On Tue, Feb 21, 2006 at 01:27:56PM +0800, Peter_Su_at_trend.com.tw wrote:
> -static int handleSock4Proxy(struct connectdata *conn)
> -{
> - unsigned char socksreq[600]; /* room for large user/pw (255 max each) */

It looks to me like socksreq needs to be only 9 bytes long, since the code
doesn't support SOCKS4 userids. (Question: why not? Or is everyone who needs
accounting using SOCKS5?)

> - int result;
> - CURLcode code;
> - curl_socket_t sock = conn->sock[FIRSTSOCKET];
> - struct SessionHandle *data = conn->data;
> -
> - Curl_nonblock(sock, FALSE);
> -
> - /*
> - * Compose socks4 request
> - *
> - * Request format
> - *
> - * +----+----+----+----+----+----+----+----+----+----+....+----+
> - * | VN | CD | DSTPORT | DSTIP | USERID |NULL|
> - * +----+----+----+----+----+----+----+----+----+----+....+----+
> - * # of bytes: 1 1 2 4 variable 1
> - */
> -
> - socksreq[0] = 4; /* version (SOCKS4) */
> - socksreq[1] = 1; /* connect */

What's missing here is a line
     socksreq[8] = 0; /* NUL ending the nonexistent userid */
to terminate the SOCKS4 request packet. The code as is could sporadically
fail depending on what data is at this location on the stack.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved