You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ncat is using a fixed size buffer to send username and password to SOCKS5 proxy. It does validate that the credentials fit into the buffer. What it does not do is the check that the length of each of the two fields fits within a single byte, as prescribed by RFC 1929. This omission results in a corrupted authentication request sent to the proxy.
The patch below refactors the SOCKS5 authentication code to rectify the issue. As a side effect it also:
Very cool. It all looks good, though I have the same hangup in reading it as I did in #984: using postincrement on a pointer is just confusing to me; I much prefer to increment the pointer in a separate statement, so that it is clear which value is being used when. I don't know why I have this objection when stuff like postincrement of an array index, as you did with auth methods, strikes me more as an elegant solution. Anyway, this is all just too many words to say: ship it!
Ncat is using a fixed size buffer to send username and password to SOCKS5 proxy. It does validate that the credentials fit into the buffer. What it does not do is the check that the length of each of the two fields fits within a single byte, as prescribed by RFC 1929. This omission results in a corrupted authentication request sent to the proxy.
The patch below refactors the SOCKS5 authentication code to rectify the issue. As a side effect it also:
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: