openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

s_client: Fix -proxy flag regression 

s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.

openssl s_client -connect <target> -proxy <proxy_host:proxy_port>
Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target.

Fixes https://github.com/openssl/openssl/issues/11879

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11880)
This commit is contained in:
Marc 2020-05-20 01:25:10 +01:00 committed by Tomas Mraz
parent 9c47a3386d
commit f7201301ef
1 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
apps/s_client.c
View File

@ -921,6 +921,7 @@ int s_client_main(int argc, char **argv)
char *connectstr = NULL, *bindstr = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL, *host = NULL;
char *thost = NULL, *tport = NULL;
char *port = OPENSSL_strdup(PORT);
char *bindhost = NULL, *bindport = NULL;
char *passarg = NULL, *pass = NULL;
@ -1599,29 +1600,12 @@ int s_client_main(int argc, char **argv)
goto opthelp;
}
#endif
if (proxystr != NULL) {
if (connectstr != NULL) {
int res;
char *tmp_host = host, *tmp_port = port;
if (connectstr == NULL) {
BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
goto opthelp;
}
res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
if (tmp_host != host)
OPENSSL_free(tmp_host);
if (tmp_port != port)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
} else {
int res = 1;
char *tmp_host = host, *tmp_port = port;
if (connectstr != NULL)
res = BIO_parse_hostserv(connectstr, &host, &port,
BIO_PARSE_PRIO_HOST);
res = BIO_parse_hostserv(connectstr, &host, &port, BIO_PARSE_PRIO_HOST);
if (tmp_host != host)
OPENSSL_free(tmp_host);
if (tmp_port != port)
@ -1634,6 +1618,35 @@ int s_client_main(int argc, char **argv)
}
}
if (proxystr != NULL) {
int res;
char *tmp_host = host, *tmp_port = port;
if (host == NULL || port == NULL) {
BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
goto opthelp;
}
/* Retain the original target host:port for use in the HTTP proxy connect string */
thost = OPENSSL_strdup(host);
tport = OPENSSL_strdup(port);
if (thost == NULL || tport == NULL) {
BIO_printf(bio_err, "%s: out of memory\n", prog);
goto end;
}
res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
if (tmp_host != host)
OPENSSL_free(tmp_host);
if (tmp_port != port)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
}
if (bindstr != NULL) {
int res;
res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
@ -2389,7 +2402,8 @@ int s_client_main(int argc, char **argv)
}
break;
case PROTO_CONNECT:
if (!OSSL_HTTP_proxy_connect(sbio, host, port, proxyuser, proxypass,
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
break;
@ -3138,6 +3152,8 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(bindstr);
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_free(thost);
OPENSSL_free(tport);
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);