X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d5c0d8c9374623620844d539d4810da63e9abca1..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/transports/smtp_socks.c

diff --git a/src/src/transports/smtp_socks.c b/src/src/transports/smtp_socks.c
index 555843068..353a69618 100644
--- a/src/src/transports/smtp_socks.c
+++ b/src/src/transports/smtp_socks.c
@@ -2,8 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) Jeremy Harris 2015 */
+/* Copyright (c) The Exim Maintainers 2021 - 2022 */
+/* Copyright (c) Jeremy Harris 2015 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* SOCKS version 5 proxy, client-mode */
 
@@ -74,8 +76,6 @@ sob->priority =   SOCKS_PRIORITY;
 static void
 socks_option(socks_opts * sob, const uschar * opt)
 {
-const uschar * s;
-
 if (Ustrncmp(opt, "auth=", 5) == 0)
   {
   opt += 5;
@@ -87,13 +87,13 @@ else if (Ustrncmp(opt, "name=", 5) == 0)
 else if (Ustrncmp(opt, "pass=", 5) == 0)
   sob->auth_pwd = opt + 5;
 else if (Ustrncmp(opt, "port=", 5) == 0)
-  sob->port = atoi(opt + 5);
+  sob->port = atoi(CCS opt + 5);
 else if (Ustrncmp(opt, "tmo=", 4) == 0)
-  sob->timeout = atoi(opt + 4);
+  sob->timeout = atoi(CCS opt + 4);
 else if (Ustrncmp(opt, "pri=", 4) == 0)
-  sob->priority = atoi(opt + 4);
+  sob->priority = atoi(CCS opt + 4);
 else if (Ustrncmp(opt, "weight=", 7) == 0)
-  sob->weight = atoi(opt + 7);
+  sob->weight = atoi(CCS opt + 7);
 return;
 }
 
@@ -121,15 +121,16 @@ switch(method)
     len = i + j + 3;
     HDEBUG(D_transport|D_acl|D_v)
       {
-      int i;
       debug_printf_indent("  SOCKS>>");
-      for (i = 0; i<len; i++) debug_printf(" %02x", s[i]);
+      for (int i = 0; i<len; i++) debug_printf(" %02x", s[i]);
       debug_printf("\n");
       }
-    if (  send(fd, s, len, 0) < 0
-       || !fd_ready(fd, tmo-time(NULL))
-       || read(fd, s, 2) != 2
-       )
+    if (send(fd, s, len, 0) < 0)
+      return FAIL;
+#ifdef TCP_QUICKACK
+    (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
+    if (!fd_ready(fd, tmo) || read(fd, s, 2) != 2)
       return FAIL;
     HDEBUG(D_transport|D_acl|D_v)
       debug_printf_indent("  SOCKS<< %02x %02x\n", s[0], s[1]);
@@ -161,20 +162,10 @@ socks_opts * sd;
 socks_opts * lim = &proxies[nproxies];
 long rnd, weights;
 unsigned pri;
-static BOOL srandomed = FALSE;
 
 if (nproxies == 1)		/* shortcut, if we have only 1 server */
   return (proxies[0].is_failed ? -1 : 0);
 
-/* init random */
-if (!srandomed)
-  {
-  struct timeval tv;
-  gettimeofday(&tv, NULL);
-  srandom((unsigned int)(tv.tv_usec/1000));
-  srandomed = TRUE;
-  }
-
 /* scan for highest pri */
 for (pri = 0, sd = proxies; sd < lim; sd++)
   if (!sd->is_failed && sd->priority > pri)
@@ -187,11 +178,11 @@ for (weights = 0, sd = proxies; sd < lim; sd++)
 if (weights == 0)       /* all servers failed */
   return -1;
 
-for (rnd = random() % weights, i = 0; i < nproxies; i++)
+for (rnd = random_number(weights), i = 0; i < nproxies; i++)
   {
   sd = &proxies[i];
   if (!sd->is_failed && sd->priority == pri)
-    if ((rnd -= sd->weight) <= 0)
+    if ((rnd -= sd->weight) < 0)
       return i;
   }
 
@@ -231,8 +222,9 @@ const uschar * state;
 uschar buf[24];
 socks_opts proxies[32];			/* max #proxies handled */
 unsigned nproxies;
-socks_opts * sob;
+socks_opts * sob = NULL;
 unsigned size;
+blob early_data;
 
 if (!timeout) timeout = 24*60*60;	/* use 1 day for "indefinite" */
 tmo = time(NULL) + timeout;
@@ -267,6 +259,15 @@ for (nproxies = 0;
   while ((option = string_nextinlist(&proxy_spec, &subsep, NULL, 0)))
     socks_option(sob, option);
   }
+if (!sob) return -1;
+
+/* Set up the socks protocol method-selection message,
+for sending on connection */
+
+state = US"method select";
+buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type;
+early_data.data = buf;
+early_data.len = 3;
 
 /* Try proxies until a connection succeeds */
 
@@ -274,7 +275,7 @@ for(;;)
   {
   int idx;
   host_item proxy;
-  int proxy_af;
+  smtp_connect_args sc = {.sock = -1};
 
   if ((idx = socks_get_proxy(proxies, nproxies)) < 0)
     {
@@ -285,11 +286,17 @@ for(;;)
   sob = &proxies[idx];
 
   /* bodge up a host struct for the proxy */
-  proxy.address = sob->proxy_host;
-  proxy_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET;
+  proxy.address = proxy.name = sob->proxy_host;
+  proxy.port = sob->port;
+
+  sc.tblock = tb;
+  sc.ob = ob;
+  sc.host = &proxy;
+  sc.host_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET;
+  sc.interface = interface;
 
-  if ((fd = smtp_sock_connect(&proxy, proxy_af, sob->port,
-	      interface, tb, sob->timeout)) >= 0)
+  /*XXX we trust that the method-select command is idempotent */
+  if ((fd = smtp_sock_connect(&sc, sob->timeout, &early_data)) >= 0)
     {
     proxy_local_address = string_copy(proxy.address);
     proxy_local_port = sob->port;
@@ -301,17 +308,16 @@ for(;;)
   }
 
 /* Do the socks protocol stuff */
-/* Send method-selection */
 
-state = US"method select";
 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SOCKS>> 05 01 %02x\n", sob->auth_type);
-buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type;
-if (send(fd, buf, 3, 0) < 0)
-  goto snd_err;
 
 /* expect method response */
 
-if (  !fd_ready(fd, tmo-time(NULL))
+#ifdef TCP_QUICKACK
+(void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
+
+if (  !fd_ready(fd, tmo)
    || read(fd, buf, 2) != 2
    )
   goto rcv_err;
@@ -322,7 +328,7 @@ if (  buf[0] != 5
    )
   goto proxy_err;
 
-  {
+ {
   union sockaddr_46 sin;
   (void) ip_addr(&sin, host_af, host->address, port);
 
@@ -345,14 +351,13 @@ if (  buf[0] != 5
       &sin.v4.sin_port, sizeof(sin.v4.sin_port));
     size = 4+sizeof(sin.v4.sin_addr.s_addr)+sizeof(sin.v4.sin_port);
     }
-  }
+ }
 
 state = US"connect";
 HDEBUG(D_transport|D_acl|D_v)
   {
-  int i;
   debug_printf_indent("  SOCKS>>");
-  for (i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
+  for (int i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
   debug_printf("\n");
   }
 if (send(fd, buf, size, 0) < 0)
@@ -361,15 +366,14 @@ if (send(fd, buf, size, 0) < 0)
 /* expect conn-reply (success, local(ipver, addr, port))
 of same length as conn-request, or non-success fail code */
 
-if (  !fd_ready(fd, tmo-time(NULL))
+if (  !fd_ready(fd, tmo)
    || (size = read(fd, buf, size)) < 2
    )
   goto rcv_err;
 HDEBUG(D_transport|D_acl|D_v)
   {
-  int i;
   debug_printf_indent("  SOCKS>>");
-  for (i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
+  for (int i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
   debug_printf("\n");
   }
 if (  buf[0] != 5