mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Avoid a use-after-null-check in proto_socks.c
Coverity rightly complains that early in the function we're checking whether username is NULL, and later we're passing it unconditionally to strlen(). Fixes CID 1437967. Bug not in any released Tor.
This commit is contained in:
parent
ef234ba303
commit
8505522e50
@ -166,7 +166,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
|
||||
*is_socks4a = (dest_ip >> 8) == 0;
|
||||
|
||||
const char *username = socks4_client_request_get_username(trunnel_req);
|
||||
size_t usernamelen = username ? strlen(username) : 0;
|
||||
const size_t usernamelen = username ? strlen(username) : 0;
|
||||
if (username && usernamelen) {
|
||||
if (usernamelen > MAX_SOCKS_MESSAGE_LEN) {
|
||||
log_warn(LD_APP, "Socks4 user name too long; rejecting.");
|
||||
@ -184,7 +184,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
|
||||
// We cannot rely on trunnel here, as we want to detect if
|
||||
// we have abnormally long hostname field.
|
||||
const char *hostname = (char *)raw_data + SOCKS4_NETWORK_LEN +
|
||||
strlen(username) + 1;
|
||||
usernamelen + 1;
|
||||
size_t hostname_len = (char *)raw_data + datalen - hostname;
|
||||
|
||||
if (hostname_len <= sizeof(req->address)) {
|
||||
|
Loading…
Reference in New Issue
Block a user