diff options
| author | Curl Upstream <curl-library@cool.haxx.se> | 2019-05-22 05:48:44 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2019-05-22 18:11:40 (GMT) |
| commit | b26487c663ec29d972fd61adc2b14ac5880b78c7 (patch) | |
| tree | 10220828b4a67af2a63ed9c6e8e4cb30160784ab /lib/socks.c | |
| parent | 9835e9075037db3d23ade0ef865c562b08cf6023 (diff) | |
| download | CMake-b26487c663ec29d972fd61adc2b14ac5880b78c7.zip CMake-b26487c663ec29d972fd61adc2b14ac5880b78c7.tar.gz CMake-b26487c663ec29d972fd61adc2b14ac5880b78c7.tar.bz2 | |
curl 2019-05-22 (885ce314)
Code extracted from:
https://github.com/curl/curl.git
at commit 885ce31401b6789c959131754b1e5ae518964072 (curl-7_65_0).
Diffstat (limited to 'lib/socks.c')
| -rw-r--r-- | lib/socks.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/lib/socks.c b/lib/socks.c index d2209ad..d8fcc3b 100644 --- a/lib/socks.c +++ b/lib/socks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -54,7 +54,7 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */ ssize_t buffersize, /* max amount to read */ ssize_t *n) /* amount bytes read */ { - ssize_t nread; + ssize_t nread = 0; ssize_t allread = 0; int result; *n = 0; @@ -155,7 +155,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user, Curl_addrinfo *hp = NULL; int rc; - rc = Curl_resolv(conn, hostname, remote_port, &dns); + rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns); if(rc == CURLRESOLV_ERROR) return CURLE_COULDNT_RESOLVE_PROXY; @@ -290,7 +290,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user, /* wrong version ? */ if(socksreq[0] != 0) { failf(data, - "SOCKS4 reply has wrong version, version should be 4."); + "SOCKS4 reply has wrong version, version should be 0."); return CURLE_COULDNT_CONNECT; } @@ -527,12 +527,24 @@ CURLcode Curl_SOCKS5(const char *proxy_user, len = 0; socksreq[len++] = 1; /* username/pw subnegotiation version */ socksreq[len++] = (unsigned char) proxy_user_len; - if(proxy_user && proxy_user_len) + if(proxy_user && proxy_user_len) { + /* the length must fit in a single byte */ + if(proxy_user_len >= 255) { + failf(data, "Excessive user name length for proxy auth"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } memcpy(socksreq + len, proxy_user, proxy_user_len); + } len += proxy_user_len; socksreq[len++] = (unsigned char) proxy_password_len; - if(proxy_password && proxy_password_len) + if(proxy_password && proxy_password_len) { + /* the length must fit in a single byte */ + if(proxy_password_len > 255) { + failf(data, "Excessive password length for proxy auth"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } memcpy(socksreq + len, proxy_password, proxy_password_len); + } len += proxy_password_len; code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written); @@ -597,7 +609,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user, else { struct Curl_dns_entry *dns; Curl_addrinfo *hp = NULL; - int rc = Curl_resolv(conn, hostname, remote_port, &dns); + int rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns); if(rc == CURLRESOLV_ERROR) return CURLE_COULDNT_RESOLVE_HOST; |