[tor-commits] [tor/master] Correct byte-counting in socks auth parsing code
nickm at torproject.org
nickm at torproject.org
Wed Jul 13 16:13:21 UTC 2011
commit 1ed615ded7db0765e8355687bda8b00fdc643e3e
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Jun 29 11:45:15 2011 -0400
Correct byte-counting in socks auth parsing code
---
src/or/buffers.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 445376f..4b8532a 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1648,14 +1648,19 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
"authentication negotiated. Rejecting.");
return -1;
}
+ /* Format is: authversion [1 byte] == 1
+ usernamelen [1 byte]
+ username [usernamelen bytes]
+ passlen [1 byte]
+ password [passlen bytes] */
usernamelen = (unsigned char)*(data + 1);
- if (datalen < 2u + usernamelen) {
- *want_length_out = 2u+usernamelen;
+ if (datalen < 2u + usernamelen + 1u) {
+ *want_length_out = 2u + usernamelen + 1u;
return 0;
}
passlen = (unsigned char)*(data + 2u + usernamelen);
if (datalen < 2u + usernamelen + 1u + passlen) {
- *want_length_out = 2u+usernamelen;
+ *want_length_out = 2u + usernamelen + 1u + passlen;
return 0;
}
req->replylen = 2; /* 2 bytes of response */
More information about the tor-commits
mailing list