New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
incorrectly used ipv6 in proxy connection #1226
Comments
|
@mmmds could you elaborate where the relationship IPv6 structure comes into place? |
|
I've set breakpoint on socket.c:391 and examined flow on a second hit. The application falls into case AF_INET6 and crashes on line 396. However, if I change the application falls into AF_INET case and it proceeds without a crash. By that I assume that |
|
Extra information, in order to make this error work. /etc/hosts should contain: If either of one is defined, it will not trigger. Hence the approach where ipv6-localhost is defined (for example Ubuntu) will not have issues. It took some time to figure this out, better write about it. |
|
This might be a related issue. |
|
@mmmds one of the other things that your message has put me on the wrong foot is that your actual request does not confirm the HTTP standard. It should have been CRLF, not just LF. echo -e "GET /test8/test.html HTTP/1.0\r\nUser-Agent: python\r\n\r\n" | nc 10.9.0.2 8000 |
This commit changes something fundamental in the proxy handling. Previously the proxy was iterating over multiple possible IP addresses received from the source definition. This issue #1226 shows that this fails when mixing IPv4 and IPv6 results. This could be resolved by just taking the "right" addrinfo result, but this is executed after the socket has been created, hence: if we would have an IPv6 result, but created an IPv4 socket, we would miss all checks that happen upon socket creation. The iteration over the getaddrinfo results has now been pulled into the proxy specific code, this might still be able to be abstracted.
A socket structure is incorrectly used as ipv6 while connecting to a proxy server.
PoC
ASAN
Setup:
mkdir /var/www/test{1..20}; for i inseq 1 20; do echo test > test$i/test.html; donefound by: Mateusz Kocielski, Michał Dardas from LogicalTrust
The text was updated successfully, but these errors were encountered: