X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=f1a2074996f5c720770373c2e09436d5fc95c61f;hp=b341ae95ce2644e8b802c2b16c26e0d10242fd64;hb=c6c2c046f72499256a856813350aa626522ba9a0;hpb=c83713758e9465e03ec3b0228c433e6f2d843352 diff --git a/gateway.c b/gateway.c index b341ae95..f1a20749 100644 --- a/gateway.c +++ b/gateway.c @@ -1180,11 +1180,20 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, if (!err && (sbuf[1] == '\x02')) { - /* check cbuf overflow */ - size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; - if (auth_len > sizeof(cbuf)) + if (fwd->auth_username && fwd->auth_password) { - errstr = "SOCKS5 username and/or password too long"; + /* check cbuf overflow */ + size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3; + if (auth_len > sizeof(cbuf)) + { + errstr = "SOCKS5 username and/or password too long"; + err = 1; + } + } + else + { + errstr = "SOCKS5 server requested authentication while " + "no credentials are configured"; err = 1; } @@ -1246,7 +1255,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, cbuf[client_pos++] = (char)(hostlen & 0xffu); assert(sizeof(cbuf) - client_pos > (size_t)255); /* Using strncpy because we really want the nul byte padding. */ - strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos); + strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos - 1); client_pos += (hostlen & 0xffu); cbuf[client_pos++] = (char)((target_port >> 8) & 0xff); cbuf[client_pos++] = (char)((target_port ) & 0xff); @@ -1351,7 +1360,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } else if (sbuf[3] != '\x01') { - errstr = "SOCKS5 reply contains unsupported address type"; + errstr = "SOCKS5 reply contains unsupported address type"; } if (errstr == NULL) {