mirror of
https://github.com/weechat/weechat.git
synced 2026-06-12 14:14:48 +02:00
Compare commits
2 Commits
d78105ddf5
...
a696a100d8
| Author | SHA1 | Date | |
|---|---|---|---|
 SĂ©bastien Helleu
|
a696a100d8 | ||
|
aizu-m
|
e60786d059 |
@@ -23,6 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
|||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- core: fix option weechat.look.color_real_white not applied when color is "white" on 16+ colors terminals ([#1742](https://github.com/weechat/weechat/issues/1742))
|
- core: fix option weechat.look.color_real_white not applied when color is "white" on 16+ colors terminals ([#1742](https://github.com/weechat/weechat/issues/1742))
|
||||||
|
- core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
|
||||||
- api: fix infinite loop in function string_replace when the search string is empty
|
- api: fix infinite loop in function string_replace when the search string is empty
|
||||||
- irc: fix tag in message with list of names when joining a channel
|
- irc: fix tag in message with list of names when joining a channel
|
||||||
- fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed
|
- fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed
|
||||||
|
|||||||
+19
-1
@@ -582,7 +582,13 @@ network_pass_socks5proxy (struct t_proxy *proxy, int sock, const char *address,
|
|||||||
int port)
|
int port)
|
||||||
{
|
{
|
||||||
struct t_network_socks5 socks5;
|
struct t_network_socks5 socks5;
|
||||||
unsigned char buffer[288];
|
/*
|
||||||
|
* buffer must be large enough for the username/password authentication
|
||||||
|
* request, which is the longest message sent/received here; according to
|
||||||
|
* RFC 1929 it is: version (1) + username length (1) + username (max 255)
|
||||||
|
* + password length (1) + password (max 255)
|
||||||
|
*/
|
||||||
|
unsigned char buffer[2 + 255 + 1 + 255];
|
||||||
int username_len, password_len, addr_len, addr_buffer_len;
|
int username_len, password_len, addr_len, addr_buffer_len;
|
||||||
unsigned char *addr_buffer;
|
unsigned char *addr_buffer;
|
||||||
char *username, *password;
|
char *username, *password;
|
||||||
@@ -631,6 +637,18 @@ network_pass_socks5proxy (struct t_proxy *proxy, int sock, const char *address,
|
|||||||
username_len = strlen (username);
|
username_len = strlen (username);
|
||||||
password_len = strlen (password);
|
password_len = strlen (password);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* username and password length are each stored on a single byte
|
||||||
|
* (RFC 1929), so they cannot exceed 255 bytes: reject longer values,
|
||||||
|
* otherwise the memcpy calls below would overflow the buffer
|
||||||
|
*/
|
||||||
|
if ((username_len > 255) || (password_len > 255))
|
||||||
|
{
|
||||||
|
free (username);
|
||||||
|
free (password);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* make username/password buffer */
|
/* make username/password buffer */
|
||||||
buffer[0] = 1;
|
buffer[0] = 1;
|
||||||
buffer[1] = (unsigned char) username_len;
|
buffer[1] = (unsigned char) username_len;
|
||||||
|
|||||||
Reference in New Issue
Block a user