Correct byte-counting in socks auth parsing code

This commit is contained in:
Nick Mathewson 2011-06-29 11:45:15 -04:00
parent 02c2d9a4aa
commit 1ed615ded7

View File

@ -1648,14 +1648,19 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
"authentication negotiated. Rejecting.");
return -1;
}
/* Format is: authversion [1 byte] == 1
usernamelen [1 byte]
username [usernamelen bytes]
passlen [1 byte]
password [passlen bytes] */
usernamelen = (unsigned char)*(data + 1);
if (datalen < 2u + usernamelen) {
*want_length_out = 2u+usernamelen;
if (datalen < 2u + usernamelen + 1u) {
*want_length_out = 2u + usernamelen + 1u;
return 0;
}
passlen = (unsigned char)*(data + 2u + usernamelen);
if (datalen < 2u + usernamelen + 1u + passlen) {
*want_length_out = 2u+usernamelen;
*want_length_out = 2u + usernamelen + 1u + passlen;
return 0;
}
req->replylen = 2; /* 2 bytes of response */