From 36c9b93cfec19efdbc6600b85dac4a2b2e841013 Mon Sep 17 00:00:00 2001 From: rofl0r Date: Sun, 6 Sep 2020 16:22:11 +0100 Subject: [PATCH] transparent: remove usage of inet_ntoa(), make IPv6 ready inet_ntoa() uses a static buffer and is therefore not threadsafe. additionally it has been deprecated by POSIX. by using inet_ntop() instead the code has been made ipv6 aware. note that this codepath was only entered in the unlikely event that no hosts header was being passed to the proxy, i.e. pre-HTTP/1.1. --- configure.ac | 2 +- src/transparent-proxy.c | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 900af95..74220a2 100644 --- a/configure.ac +++ b/configure.ac @@ -143,7 +143,7 @@ AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK AC_FUNC_MALLOC AC_FUNC_REALLOC -AC_CHECK_FUNCS([inet_ntoa strdup]) +AC_CHECK_FUNCS([strdup]) AC_CHECK_FUNCS([strlcpy strlcat setgroups]) dnl Enable extra warnings diff --git a/src/transparent-proxy.c b/src/transparent-proxy.c index 727ef3e..2c1e069 100644 --- a/src/transparent-proxy.c +++ b/src/transparent-proxy.c @@ -64,12 +64,16 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, length = hashmap_entry_by_key (hashofheaders, "host", (void **) &data); if (length <= 0) { - struct sockaddr_in dest_addr; + union sockaddr_union dest_addr; + const void *dest_inaddr; + char namebuf[INET6_ADDRSTRLEN+1]; + int af; length = sizeof(dest_addr); if (getsockname - (connptr->client_fd, (struct sockaddr *) &dest_addr, + (connptr->client_fd, (void *) &dest_addr, &length) < 0 || length > sizeof(dest_addr)) { + addr_err:; log_message (LOG_ERR, "process_request: cannot get destination IP for %d", connptr->client_fd); @@ -79,10 +83,16 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, return 0; } - request->host = (char *) safemalloc (17); - strlcpy (request->host, inet_ntoa (dest_addr.sin_addr), 17); + af = length == sizeof(dest_addr.v4) ? AF_INET : AF_INET6; + if (af == AF_INET) dest_inaddr = &dest_addr.v4.sin_addr; + else dest_inaddr = &dest_addr.v6.sin6_addr; - request->port = ntohs (dest_addr.sin_port); + if (!inet_ntop(af, dest_inaddr, namebuf, sizeof namebuf)) + goto addr_err; + + request->host = safestrdup (namebuf); + request->port = ntohs (af == AF_INET ? dest_addr.v4.sin_port + : dest_addr.v6.sin6_port); request->path = (char *) safemalloc (ulen + 1); strlcpy (request->path, *url, ulen + 1);