[or-cvs] [tor/release-0.2.2] Pull up more data when parsing socks messages
arma at torproject.org
arma at torproject.org
Sat Jan 15 22:31:50 UTC 2011
commit aa45e8259368c9733e459dc4f91f62492b9926da
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Jan 10 17:24:16 2011 -0500
Pull up more data when parsing socks messages
Previously, we only looked at up to 128 bytes. This is a bad idea
since socks messages can be at least 256+x bytes long. Now we look at
up to 512 bytes; this should be enough for 0.2.2.x to handle all valid
SOCKS messages. For 0.2.3.x, we can think about handling trickier
cases.
Fixes 2330. Bugfix on 0.2.0.16-alpha.
---
changes/bug2330 | 7 +++++++
src/or/buffers.c | 6 +++++-
2 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/changes/bug2330 b/changes/bug2330
new file mode 100644
index 0000000..fc0c4d8
--- /dev/null
+++ b/changes/bug2330
@@ -0,0 +1,7 @@
+ o Minor bugfixes
+ - Handle SOCKS messages longer than 128 bytes long correctly, rather
+ than waiting forever for them to finish. Fixes bug 2330. Bugfix on
+ 0.2.0.16-alpha. Found by doorss.
+
+
+
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 2a88382..de0c219 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1336,6 +1336,10 @@ log_unsafe_socks_warning(int socks_protocol, const char *address,
socks_protocol, address, (int)port);
}
+/** Do not attempt to parse socks messages longer than this. This value is
+ * actually significantly higher than the longest possible socks message. */
+#define MAX_SOCKS_MESSAGE_LEN 512
+
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms
* - socks4: "socksheader username\\0"
@@ -1377,7 +1381,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
if (buf->datalen < 2) /* version and another byte */
return 0;
- buf_pullup(buf, 128, 0);
+ buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN, 0);
tor_assert(buf->head && buf->head->datalen >= 2);
socksver = *buf->head->data;
More information about the tor-commits
mailing list