commit 1ed615ded7db0765e8355687bda8b00fdc643e3e Author: Nick Mathewson nickm@torproject.org Date: Wed Jun 29 11:45:15 2011 -0400

Correct byte-counting in socks auth parsing code --- src/or/buffers.c | 11 ++++++++--- 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/or/buffers.c b/src/or/buffers.c index 445376f..4b8532a 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1648,14 +1648,19 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, "authentication negotiated. Rejecting."); return -1; } + /* Format is: authversion [1 byte] == 1 + usernamelen [1 byte] + username [usernamelen bytes] + passlen [1 byte] + password [passlen bytes] */ usernamelen = (unsigned char)*(data + 1); - if (datalen < 2u + usernamelen) { - *want_length_out = 2u+usernamelen; + if (datalen < 2u + usernamelen + 1u) { + *want_length_out = 2u + usernamelen + 1u; return 0; } passlen = (unsigned char)*(data + 2u + usernamelen); if (datalen < 2u + usernamelen + 1u + passlen) { - *want_length_out = 2u+usernamelen; + *want_length_out = 2u + usernamelen + 1u + passlen; return 0; } req->replylen = 2; /* 2 bytes of response */