summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
e711c50)
Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.
OVE-
20210207-0001.
Reported by: Joshua Rogers (Opera)
if (!err && (sbuf[1] == '\x02'))
{
if (!err && (sbuf[1] == '\x02'))
{
- /* check cbuf overflow */
- size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3;
- if (auth_len > sizeof(cbuf))
+ if (fwd->auth_username && fwd->auth_password)
- errstr = "SOCKS5 username and/or password too long";
+ /* check cbuf overflow */
+ size_t auth_len = strlen(fwd->auth_username) + strlen(fwd->auth_password) + 3;
+ if (auth_len > sizeof(cbuf))
+ {
+ errstr = "SOCKS5 username and/or password too long";
+ err = 1;
+ }
+ }
+ else
+ {
+ errstr = "SOCKS5 server requested authentication while "
+ "no credentials are configured";