From: Nick Mathewson Date: Mon, 10 Jan 2011 22:24:16 +0000 (-0500) Subject: Pull up more data when parsing socks messages X-Git-Tag: tor-0.2.3.1-alpha~185^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aa45e8259368c9733e459dc4f91f62492b9926da;p=thirdparty%2Ftor.git Pull up more data when parsing socks messages Previously, we only looked at up to 128 bytes. This is a bad idea since socks messages can be at least 256+x bytes long. Now we look at up to 512 bytes; this should be enough for 0.2.2.x to handle all valid SOCKS messages. For 0.2.3.x, we can think about handling trickier cases. Fixes 2330. Bugfix on 0.2.0.16-alpha. --- diff --git a/changes/bug2330 b/changes/bug2330 new file mode 100644 index 0000000000..fc0c4d8c36 --- /dev/null +++ b/changes/bug2330 @@ -0,0 +1,7 @@ + o Minor bugfixes + - Handle SOCKS messages longer than 128 bytes long correctly, rather + than waiting forever for them to finish. Fixes bug 2330. Bugfix on + 0.2.0.16-alpha. Found by doorss. + + + diff --git a/src/or/buffers.c b/src/or/buffers.c index 2a88382501..de0c219e85 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1336,6 +1336,10 @@ log_unsafe_socks_warning(int socks_protocol, const char *address, socks_protocol, address, (int)port); } +/** Do not attempt to parse socks messages longer than this. This value is + * actually significantly higher than the longest possible socks message. */ +#define MAX_SOCKS_MESSAGE_LEN 512 + /** There is a (possibly incomplete) socks handshake on buf, of one * of the forms * - socks4: "socksheader username\\0" @@ -1377,7 +1381,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, if (buf->datalen < 2) /* version and another byte */ return 0; - buf_pullup(buf, 128, 0); + buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN, 0); tor_assert(buf->head && buf->head->datalen >= 2); socksver = *buf->head->data;