From 7fecc009eacf2bd4815b4dd7b9ec082bca7a1bcc Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 8 Oct 2025 14:29:54 +0200
Subject: [PATCH] socks: advance iobuf instead of reset

During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.

Fix this by advancing the iobuf only with the length consumed.

Reported-by: Joshua Rogers

Closes #18938
---
 lib/socks.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/socks.c b/lib/socks.c
index a0e1e6c042..10fca7b44c 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -432,7 +432,7 @@ static CURLproxycode socks4_check_resp(struct socks_state *sx,
   switch(resp[1]) {
   case 90:
     CURL_TRC_CF(data, cf, "SOCKS4%s request granted.", sx->socks4a ? "a" : "");
-    Curl_bufq_reset(&sx->iobuf);
+    Curl_bufq_skip(&sx->iobuf, 8);
     return CURLPX_OK;
   case 91:
     failf(data,
@@ -664,7 +664,7 @@ static CURLproxycode socks5_check_resp0(struct socks_state *sx,
   }
 
   auth_mode = resp[1];
-  Curl_bufq_reset(&sx->iobuf);
+  Curl_bufq_skip(&sx->iobuf, 2);
 
   switch(auth_mode) {
   case 0:
@@ -765,7 +765,7 @@ static CURLproxycode socks5_check_auth_resp(struct socks_state *sx,
 
   /* ignore the first (VER) byte */
   auth_status = resp[1];
-  Curl_bufq_reset(&sx->iobuf);
+  Curl_bufq_skip(&sx->iobuf, 2);
 
   if(auth_status) {
     failf(data, "User was rejected by the SOCKS5 server (%d %d).",
-- 
2.47.3