fix a crash: if you do socks4 with an IP of 0.0.0.x then we get tricked

into thinking you're doing socks4a, and we look for the next byte.

thanks to aphex for finding this.

svn:r3207

diff --git a/src/or/buffers.c b/src/or/buffers.c
index aaff1df5cc9f586e91f94a4d97657ce36e802abf..008babb488a085b9fa25bb7d3ed9f1e9f37c9a6e 100644 (file)
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -584,6 +584,10 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
       tor_assert(next < buf->mem+buf->datalen);
 
       startaddr = NULL;
+      if (socks4_prot == socks4a && next+1 == buf->mem+buf->datalen) {
+        log_fn(LOG_DEBUG,"socks4: No part of destaddr here yet.");
+        return 0;
+      }
       if (socks4_prot != socks4a && !have_warned_about_unsafe_socks) {
         log_fn(LOG_WARN,"Your application (using socks4 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.", req->port);
 //      have_warned_about_unsafe_socks = 1; // (for now, warn every time)