packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
glib2/backport-gsocks5proxy-Fix-buffer-overflow-on-a-really-long-domain-name.patch
yanan-rock 08ec5beea4 add community patch
2022-04-28 15:46:40 +08:00

74 lines
2.3 KiB
Diff
Raw Blame History

From b32727d43d9d11aa017f1f29648ad5019376537c Mon Sep 17 00:00:00 2001
From: Egor Bychin <e.bychin@drweb.com>
Date: Mon, 11 Oct 2021 14:07:01 +0300
Subject: [PATCH] gsocks5proxy: Fix buffer overflow on a really long domain
name
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/b32727d43d9d11aa017f1f29648ad5019376537c
---
gio/gsocks5proxy.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/gio/gsocks5proxy.c b/gio/gsocks5proxy.c
index 873db7ea6d..948ac8b8b8 100644
--- a/gio/gsocks5proxy.c
+++ b/gio/gsocks5proxy.c
@@ -328,7 +328,7 @@ set_connect_msg (guint8 *msg,
*
* The parser only requires 4 bytes.
*/
-#define SOCKS5_CONN_REP_LEN 255
+#define SOCKS5_CONN_REP_LEN 257
static gboolean
parse_connect_reply (const guint8 *data, gint *atype, GError **error)
{
@@ -509,7 +509,7 @@ g_socks5_proxy_connect (GProxy *proxy,
guint8 data[SOCKS5_CONN_REP_LEN];
gint atype;
- if (!g_input_stream_read_all (in, data, 4, NULL,
+ if (!g_input_stream_read_all (in, data, 4 /* VER, REP, RSV, ATYP */, NULL,
cancellable, error))
goto error;
@@ -519,23 +519,26 @@ g_socks5_proxy_connect (GProxy *proxy,
switch (atype)
{
case SOCKS5_ATYP_IPV4:
- if (!g_input_stream_read_all (in, data, 6, NULL,
- cancellable, error))
+ if (!g_input_stream_read_all (in, data,
+ 4 /* IPv4 length */ + 2 /* port */,
+ NULL, cancellable, error))
goto error;
break;
case SOCKS5_ATYP_IPV6:
- if (!g_input_stream_read_all (in, data, 18, NULL,
- cancellable, error))
+ if (!g_input_stream_read_all (in, data,
+ 16 /* IPv6 length */ + 2 /* port */,
+ NULL, cancellable, error))
goto error;
break;
case SOCKS5_ATYP_DOMAINNAME:
- if (!g_input_stream_read_all (in, data, 1, NULL,
- cancellable, error))
+ if (!g_input_stream_read_all (in, data, 1 /* domain name length */,
+ NULL, cancellable, error))
goto error;
- if (!g_input_stream_read_all (in, data, data[0] + 2, NULL,
- cancellable, error))
+ if (!g_input_stream_read_all (in, data,
+ data[0] /* domain name length */ + 2 /* port */,
+ NULL, cancellable, error))
goto error;
break;
}
--
GitLab
Reference in New Issue View Git Blame Copy Permalink