[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 25/219: socks5: user name and passwords must be sho
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 25/219: socks5: user name and passwords must be shorter than 256 |
Date: |
Wed, 22 May 2019 19:16:04 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit f4b69012307580119409100f5934d7621ea545c9
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Apr 5 22:50:22 2019 +0200
socks5: user name and passwords must be shorter than 256
bytes... since the protocol needs to store the length in a single byte
field.
Reported-by: XmiliaH on github
Fixes #3737
Closes #3740
---
lib/socks.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/lib/socks.c b/lib/socks.c
index d0aba0605..906376dab 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -527,12 +527,24 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
len = 0;
socksreq[len++] = 1; /* username/pw subnegotiation version */
socksreq[len++] = (unsigned char) proxy_user_len;
- if(proxy_user && proxy_user_len)
+ if(proxy_user && proxy_user_len) {
+ /* the length must fit in a single byte */
+ if(proxy_user_len >= 255) {
+ failf(data, "Excessive user name length for proxy auth");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
memcpy(socksreq + len, proxy_user, proxy_user_len);
+ }
len += proxy_user_len;
socksreq[len++] = (unsigned char) proxy_password_len;
- if(proxy_password && proxy_password_len)
+ if(proxy_password && proxy_password_len) {
+ /* the length must fit in a single byte */
+ if(proxy_password_len > 255) {
+ failf(data, "Excessive password length for proxy auth");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
memcpy(socksreq + len, proxy_password, proxy_password_len);
+ }
len += proxy_password_len;
code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnurl] 25/219: socks5: user name and passwords must be shorter than 256,
gnunet <=