diff options
| -rw-r--r-- | changes/bug2330 | 7 | ||||
| -rw-r--r-- | src/or/buffers.c | 10 |
2 files changed, 14 insertions, 3 deletions
diff --git a/changes/bug2330 b/changes/bug2330 new file mode 100644 index 0000000000..fc0c4d8c36 --- /dev/null +++ b/changes/bug2330 @@ -0,0 +1,7 @@ + o Minor bugfixes + - Handle SOCKS messages longer than 128 bytes long correctly, rather + than waiting forever for them to finish. Fixes bug 2330. Bugfix on + 0.2.0.16-alpha. Found by doorss. + + + diff --git a/src/or/buffers.c b/src/or/buffers.c index 9f393b9874..bf84fad804 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1475,6 +1475,10 @@ log_unsafe_socks_warning(int socks_protocol, const char *address, socks_protocol, address, (int)port); } +/** Do not attempt to parse socks messages longer than this. This value is + * actually significantly higher than the longest possible socks message. */ +#define MAX_SOCKS_MESSAGE_LEN 512 + /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one * of the forms * - socks4: "socksheader username\\0" @@ -1930,7 +1934,7 @@ fetch_from_buf_socks_client(buf_t *buf, int state, char **reason) if (buf->datalen < 2) return 0; - buf_pullup(buf, 128, 0); + buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN, 0); tor_assert(buf->head && buf->head->datalen >= 2); r = parse_socks_client((uint8_t*)buf->head->data, buf->head->datalen, @@ -1957,8 +1961,8 @@ fetch_from_evbuffer_socks_client(struct evbuffer *buf, int state, /* Linearize the SOCKS response in the buffer, up to 128 bytes. * (parse_socks_client shouldn't need to see anything beyond that.) */ datalen = evbuffer_get_length(buf); - if (datalen > 128) - datalen = 128; + if (datalen > MAX_SOCKS_MESSAGE_LEN) + datalen = MAX_SOCKS_MESSAGE_LEN; data = evbuffer_pullup(buf, datalen); r = parse_socks_client(data, datalen, state, reason, &drain); |