FULL PRODUCT VERSION :
ADDITIONAL OS VERSION INFORMATION :
Linux 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
Client Proxy SOCKS works only with IPv4, in SocksSocketImpl try read zero-bytes (0 bits) IPv6 (IPv6 has 16 bytes) and zero bytes DOMAIN_NAME
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Change zero byte of array IPv6 to 16 bytes.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Class SocksSocketImpl (look only at 523 line and 534):
switch (data[1]) {
case REQUEST_OK:
// success!
switch(data[3]) {
case IPV4:
addr = new byte[4];
i = readSocksReply(in, addr, deadlineMillis);
if (i != 4)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
case DOMAIN_NAME:
len = data[1]; //LINE 523 <------------------ should read one byte with length
byte[] host = new byte[len];
i = readSocksReply(in, host, deadlineMillis);
if (i != len)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
case IPV6:
len = data[1]; //LINE 534 <-------------------- should be 16
addr = new byte[len];
i = readSocksReply(in, addr, deadlineMillis);
if (i != len)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
default:
ex = new SocketException("Reply from SOCKS server contains wrong code");
break;
}
break;
ACTUAL -
Class SocksSocketImpl (look only at 523 line and 534):
switch (data[1]) {
case REQUEST_OK:
// success!
switch(data[3]) {
case IPV4:
addr = new byte[4];
i = readSocksReply(in, addr, deadlineMillis);
if (i != 4)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
case DOMAIN_NAME:
len = data[1]; //LINE 523 <------------------ should read one byte with length
byte[] host = new byte[len];
i = readSocksReply(in, host, deadlineMillis);
if (i != len)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
case IPV6:
len = data[1]; //LINE 534 <-------------------- should be 16
addr = new byte[len];
i = readSocksReply(in, addr, deadlineMillis);
if (i != len)
throw new SocketException("Reply from SOCKS server badly formatted");
data = new byte[2];
i = readSocksReply(in, data, deadlineMillis);
if (i != 2)
throw new SocketException("Reply from SOCKS server badly formatted");
break;
default:
ex = new SocketException("Reply from SOCKS server contains wrong code");
break;
}
break;
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Proxy p = new Proxy(Proxy.Type.SOCKS, inetAddr);
Socket s = new Socket(p);
s.connect(ipv6); //or unresolved InetSocketAddress
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Create own implementatin proxy