[vlc-devel] [PATCH] network/tcp: socks: prevent strlen( NULL )

Filip Roséen filip at atch.se
Wed Mar 1 09:52:07 CET 2017


The previous implementation assumed that the remote entity would not
ask for authentication unless we have stated that we have the
capability for such, we should however not trust this assumption given
that it would (if it happens) cause problems with the username /
password being NULL.
---
 src/network/tcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/network/tcp.c b/src/network/tcp.c
index 4f4d4701f6..b85852de22 100644
--- a/src/network/tcp.c
+++ b/src/network/tcp.c
@@ -359,7 +359,7 @@ static int SocksNegotiate( vlc_object_t *p_obj,
     {
         msg_Dbg( p_obj, "socks: no authentication required" );
     }
-    else if( buffer[1] == 0x02 )
+    else if( buffer[1] == 0x02 && psz_socks_user && psz_socks_passwd )
     {
         int i_len1 = __MIN( strlen(psz_socks_user), 255 );
         int i_len2 = __MIN( strlen(psz_socks_passwd), 255 );
-- 
2.12.0



More information about the vlc-devel mailing list