git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-16 01:25:14 +08:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

socks: advance iobuf instead of reset

Browse Source 
During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.

Fix this by advancing the iobuf only with the length consumed.

Reported-by: Joshua Rogers

Closes #18938
This commit is contained in:
Stefan Eissing 2025-10-08 14:29:54 +02:00 committed by Daniel Stenberg
parent aeacf9a3e8
commit 7fecc009ea
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/socks.c
View File

@ -432,7 +432,7 @@ static CURLproxycode socks4_check_resp(struct socks_state *sx,
switch(resp[1]) {
case 90:
CURL_TRC_CF(data, cf, "SOCKS4%s request granted.", sx->socks4a ? "a" : "");
Curl_bufq_reset(&sx->iobuf);
Curl_bufq_skip(&sx->iobuf, 8);
return CURLPX_OK;
case 91:
failf(data,
@ -664,7 +664,7 @@ static CURLproxycode socks5_check_resp0(struct socks_state *sx,
}
auth_mode = resp[1];
Curl_bufq_reset(&sx->iobuf);
Curl_bufq_skip(&sx->iobuf, 2);
switch(auth_mode) {
case 0:
@ -765,7 +765,7 @@ static CURLproxycode socks5_check_auth_resp(struct socks_state *sx,
/* ignore the first (VER) byte */
auth_status = resp[1];
Curl_bufq_reset(&sx->iobuf);
Curl_bufq_skip(&sx->iobuf, 2);
if(auth_status) {
failf(data, "User was rejected by the SOCKS5 server (%d %d).",