Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Buffer Overflow #36

Open
JeremyRubin opened this issue Sep 21, 2022 · 2 comments
Open

Possible Buffer Overflow #36

JeremyRubin opened this issue Sep 21, 2022 · 2 comments

Comments

@JeremyRubin
Copy link

tokio-socks/src/tcp.rs

Line 337 in 9fdcccc

self.buf[(2 + username_len)] = password_len as u8;

if the username len is 256, and so is the password, then it seems our buf won't have enough space to write all the data and we'll possibly panic.

We should make the buffer larger, or return an err if username/password is too long.

another option would be to make the buf heap allocated and growable
@sticnarf
Copy link
Owner

validate_auth checks the length of the username and password. The buf size 513 is calculated according to the limitation.

@JeremyRubin
Copy link
Author

you are totally correct!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JeremyRubin @sticnarf