From fbce0b20d1e171f6201531d85621498eea3a3209 Mon Sep 17 00:00:00 2001 From: Markus Ongyerth Date: Wed, 16 Oct 2024 10:37:51 +0200 Subject: [PATCH] Avoid default IP of 0.0.0.0 This default never makes sense, since a connection request to the 0 IP always fails. The Option mechanism provides a better way of setting an unknown that can easily be detected than abusing a valid but useless IP address. --- src/protocols/http_proxy/server.rs | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/protocols/http_proxy/server.rs b/src/protocols/http_proxy/server.rs index be99330f..99d99921 100644 --- a/src/protocols/http_proxy/server.rs +++ b/src/protocols/http_proxy/server.rs @@ -3,7 +3,7 @@ use std::future::Future; use bytes::Bytes; use log::{debug, error}; -use std::net::{Ipv4Addr, SocketAddr}; +use std::net::SocketAddr; use std::pin::Pin; use std::sync::Arc; @@ -38,11 +38,11 @@ impl Stream for HttpProxyListener { fn handle_request( credentials: &Option, - dest: &Mutex<(Host, u16)>, + dest: &Mutex>, req: Request, ) -> impl Future>, &'static str>> { const PROXY_AUTHORIZATION_PREFIX: &str = "Basic "; - let ok_response = |forward_to: (Host, u16)| -> Result>, _> { + let ok_response = |forward_to: Option<(Host, u16)>| -> Result>, _> { *dest.lock() = forward_to; Ok(Response::builder().status(200).body(Empty::new()).unwrap()) }; @@ -56,10 +56,9 @@ fn handle_request( } debug!("HTTP Proxy CONNECT request to {}", req.uri()); - let forward_to = ( - Host::parse(req.uri().host().unwrap_or_default()).unwrap_or(Host::Ipv4(Ipv4Addr::new(0, 0, 0, 0))), - req.uri().port_u16().unwrap_or(443), - ); + let forward_to = Host::parse(req.uri().host().unwrap_or_default()) + .ok() + .map(|h| (h, req.uri().port_u16().unwrap_or(443))); let Some(token) = credentials else { return future::ready(ok_response(forward_to)); @@ -101,7 +100,7 @@ pub async fn run_server( }; let auth_header = credentials.map(|(user, pass)| base64::engine::general_purpose::STANDARD.encode(format!("{}:{}", user, pass))); - let tasks = JoinSet::>::new(); + let tasks = JoinSet::)>>::new(); let proxy_cfg = Arc::new((auth_header, http1)); let listener = stream::unfold((listener, tasks, proxy_cfg), |(listener, mut tasks, proxy_cfg)| async { @@ -111,7 +110,11 @@ pub async fn run_server( cnx = tasks.join_next(), if !tasks.is_empty() => { match cnx { - Some(Ok(Some((stream, f)))) => (stream, Some(f)), + Some(Ok(Some((stream, Some(f))))) => (stream, Some(f)), + Some(Ok(Some((_, None)))) =>{ + error!("Error while trying to parse connect request"); + continue + }, None | Some(Ok(None)) => continue, Some(Err(err)) => { error!("Error while joinning tasks {:?}", err); @@ -140,7 +143,7 @@ pub async fn run_server( async move { let http1 = &proxy_cfg.1; let auth_header = &proxy_cfg.0; - let forward_to = Mutex::new((Host::Ipv4(Ipv4Addr::new(0, 0, 0, 0)), 0)); + let forward_to = Mutex::new(None); let conn_fut = http1.serve_connection( hyper_util::rt::TokioIo::new(&mut stream), service_fn(|req| handle_request(auth_header, &forward_to, req)),