diff options
| -rw-r--r-- | src/usr.bin/nc/socks.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/usr.bin/nc/socks.c b/src/usr.bin/nc/socks.c index c9aa5178c5..5aa191d284 100644 --- a/src/usr.bin/nc/socks.c +++ b/src/usr.bin/nc/socks.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: socks.c,v 1.24 2016/06/27 14:43:04 deraadt Exp $ */ | 1 | /* $OpenBSD: socks.c,v 1.25 2018/03/27 16:31:10 deraadt Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. | 4 | * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. |
| @@ -109,17 +109,16 @@ proxy_read_line(int fd, char *buf, size_t bufsz) | |||
| 109 | return (off); | 109 | return (off); |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | static const char * | 112 | static void |
| 113 | getproxypass(const char *proxyuser, const char *proxyhost) | 113 | getproxypass(const char *proxyuser, const char *proxyhost, |
| 114 | char *pw, size_t pwlen) | ||
| 114 | { | 115 | { |
| 115 | char prompt[512]; | 116 | char prompt[512]; |
| 116 | static char pw[256]; | ||
| 117 | 117 | ||
| 118 | snprintf(prompt, sizeof(prompt), "Proxy password for %s@%s: ", | 118 | snprintf(prompt, sizeof(prompt), "Proxy password for %s@%s: ", |
| 119 | proxyuser, proxyhost); | 119 | proxyuser, proxyhost); |
| 120 | if (readpassphrase(prompt, pw, sizeof(pw), RPP_REQUIRE_TTY) == NULL) | 120 | if (readpassphrase(prompt, pw, pwlen, RPP_REQUIRE_TTY) == NULL) |
| 121 | errx(1, "Unable to read proxy passphrase"); | 121 | errx(1, "Unable to read proxy passphrase"); |
| 122 | return (pw); | ||
| 123 | } | 122 | } |
| 124 | 123 | ||
| 125 | /* | 124 | /* |
| @@ -188,7 +187,6 @@ socks_connect(const char *host, const char *port, | |||
| 188 | struct sockaddr_in *in4 = (struct sockaddr_in *)&addr; | 187 | struct sockaddr_in *in4 = (struct sockaddr_in *)&addr; |
| 189 | struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)&addr; | 188 | struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)&addr; |
| 190 | in_port_t serverport; | 189 | in_port_t serverport; |
| 191 | const char *proxypass = NULL; | ||
| 192 | 190 | ||
| 193 | if (proxyport == NULL) | 191 | if (proxyport == NULL) |
| 194 | proxyport = (socksv == -1) ? HTTP_PROXY_PORT : SOCKS_PORT; | 192 | proxyport = (socksv == -1) ? HTTP_PROXY_PORT : SOCKS_PORT; |
| @@ -345,11 +343,14 @@ socks_connect(const char *host, const char *port, | |||
| 345 | err(1, "write failed (%zu/%d)", cnt, r); | 343 | err(1, "write failed (%zu/%d)", cnt, r); |
| 346 | 344 | ||
| 347 | if (authretry > 1) { | 345 | if (authretry > 1) { |
| 346 | char proxypass[256]; | ||
| 348 | char resp[1024]; | 347 | char resp[1024]; |
| 349 | 348 | ||
| 350 | proxypass = getproxypass(proxyuser, proxyhost); | 349 | getproxypass(proxyuser, proxyhost, |
| 350 | proxypass, sizeof proxypass); | ||
| 351 | r = snprintf(buf, sizeof(buf), "%s:%s", | 351 | r = snprintf(buf, sizeof(buf), "%s:%s", |
| 352 | proxyuser, proxypass); | 352 | proxyuser, proxypass); |
| 353 | explicit_bzero(proxypass, sizeof proxypass); | ||
| 353 | if (r == -1 || (size_t)r >= sizeof(buf) || | 354 | if (r == -1 || (size_t)r >= sizeof(buf) || |
| 354 | b64_ntop(buf, strlen(buf), resp, | 355 | b64_ntop(buf, strlen(buf), resp, |
| 355 | sizeof(resp)) == -1) | 356 | sizeof(resp)) == -1) |
| @@ -361,6 +362,8 @@ socks_connect(const char *host, const char *port, | |||
| 361 | r = strlen(buf); | 362 | r = strlen(buf); |
| 362 | if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) | 363 | if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) |
| 363 | err(1, "write failed (%zu/%d)", cnt, r); | 364 | err(1, "write failed (%zu/%d)", cnt, r); |
| 365 | explicit_bzero(proxypass, sizeof proxypass); | ||
| 366 | explicit_bzero(buf, sizeof buf); | ||
| 364 | } | 367 | } |
| 365 | 368 | ||
| 366 | /* Terminate headers */ | 369 | /* Terminate headers */ |