SOCKSv4 traversal broken?

[Damjan Jovanovic]

Hi

While working on another issue with SOCKS proxies
(https://bugs.openjdk.java.net/show_bug.cgi?id=100130), I picked up
this problem.

Currently, in both OpenJDK6 and OpenJDK7, java.net.SocksSocketImpl
always tries to talk to a SOCKS proxy using SOCKSv5, and if that fails
it falls back to SOCKSv4. (There is also a way to only use SOCKSv4,
with the private useV4 boolean field, but that is only written to from
the setV4 method, which is not called from anywhere in the openjdk
codebase.)

The problem is that the SOCKSv4 specification says "The SOCKS server
closes its connection immediately after notifying the client of a
failed or rejected request" and SOCKSv5 RFC says "When a reply (REP
value other than X'00') indicates a failure, the SOCKS server MUST
terminate the TCP connection shortly after sending the reply.  This
must be no more than 10 seconds after detecting the condition that
caused a failure.". Retrying with a different SOCKS version on the
same connection thus isn't ever supposed to work.

So SOCKSv4 should be completely broken in practice.

Since SocksSocketImpl is a socket that can only connect once, should
we first be making a connection through a different socket to check
the SOCKS version?

Most applications avoid this problem by treating SOCKSv4 and SOCKSv5
proxies as completely different proxy types.

Thank you
Damjan Jovanovic