SOCKS5 stopped to work after upgrade from 0.6.2 to 0.6.3.2 #1134

Closed
opened 2018-02-15 14:47:56 +01:00 by Zenitur · 7 comments
Zenitur commented 2018-02-15 14:47:56 +01:00 (Migrated from github.com)
Exception in thread ReceiveQueue_2:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/receivequeuethread.py", line 43, in run
    BMConnectionPool().getConnectionByAddr(dest).process()
  File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/advanceddispatcher.py", line 61, in process
    if not getattr(self, "state_" + str(self.state))():
  File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/socks5.py", line 42, in state_auth_1
    ret = struct.unpack('BB', self.read_buf)
error: unpack requires a string argument of length 2

Python 2.7

``` Exception in thread ReceiveQueue_2: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner self.run() File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/receivequeuethread.py", line 43, in run BMConnectionPool().getConnectionByAddr(dest).process() File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/advanceddispatcher.py", line 61, in process if not getattr(self, "state_" + str(self.state))(): File "/usr/local/lib/python2.7/dist-packages/pybitmessage/network/socks5.py", line 42, in state_auth_1 ret = struct.unpack('BB', self.read_buf) error: unpack requires a string argument of length 2 ``` Python 2.7
PeterSurda commented 2018-02-15 15:16:50 +01:00 (Migrated from github.com)

I had to release 0.6.3 due to the vulnerability before all the details were tested. I haven't tested SOCKS5 authentication so it's possible it doesn't work. It works without authentication. I am still trying to get the binaries built so I don't have time today but if someone would like to submit a pull request, I'd be very happy to merge it.

I had to release 0.6.3 due to the vulnerability before all the details were tested. I haven't tested SOCKS5 authentication so it's possible it doesn't work. It works without authentication. I am still trying to get the binaries built so I don't have time today but if someone would like to submit a pull request, I'd be very happy to merge it.
Zenitur commented 2018-02-15 15:32:22 +01:00 (Migrated from github.com)

I think it's hard to be maintainer when 0-day issue appear in an inopportune moment. All ok.

I think it's hard to be maintainer when 0-day issue appear in an inopportune moment. All ok.
PeterSurda commented 2018-02-15 16:12:05 +01:00 (Migrated from github.com)

If you need SOCKS authentication, you can downgrade to 0.6.1, that is not vulnerable to the exploit and the SOCKS code is working.

If you need SOCKS authentication, you can downgrade to 0.6.1, that is not vulnerable to the exploit and the SOCKS code is working.
PeterSurda commented 2018-02-18 22:46:04 +01:00 (Migrated from github.com)

I added socks authentication to the v0.6 branch but I only have very limited ability to test it. Can you try it?

I added socks authentication to the v0.6 branch but I only have very limited ability to test it. Can you try it?
navjotcis commented 2020-09-28 14:25:29 +02:00 (Migrated from github.com)

I have tried to reproduce the issue by setting the proxy server/ tor type to SOCKS5 and did not face the above problem. Can anybody let me know, Is it working fine now?

I have tried to reproduce the issue by setting the proxy server/ tor type to SOCKS5 and did not face the above problem. Can anybody let me know, Is it working fine now?
navjotcis commented 2020-10-08 15:08:43 +02:00 (Migrated from github.com)

I have followed https://community.hetzner.com/tutorials/install-and-configure-danted-proxy-socks5
reference and install Dante-server socks5 and created username and password for authentication and
then tested the connection with curl command and Dante-server is successfully running then I
have tested it with the Qt app and set the network setting according to socks5 username and password
authentication and tested message sending and receiving and both work fine.

I have followed `https://community.hetzner.com/tutorials/install-and-configure-danted-proxy-socks5` reference and install Dante-server socks5 and created username and password for authentication and then tested the connection with curl command and Dante-server is successfully running then I have tested it with the Qt app and set the network setting according to socks5 username and password authentication and tested message sending and receiving and both work fine.
PeterSurda commented 2020-10-08 15:28:56 +02:00 (Migrated from github.com)

Closing as the tests show no issue, current SOCKS5 code works with authentication.

Closing as the tests show no issue, current SOCKS5 code works with authentication.
This repo is archived. You cannot comment on issues.
No Milestone
No project
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-25#1134
No description provided.