[vlc-devel] [PATCH] network/tcp: socks: prevent strlen( NULL )
Jean-Baptiste Kempf
jb at videolan.org
Fri Mar 3 16:18:27 CET 2017
Hello,
I don't like this patch too much, tbh.
IMHO, you should do a different if and a different message inside the
0x02 case, else, it's undebuggable for the user.
Best,
On Wed, 1 Mar 2017, at 09:52, Filip Roséen wrote:
> The previous implementation assumed that the remote entity would not
> ask for authentication unless we have stated that we have the
> capability for such, we should however not trust this assumption given
> that it would (if it happens) cause problems with the username /
> password being NULL.
> ---
> src/network/tcp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/network/tcp.c b/src/network/tcp.c
> index 4f4d4701f6..b85852de22 100644
> --- a/src/network/tcp.c
> +++ b/src/network/tcp.c
> @@ -359,7 +359,7 @@ static int SocksNegotiate( vlc_object_t *p_obj,
> {
> msg_Dbg( p_obj, "socks: no authentication required" );
> }
> - else if( buffer[1] == 0x02 )
> + else if( buffer[1] == 0x02 && psz_socks_user && psz_socks_passwd )
> {
> int i_len1 = __MIN( strlen(psz_socks_user), 255 );
> int i_len2 = __MIN( strlen(psz_socks_passwd), 255 );
> --
> 2.12.0
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
--
Jean-Baptiste Kempf - President
+33 672 704 734
More information about the vlc-devel
mailing list