From: David Sommerseth Date: Mon, 15 Nov 2010 20:44:59 +0000 (+0100) Subject: Use stricter snprintf() formatting in socks_username_password_auth() (v3) X-Git-Tag: v2.2-beta4~2^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ff54d66a22402caf08709ec22730e20c193ecbd;p=thirdparty%2Fopenvpn.git Use stricter snprintf() formatting in socks_username_password_auth() (v3) commit fc1fa9ffc7e3356458ec3 added a new function which needs to have a stricter string formatting. This was detected due to a compiler warning. This patch makes sure that the length of username and password is not longer than 255 bytes. It also adds extra checks to avoid NULL pointer issues with strlen() on these two parameters. Signed-off-by: David Sommerseth Acked-by: Gert Doering --- diff --git a/socks.c b/socks.c index 58b3648bf..c7c0473c7 100644 --- a/socks.c +++ b/socks.c @@ -112,10 +112,17 @@ socks_username_password_auth (struct socks_proxy_info *p, ssize_t size; creds.defined = 0; - get_user_pass (&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT); - snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", strlen(creds.username), - creds.username, strlen(creds.password), creds.password); + + if( !creds.username || (strlen(creds.username) > 255) + || !creds.password || (strlen(creds.password) > 255) ) { + msg (M_NONFATAL, + "SOCKS username and/or password exceeds 255 characters. " + "Authentication not possible."); + return false; + } + snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", (int) strlen(creds.username), + creds.username, (int) strlen(creds.password), creds.password); size = send (sd, to_send, strlen(to_send), MSG_NOSIGNAL); if (size != strlen (to_send))