Skip to content

Commit

Permalink
fix(sslocal): disallow HTTP/SOCKS4 proxying when authentication required
Browse files Browse the repository at this point in the history
  • Loading branch information
alaz committed Nov 11, 2024
1 parent d2cd1bf commit 74d712b
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions crates/shadowsocks-service/src/local/socks/server/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,13 @@ impl SocksTcpHandler {
match version_buffer[0] {
#[cfg(feature = "local-socks4")]
0x04 => {
let handler = Socks4TcpHandler::new(self.context, self.balancer, self.mode);
handler.handle_socks4_client(self.stream, self.peer_addr).await
if self.socks5_auth.auth_required() {
error!("SOCKS4 disabled when authentication is configured");
Err(io::Error::new(ErrorKind::Other, "SOCKS4 unsupported"))
} else {
let handler = Socks4TcpHandler::new(self.context, self.balancer, self.mode);
handler.handle_socks4_client(self.stream, self.peer_addr).await
}
}

0x05 => {
Expand All @@ -193,12 +198,17 @@ impl SocksTcpHandler {

#[cfg(feature = "local-http")]
b'G' | b'g' | b'H' | b'h' | b'P' | b'p' | b'D' | b'd' | b'C' | b'c' | b'O' | b'o' | b'T' | b't' => {
// GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
match self.http_handler.serve_connection(self.stream, self.peer_addr).await {
Ok(..) => Ok(()),
Err(err) => {
error!("HTTP connection {} handler failed with error: {}", self.peer_addr, err);
Err(io::Error::new(ErrorKind::Other, err))
if self.socks5_auth.auth_required() {
error!("HTTP disabled when authentication is configured");
Err(io::Error::new(ErrorKind::Other, "HTTP unsupported"))
} else {
// GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
match self.http_handler.serve_connection(self.stream, self.peer_addr).await {
Ok(..) => Ok(()),
Err(err) => {
error!("HTTP connection {} handler failed with error: {}", self.peer_addr, err);
Err(io::Error::new(ErrorKind::Other, err))
}
}
}
}
Expand Down

0 comments on commit 74d712b

Please sign in to comment.