mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-24 14:36:13 +01:00
gsocks4aproxy: Fix a single byte buffer overflow in connect messages
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul byte in the connect message, which is an addition in SOCKSv4a vs SOCKSv4. This means that the buffer for building and transmitting the connect message could be overflowed if the username and hostname are both `SOCKS4_MAX_LEN` (255) bytes long. Proxy configurations are normally statically configured, so the username is very unlikely to be near its maximum length, and hence this overflow is unlikely to be triggered in practice. (Commit message by Philip Withnall, diagnosis and fix by Michael Catanzaro.) Fixes: #3461
This commit is contained in:
parent
1adc303f47
commit
25833cefda
@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
|
||||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
|
||||
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
|
||||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
|
||||
* 1 1 2 4 variable 1 variable
|
||||
* 1 1 2 4 variable 1 variable 1
|
||||
*/
|
||||
#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
|
||||
#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
|
||||
static gint
|
||||
set_connect_msg (guint8 *msg,
|
||||
const gchar *hostname,
|
||||
|
Loading…
Reference in New Issue
Block a user