[tor-commits] [tor/master] Correct byte-counting in socks auth parsing code

[nickm at torproject.org]

commit 1ed615ded7db0765e8355687bda8b00fdc643e3e
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Jun 29 11:45:15 2011 -0400

    Correct byte-counting in socks auth parsing code
---
 src/or/buffers.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/or/buffers.c b/src/or/buffers.c
index 445376f..4b8532a 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1648,14 +1648,19 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
                  "authentication negotiated. Rejecting.");
         return -1;
       }
+      /* Format is: authversion [1 byte] == 1
+                    usernamelen [1 byte]
+                    username    [usernamelen bytes]
+                    passlen     [1 byte]
+                    password    [passlen bytes] */
       usernamelen = (unsigned char)*(data + 1);
-      if (datalen < 2u + usernamelen) {
-        *want_length_out = 2u+usernamelen;
+      if (datalen < 2u + usernamelen + 1u) {
+        *want_length_out = 2u + usernamelen + 1u;
         return 0;
       }
       passlen = (unsigned char)*(data + 2u + usernamelen);
       if (datalen < 2u + usernamelen + 1u + passlen) {
-        *want_length_out = 2u+usernamelen;
+        *want_length_out = 2u + usernamelen + 1u + passlen;
         return 0;
       }
       req->replylen = 2; /* 2 bytes of response */