(Message A/socks:2)
Return-Path: socks5-owner@syl.dl.nec.com
Delivery-Date: Mon, 05 Oct 1998 16:30:23 -0600
Received: from rover.village.org (rover.village.org [10.0.0.1] (may be forged)) by harmony.village.org (8.9.1/8.8.3) with SMTP id QAA02889 for <imp@harmony>; Mon, 5 Oct 1998 16:30:23 -0600 (MDT)
Received: from ns.village.org [204.144.255.51] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zQJ9G-0002kf-00; Mon, 5 Oct 1998 16:30:34 -0600
Received: from Telemann.inoc.dl.nec.com (mail1.nec.com [143.101.112.2])
	by schizoid.village.org (8.8.8/8.8.8) with ESMTP id QAA23255
	for <imp@village.org>; Mon, 5 Oct 1998 16:30:25 -0600 (MDT)
	(envelope-from socks5-owner@syl.dl.nec.com)
Received: from shredder.syl.dl.nec.com (shredder.syl.dl.nec.com [143.101.64.3])
	by Telemann.inoc.dl.nec.com (8.8.8/8.8.8) with ESMTP id RAA07239;
	Mon, 5 Oct 1998 17:29:26 -0500 (CDT)
Received: (from majordom@localhost)
	by shredder.syl.dl.nec.com (8.8.8/8.8.8) id RAA26431
	for socks5-outgoing; Mon, 5 Oct 1998 17:20:56 -0500 (CDT)
Received: from speedy.syl.dl.nec.com (speedy.syl.dl.nec.com [143.101.64.26])
	by shredder.syl.dl.nec.com (8.8.8/8.8.8) with ESMTP id RAA26427;
	Mon, 5 Oct 1998 17:20:53 -0500 (CDT)
Received: (from wlu@localhost)
	by speedy.syl.dl.nec.com (8.8.5/8.8.5) id RAA12216;
	Mon, 5 Oct 1998 17:20:53 -0500 (CDT)
Date: Mon, 5 Oct 1998 17:20:53 -0500 (CDT)
From: Wei Lu <wlu@syl.dl.nec.com>
Message-Id: <199810052220.RAA12216@speedy.syl.dl.nec.com>
To: lewst@yahoo.com, per@erix.ericsson.se
Subject: Re:  rftp: Bad file number
Cc: socks5@socks.nec.com
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary=1a8a_7a29-462e_438d-15d8_39e1
Sender: owner-socks5@syl.dl.nec.com
Precedence: bulk


--1a8a_7a29-462e_438d-15d8_39e1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-MD5: QV8YpIf8aurxcfBiTDpYgg==
X-Sun-Data-Type: text

Attached is a patch to solve "round robin DNS" problem. For
security reason, the incoming connection's address checking
is needed for BIND request.

I agree with Per that the BIND request in current SOCKS protocol
is not well thought. I am not sure about the LOOKUP request.
It could introduce other problems such as returned address in
the LOOKUP reply is being used internally.

==========================================
Wei Lu		Email:	wlu@syl.dl.nec.com

[snip]

*** server/tcp.c	Wed Sep 30 14:24:28 1998
--- server/tcp.c.new	Mon Oct  5 14:43:04 1998
***************
*** 233,242 ****
  
      /* We need to check first that the accepted address (pri->dstAddr)   */
      /* matches the requested address (wtdaddr).                          */
!     if (wtdaddr.sa.sa_family == pri->dstAddr.sa.sa_family && lsAddrAddrComp(&pri->dstAddr, &wtdaddr) != 0) {
!         S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(0), MSGID_SERVER_TCP_ACCEPT_AUTH, "TCP Accepted authorization failed for host: %s:%d", pri->dstName, (int)ntohs(lsAddr2Port(&pri->dstAddr)));
!         *s5ep = SOCKS5_AUTHORIZE;
!         return EXIT_AUTH;
      }
  
      /* Note that the requested address can be type of S5NAME while the   */
--- 233,272 ----
  
      /* We need to check first that the accepted address (pri->dstAddr)   */
      /* matches the requested address (wtdaddr).                          */
!     if (lsAddrAddrComp(&pri->dstAddr, &wtdaddr) != 0) {
! 	/* People are not happy with this checking because it breaks     */
! 	/* round robin DNS entries...                                    */
! 	if (pri->dstAddr.sa.sa_family == AF_INET &&
! 		(pri->retName[0] != '\0' && inet_addr(pri->retName) == INVALIDADDR)) {
! 	    struct hostent *hp;
! 	    int i;
! 
! 	    S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "TCP Accepted: Checking round robin DNS entries");
! 
! 	    MUTEX_LOCK(gh_mutex);
! 	    if (!(hp = gethostbyname(pri->retName))) {
! 		MUTEX_UNLOCK(gh_mutex);
! 		S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(0), MSGID_SERVER_TCP_ACCEPT_AUTH, "TCP Accepted authorization failed for host: %s:%d", pri->dstName, (int)ntohs(lsAddr2Port(&pri->dstAddr)));
! 		*s5ep = SOCKS5_AUTHORIZE;
! 		return EXIT_AUTH;
! 	    }
! 
! 	    for (i = 0; hp->h_addr_list[i]; i++) {
! 		if (!memcmp((char *)&pri->dstAddr.sin.sin_addr, hp->h_addr_list[i], sizeof(struct in_addr))) break;
! 	    }
! 
! 	    if (!hp->h_addr_list[i]) {
! 		MUTEX_UNLOCK(gh_mutex);
! 		S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(0), MSGID_SERVER_TCP_ACCEPT_AUTH, "TCP Accepted authorization failed for host: %s:%d", pri->dstName, (int)ntohs(lsAddr2Port(&pri->dstAddr)));
! 		*s5ep = SOCKS5_AUTHORIZE;
! 		return EXIT_AUTH;
! 	    }
! 	    MUTEX_UNLOCK(gh_mutex);
! 	} else {
! 	    S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(0), MSGID_SERVER_TCP_ACCEPT_AUTH, "TCP Accepted authorization failed for host: %s:%d", pri->dstName, (int)ntohs(lsAddr2Port(&pri->dstAddr)));
! 	    *s5ep = SOCKS5_AUTHORIZE;
! 	    return EXIT_AUTH;
! 	}
      }
  
      /* Note that the requested address can be type of S5NAME while the   */
