Fix: socks5 usernames and passwords can BOTH be up to 255 bytes (#343)

xjasonlyu · Feb 28, 2024 · 8c7c908 · 8c7c908
1 parent 8653c18
commit 8c7c908
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/transport/socks5/socks5.go b/transport/socks5/socks5.go
@@ -195,17 +195,24 @@ func ClientHandshake(rw io.ReadWriter, addr Addr, command Command, user *User) (
 			return nil, errors.New("auth required")
 		}
 
-		authMsgLen := 1 + 1 + len(user.Username) + 1 + len(user.Password)
-		if authMsgLen > MaxAuthLen {
-			return nil, errors.New("auth message too long")
+		uLen := len(user.Username)
+		pLen := len(user.Password)
+
+		// Both ULEN and PLEN are limited to the range [1, 255].
+		if uLen == 0 || pLen == 0 {
+			return nil, errors.New("auth username/password empty")
+		} else if uLen > MaxAuthLen || pLen > MaxAuthLen {
+			return nil, errors.New("auth username/password too long")
 		}
 
+		authMsgLen := 1 + 1 + uLen + 1 + pLen
+
 		// password protocol version
 		authMsg := bytes.NewBuffer(make([]byte, 0, authMsgLen))
 		authMsg.WriteByte(0x01 /* VER */)
-		authMsg.WriteByte(byte(len(user.Username)) /* ULEN */)
+		authMsg.WriteByte(byte(uLen) /* ULEN */)
 		authMsg.WriteString(user.Username /* UNAME */)
-		authMsg.WriteByte(byte(len(user.Password)) /* PLEN */)
+		authMsg.WriteByte(byte(pLen) /* PLEN */)
 		authMsg.WriteString(user.Password /* PASSWD */)
 
 		if _, err := rw.Write(authMsg.Bytes()); err != nil {