Fixed an off-by-one buffer overflow in proxy.c.
authorAndrej Kacian <ticho@claws-mail.org>
Sun, 10 Jun 2018 21:09:18 +0000 (23:09 +0200)
committerAndrej Kacian <ticho@claws-mail.org>
Sun, 10 Jun 2018 21:09:18 +0000 (23:09 +0200)
src/common/proxy.c

index 7bde533c8f0837c0a3e65980798a025d97ef0d7d..db21429f9157f730f175fa09124756f601b5deaf 100644 (file)
@@ -257,7 +257,7 @@ gint socks5_connect(SockInfo *sock, const gchar *hostname, gushort port,
                } else if (socks_req[3] == 3) { /* Domain name */
                        gint hnlen = socks_req[4];
                        gchar *hn = malloc(hnlen + 1);
-                       hn[hnlen + 1] = '\0';
+                       hn[hnlen] = '\0';
                        memcpy(hn, &socks_req[5], hnlen);
                        g_warning("socks5_connect: SOCKS5 connection to %s:%u failed. (%u)",
                                        hn, ntohs(*(gushort *)(socks_req + 5 + hnlen)), socks_req[1]);
@@ -265,7 +265,7 @@ gint socks5_connect(SockInfo *sock, const gchar *hostname, gushort port,
                } else if (socks_req[3] == 4) { /* IPv6 address */
                        gint hnlen = 16;
                        gchar *hn = malloc(hnlen + 1);
-                       hn[hnlen + 1] = '\0';
+                       hn[hnlen] = '\0';
                        memcpy(hn, &socks_req[4], hnlen);
                        g_warning("socks5_connect: SOCKS5 connection to IPv6 %s:%u failed. (%u)",
                                        hn, ntohs(*(gushort *)(socks_req + 5 + hnlen)), socks_req[1]);