From: Cherish98 <66007047+Cherish98@users.noreply.github.com>
Date: Fri, 5 Jun 2020 17:36:11 +0000 (+0000)
Subject: socks: fix expected length of SOCKS5 reply
X-Git-Tag: curl-7_71_0~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e980cbb8e7ca568719c7a9e9e31d566002d92f72;p=thirdparty%2Fcurl.git

socks: fix expected length of SOCKS5 reply

Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the
reply ATYP is X'01'. This resulted in erroneously expecting more bytes
when the request length is greater than the reply length (e.g., when
remotely resolving the hostname).

Closes #5527
---

diff --git a/lib/socks.c b/lib/socks.c
index 6031096f95..98b7818d84 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -935,6 +935,13 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
       /* IPv6 */
       len = 4 + 16 + 2;
     }
+    else if(socksreq[3] == 1) {
+      len = 4 + 4 + 2;
+    }
+    else {
+      failf(data, "SOCKS5 reply has wrong address type.");
+      return CURLE_COULDNT_CONNECT;
+    }
 
     /* At this point we already read first 10 bytes */
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)