summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-06-29 11:45:15 -0400
committerNick Mathewson <nickm@torproject.org>2011-06-29 11:45:15 -0400
commit1ed615ded7db0765e8355687bda8b00fdc643e3e (patch)
treec6fbb080e3fc793de77880e4f6317621f50b29a7 /src/or
parent02c2d9a4aa2a7ce339e87be9c0c0dc23a6881c14 (diff)
downloadtor-1ed615ded7db0765e8355687bda8b00fdc643e3e.tar.gz
tor-1ed615ded7db0765e8355687bda8b00fdc643e3e.zip
Correct byte-counting in socks auth parsing code
Diffstat (limited to 'src/or')
-rw-r--r--src/or/buffers.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 445376f60e..4b8532af09 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1648,14 +1648,19 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
"authentication negotiated. Rejecting.");
return -1;
}
+ /* Format is: authversion [1 byte] == 1
+ usernamelen [1 byte]
+ username [usernamelen bytes]
+ passlen [1 byte]
+ password [passlen bytes] */
usernamelen = (unsigned char)*(data + 1);
- if (datalen < 2u + usernamelen) {
- *want_length_out = 2u+usernamelen;
+ if (datalen < 2u + usernamelen + 1u) {
+ *want_length_out = 2u + usernamelen + 1u;
return 0;
}
passlen = (unsigned char)*(data + 2u + usernamelen);
if (datalen < 2u + usernamelen + 1u + passlen) {
- *want_length_out = 2u+usernamelen;
+ *want_length_out = 2u + usernamelen + 1u + passlen;
return 0;
}
req->replylen = 2; /* 2 bytes of response */