
+ if(conn->bits.socksproxy)
+ fix_hostname(conn, &conn->socks_proxy.host);
/*************************************************************
* Check whether the host and the "connect to host" are equal.
- * Do this after the hostnames have been IDN-fixed .
+ * Do this after the hostnames have been IDN-fixed.
*************************************************************/
if(conn->bits.conn_to_host &&
strcasecompare(conn->conn_to_host.name, conn->host.name)) {
diff --git a/lib/urldata.h b/lib/urldata.h
index e37b566a5..c17e42cc0 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -936,7 +936,6 @@ struct connectdata {
char *secondaryhostname; /* secondary socket host name (ftp) */
struct hostname conn_to_host; /* the host to connect to. valid only if
bits.conn_to_host is set */
- struct hostname proxy;
struct proxy_info socks_proxy;
struct proxy_info http_proxy;
@@ -1644,7 +1643,6 @@ struct UserDefined {
struct ssl_config_data proxy_ssl; /* user defined SSL stuff for proxy */
struct ssl_general_config general_ssl; /* general user defined SSL stuff */
curl_proxytype proxytype; /* what kind of proxy that is in use */
- curl_proxytype socks_proxytype; /* what kind of socks proxy that is in use */
long dns_cache_timeout; /* DNS cache timeout */
long buffer_size; /* size of receive buffer to use */
void *private_data; /* application-private data */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 953916d97..33dce05d8 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -80,7 +80,7 @@ test626 test627 test628 test629 test630 test631 test632
test633 test634 \
test635 test636 test637 test638 test639 test640 test641 \
\
test700 test701 test702 test703 test704 test705 test706 test707 test708 \
-test709 test710 test711 test712 \
+test709 test710 test711 test712 test713 test714 test715 \
\
test800 test801 test802 test803 test804 test805 test806 test807 test808 \
test809 test810 test811 test812 test813 test814 test815 test816 test817 \
@@ -176,4 +176,4 @@ test2016 test2017 test2018 test2019 test2020 test2021
test2022 test2023 \
test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
test2032 test2033 test2034 test2035 test2036 test2037 test2038 test2039 \
test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
-test2048 test2049 test2050 test2051 test2052 test2053 test2054
+test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055
diff --git a/tests/data/test2055 b/tests/data/test2055
new file mode 100755
index 000000000..cca44942f
--- /dev/null
+++ b/tests/data/test2055
@@ -0,0 +1,80 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP CONNECT
+HTTP proxy
+proxytunnel
+CURLOPT_CONNECT_TO
+SOCKS5
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<connect>
+HTTP/1.1 200 Connection established
+
+</connect>
+
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 3
+Content-Type: text/plain
+
+OK
+</data>
+
+<datacheck>
+HTTP/1.1 200 Connection established
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 3
+Content-Type: text/plain
+
+OK
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+http-proxy
+socks5
+</server>
+ <name>
+Connect to specific host via SOCKS proxy and HTTP proxy (switch to tunnel mode
automatically)
+ </name>
+
+ <command>
+http://www.example.com.2055/2055 --connect-to
::connect.example.com.2055:%HTTPPORT -x %HOSTIP:%PROXYPORT --preproxy
socks5://%HOSTIP:%SOCKSPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<proxy>
+CONNECT connect.example.com.2055:%HTTPPORT HTTP/1.1
+Host: connect.example.com.2055:%HTTPPORT
+Proxy-Connection: Keep-Alive
+
+</proxy>
+<protocol>
+GET /2055 HTTP/1.1
+Host: www.example.com.2055
+Accept: */*
+
+</protocol>
+
+</verify>
+</testcase>
diff --git a/tests/data/test712 b/tests/data/test712
index c62e9f2c5..252c9ef0e 100644
--- a/tests/data/test712
+++ b/tests/data/test712
@@ -6,7 +6,6 @@ FTP
PASV
RETR
SOCKS5
-all_proxy
</keywords>
</info>
#
diff --git a/tests/data/test712 b/tests/data/test713
old mode 100644
new mode 100755
similarity index 64%
copy from tests/data/test712
copy to tests/data/test713
index c62e9f2c5..bb79994f5
--- a/tests/data/test712
+++ b/tests/data/test713
@@ -1,12 +1,12 @@
<testcase>
-#based off test 707 after bug report #1218
+#based off test 712
<info>
<keywords>
FTP
PASV
RETR
SOCKS5
-all_proxy
+CURLOPT_CONNECT_TO
</keywords>
</info>
#
@@ -25,10 +25,10 @@ ftp
socks5
</server>
<name>
-FTP fetch with --proxy set to socks5://
+FTP fetch with --proxy set to socks5:// and with --connect-to
</name>
<command>
-ftp://%HOSTIP:%FTPPORT/712 --proxy socks5://%HOSTIP:%SOCKSPORT
+ftp://ftp.example.com/713 --connect-to ::%HOSTIP:%FTPPORT --proxy
socks5://%HOSTIP:%SOCKSPORT
</command>
</client>
@@ -41,8 +41,8 @@ PASS address@hidden
PWD
EPSV
TYPE I
-SIZE 712
-RETR 712
+SIZE 713
+RETR 713
QUIT
</protocol>
</verify>
diff --git a/tests/data/test714 b/tests/data/test714
new file mode 100755
index 000000000..9d1f0a96e
--- /dev/null
+++ b/tests/data/test714
@@ -0,0 +1,64 @@
+<testcase>
+#based off test 712
+<info>
+<keywords>
+FTP
+PASV
+RETR
+HTTP
+HTTP CONNECT
+proxytunnel
+CURLOPT_CONNECT_TO
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<connect>
+HTTP/1.1 200 Connection established
+
+</connect>
+
+<data nocheck="yes">
+silly content
+</data>
+
+<datacheck>
+HTTP/1.1 200 Connection established
+
+HTTP/1.1 200 Connection established
+
+silly content
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+ftp
+http-proxy
+</server>
+ <name>
+FTP fetch with --proxy set to http:// and with --connect-to
+ </name>
+ <command>
+ftp://ftp.example.com.714/714 --connect-to ::connect.example.com.714:%FTPPORT
--proxytunnel --proxy http://%HOSTIP:%PROXYPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER anonymous
+PASS address@hidden
+PWD
+EPSV
+TYPE I
+SIZE 714
+RETR 714
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test715 b/tests/data/test715
new file mode 100755
index 000000000..ffcfc7e3e
--- /dev/null
+++ b/tests/data/test715
@@ -0,0 +1,66 @@
+<testcase>
+#based off test 712
+<info>
+<keywords>
+FTP
+PASV
+RETR
+HTTP
+HTTP CONNECT
+proxytunnel
+SOCKS5
+CURLOPT_CONNECT_TO
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<connect>
+HTTP/1.1 200 Connection established
+
+</connect>
+
+<data nocheck="yes">
+silly content
+</data>
+
+<datacheck>
+HTTP/1.1 200 Connection established
+
+HTTP/1.1 200 Connection established
+
+silly content
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+ftp
+http-proxy
+socks5
+</server>
+ <name>
+FTP fetch with --preproxy, --proxy and --connect-to
+ </name>
+ <command>
+ftp://ftp.example.com.715/715 --connect-to ::connect.example.com.715:%FTPPORT
--proxytunnel --proxy %HOSTIP:%PROXYPORT --preproxy socks5://%HOSTIP:%SOCKSPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER anonymous
+PASS address@hidden
+PWD
+EPSV
+TYPE I
+SIZE 715
+RETR 715
+QUIT
+</protocol>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 96/173: polarssl: fix hangs, (continued)
- [GNUnet-SVN] [gnurl] 96/173: polarssl: fix hangs, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 112/173: darwinssl: Avoid parsing certificates when not in verbose mode, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 95/173: cookies: do not assume a valid domain has a dot, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 66/173: TODO: Chunked transfer multipart formpost, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 137/173: TODO: consider file name from the redirected URL with -O ?, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 107/173: use *.sourceforge.io and misc URL updates, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 70/173: docs: improved language in README.md HISTORY.md CONTRIBUTE.md, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 113/173: test552: Fix typos, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 131/173: configure: Allow disabling pthreads, fall back on Win32 threads, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 103/173: openssl: Don't use certificate after transferring ownership, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 141/173: proxy: fix hostname resolution and IDN conversion,
gnunet <=
- [GNUnet-SVN] [gnurl] 40/173: sws: retry send() on EWOULDBLOCK, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 108/173: cmdline-opts: Fixed build and test in out of source tree builds, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 123/173: examples/multithread.c: link to our multi-thread docs, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 152/173: digest_sspi: Handle 'stale=TRUE' directive in HTTP digest, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 129/173: tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 151/173: smb: use getpid replacement for windows UWP builds, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 65/173: TODO: Improve formpost API, not just add an easy argument, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 90/173: cmdline-opts/gen.pl: Open input files in CRLF mode, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 59/173: next.d: --trace and --trace-ascii are also global, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 72/173: nss: use the correct lock in nss_find_slot_by_name(), gnunet, 2017/02/24