Commit 08b87517 authored by Filip Roséen's avatar Filip Roséen Committed by Hugo Beauzée-Luyssen

network/tcp: socks: diagnose ill-formed authentication

The socks protocol does not allow username/password to be longer than
255 characters. Instead of silently truncating the entities to the
maximum limit we should simply reject them.

These changes also removes the XXX comment, as it is not strictly "we"
who does not support longer username/passwords.. it's the protocol
itself.
Signed-off-by: default avatarHugo Beauzée-Luyssen <hugo@beauzee.fr>
parent 1b486afd
......@@ -368,18 +368,25 @@ static int SocksNegotiate( vlc_object_t *p_obj,
return VLC_EGENERIC;
}
int i_len1 = __MIN( strlen(psz_socks_user), 255 );
int i_len2 = __MIN( strlen(psz_socks_passwd), 255 );
int const i_user = strlen( psz_socks_user );
int const i_pasw = strlen( psz_socks_passwd );
if( i_user > 255 || i_pasw > 255 )
{
msg_Err( p_obj, "socks: rejecting username and/or password due to "
"violation of RFC1929 (longer than 255 bytes)" );
return VLC_EGENERIC;
}
msg_Dbg( p_obj, "socks: username/password authentication" );
/* XXX: we don't support user/pwd > 255 (truncated)*/
buffer[0] = i_socks_version; /* Version */
buffer[1] = i_len1; /* User length */
memcpy( &buffer[2], psz_socks_user, i_len1 );
buffer[2+i_len1] = i_len2; /* Password length */
memcpy( &buffer[2+i_len1+1], psz_socks_passwd, i_len2 );
buffer[1] = i_user; /* User length */
memcpy( &buffer[2], psz_socks_user, i_user );
buffer[2+i_user] = i_pasw; /* Password length */
memcpy( &buffer[2+i_user+1], psz_socks_passwd, i_pasw );
i_len = 3 + i_len1 + i_len2;
i_len = 3 + i_user + i_pasw;
if( net_Write( p_obj, fd, buffer, i_len ) != i_len )
return VLC_EGENERIC;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment