[vlc-commits] network/tcp: socks: prevent strlen( NULL )
Filip Roséen
git at videolan.org
Mon Mar 6 09:09:17 CET 2017
vlc | branch: master | Filip Roséen <filip at atch.se> | Mon Mar 6 00:47:48 2017 +0100| [062dd4502687166e3af7724d38cce68626f51d52] | committer: Jean-Baptiste Kempf
network/tcp: socks: prevent strlen( NULL )
The previous implementation assumed that the remote entity would not
ask for authentication unless we have stated that we have the
capability for such, we should however not trust this assumption given
that it would (if it happens) cause problems with the username /
password being NULL.
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=062dd4502687166e3af7724d38cce68626f51d52
---
src/network/tcp.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/network/tcp.c b/src/network/tcp.c
index 4f4d470..79459bc 100644
--- a/src/network/tcp.c
+++ b/src/network/tcp.c
@@ -361,6 +361,13 @@ static int SocksNegotiate( vlc_object_t *p_obj,
}
else if( buffer[1] == 0x02 )
{
+ if( psz_socks_user == NULL || psz_socks_passwd == NULL )
+ {
+ msg_Err( p_obj, "socks: server mandates authentication but "
+ "a username and/or password was not supplied" );
+ return VLC_EGENERIC;
+ }
+
int i_len1 = __MIN( strlen(psz_socks_user), 255 );
int i_len2 = __MIN( strlen(psz_socks_passwd), 255 );
msg_Dbg( p_obj, "socks: username/password authentication" );
More information about the vlc-commits
mailing list