From 283bd541a61555cd3ab18e3c686894dcc6576b1b Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 1 Oct 2019 19:31:37 +0100 Subject: [PATCH] Fix handling of string-typed address from SOCKS5 server. In the variable-length address slot, the main SOCKS5 reply packet can contain a binary IP address (4- or 16-byte for v4/v6 respectively), or a string intended to be interpreted as a domain name. I was trying out the Python SOCKS5 proxy 'pproxy' today, which sends a string-typed reply if you send it a string-typed domain name to connect to. This caused me to notice that PuTTY mishandles the latter case, by failing to account for the prefix length byte of that string when computing the total size of the reply packet. So we would misinterpret the final byte of its reply packet as the initial byte of the actual connection, causing us to fail to recognise the SSH greeting. --- proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.c b/proxy.c index ebe7be8b..2659de7d 100644 --- a/proxy.c +++ b/proxy.c @@ -1178,7 +1178,7 @@ int proxy_socks5_negotiate (ProxySocket *p, int change) switch (data[3]) { case 1: len += 4; break; /* IPv4 address */ case 4: len += 16; break;/* IPv6 address */ - case 3: len += (unsigned char)data[4]; break; /* domain name */ + case 3: len += 1+(unsigned char)data[4]; break; /* domain name */ default: plug_closing(p->plug, "Proxy error: SOCKS proxy returned " "unrecognised address format",