From f5837f75938b5b80898dbc0757c71c3127b6a2cf Mon Sep 17 00:00:00 2001
From: mmcc <>
Date: Thu, 10 Dec 2015 16:49:28 +0000
Subject: Map SOCKS error codes to error strings. With input from deraadt@

---
 src/usr.bin/nc/socks.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 61 insertions(+), 5 deletions(-)

diff --git a/src/usr.bin/nc/socks.c b/src/usr.bin/nc/socks.c
index 1b06e0e12d..79b97bbffa 100644
--- a/src/usr.bin/nc/socks.c
+++ b/src/usr.bin/nc/socks.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: socks.c,v 1.21 2015/03/26 21:19:51 tobias Exp $	*/
+/*	$OpenBSD: socks.c,v 1.22 2015/12/10 16:49:28 mmcc Exp $	*/
 
 /*
  * Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
@@ -122,6 +122,58 @@ getproxypass(const char *proxyuser, const char *proxyhost)
 	return (pw);
 }
 
+/*
+ * Error strings adapted from the generally accepted SOCKSv4 spec:
+ *
+ * http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol
+ */
+static const char *
+socks4_strerror(int e)
+{
+	switch (e) {
+	case 90:
+		return "Succeeded";
+	case 91:
+		return "Request rejected or failed";
+	case 92:
+		return "SOCKS server cannot connect to identd on the client";
+	case 93:
+		return "Client program and identd report different user-ids";
+	default:
+		return "Unknown error";
+	}
+}
+
+/*
+ * Error strings taken almost directly from RFC 1928.
+ */
+static const char *
+socks5_strerror(int e)
+{
+	switch (e) {
+	case 0:
+		return "Succeeded";
+	case 1:
+		return "General SOCKS server failure";
+	case 2:
+		return "Connection not allowed by ruleset";
+	case 3:
+		return "Network unreachable";
+	case 4:
+		return "Host unreachable";
+	case 5:
+		return "Connection refused";
+	case 6:
+		return "TTL expired";
+	case 7:
+		return "Command not supported";
+	case 8:
+		return "Address type not supported";
+	default:
+		return "Unknown error";
+	}
+}
+
 int
 socks_connect(const char *host, const char *port,
     struct addrinfo hints __attribute__ ((__unused__)),
@@ -225,8 +277,10 @@ socks_connect(const char *host, const char *port,
 		cnt = atomicio(read, proxyfd, buf, 4);
 		if (cnt != 4)
 			err(1, "read failed (%zu/4)", cnt);
-		if (buf[1] != 0)
-			errx(1, "connection failed, SOCKS error %d", buf[1]);
+		if (buf[1] != 0) {
+			errx(1, "connection failed, SOCKS error: %s",
+			    socks5_strerror(buf[1]));
+		}
 		switch (buf[3]) {
 		case SOCKS_IPV4:
 			cnt = atomicio(read, proxyfd, buf + 4, 6);
@@ -261,8 +315,10 @@ socks_connect(const char *host, const char *port,
 		cnt = atomicio(read, proxyfd, buf, 8);
 		if (cnt != 8)
 			err(1, "read failed (%zu/8)", cnt);
-		if (buf[1] != 90)
-			errx(1, "connection failed, SOCKS error %d", buf[1]);
+		if (buf[1] != 90) {
+			errx(1, "connection failed, SOCKS error: %s",
+			    socks4_strerror(buf[1]));
+		}
 	} else if (socksv == -1) {
 		/* HTTP proxy CONNECT */
 
-- 
cgit v1.2.3-55-g6feb