From fa5fe6563928db24cc10e559d856643cc57ebc48 Mon Sep 17 00:00:00 2001
From: millert <>
Date: Mon, 4 Nov 2019 17:33:28 +0000
Subject: Fix an out of bound read/write when using a proxy. From Lucas AT sexy
 DOT is.  OK job@ kn@

---
 src/usr.bin/nc/netcat.c | 26 ++++++++++++++++++--------
 src/usr.bin/nc/socks.c  |  6 +++---
 2 files changed, 21 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 503e9aa2b5..a53fe1c4cd 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.209 2019/10/24 12:48:54 job Exp $ */
+/* $OpenBSD: netcat.c,v 1.210 2019/11/04 17:33:28 millert Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -705,8 +705,12 @@ main(int argc, char *argv[])
 
 				fprintf(stderr, "Connection to %s", host);
 
-				/* if there is something to report, print IP */
-				if (!nflag && (strcmp(host, ipaddr) != 0))
+				/*
+				 * if we aren't connecting thru a proxy and
+				 * there is something to report, print IP
+				 */
+				if (!nflag && !xflag
+				    && (strcmp(host, ipaddr) != 0))
 					fprintf(stderr, " (%s)", ipaddr);
 
 				fprintf(stderr, " %s port [%s/%s] succeeded!\n",
@@ -959,12 +963,17 @@ remote_connect(const char *host, const char *port, struct addrinfo hints,
 
 		set_common_sockopts(s, res->ai_family);
 
-		if ((herr = getnameinfo(res->ai_addr, res->ai_addrlen, ipaddr,
-		    NI_MAXHOST, NULL, 0, NI_NUMERICHOST)) != 0) {
-			if (herr == EAI_SYSTEM)
+		if (ipaddr != NULL) {
+			herr = getnameinfo(res->ai_addr, res->ai_addrlen,
+			    ipaddr, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
+			switch (herr) {
+			case 0:
+				break;
+			case EAI_SYSTEM:
 				err(1, "getnameinfo");
-			else
+			default:
 				errx(1, "getnameinfo: %s", gai_strerror(herr));
+			}
 		}
 
 		if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
@@ -972,7 +981,8 @@ remote_connect(const char *host, const char *port, struct addrinfo hints,
 
 		if (vflag) {
 			/* only print IP if there is something to report */
-			if (nflag || (strncmp(host, ipaddr, NI_MAXHOST) == 0))
+			if (nflag || ipaddr == NULL ||
+			    (strncmp(host, ipaddr, NI_MAXHOST) == 0))
 				warn("connect to %s port %s (%s) failed", host,
 				    port, uflag ? "udp" : "tcp");
 			else
diff --git a/src/usr.bin/nc/socks.c b/src/usr.bin/nc/socks.c
index 5ec5c95cd6..9766be7da4 100644
--- a/src/usr.bin/nc/socks.c
+++ b/src/usr.bin/nc/socks.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: socks.c,v 1.29 2019/07/29 15:19:03 benno Exp $	*/
+/*	$OpenBSD: socks.c,v 1.30 2019/11/04 17:33:28 millert Exp $	*/
 
 /*
  * Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
@@ -53,7 +53,7 @@
 #define SOCKS_DOMAIN	3
 #define SOCKS_IPV6	4
 
-int	remote_connect(const char *, const char *, struct addrinfo);
+int	remote_connect(const char *, const char *, struct addrinfo, char *);
 int	socks_connect(const char *, const char *, struct addrinfo,
 	    const char *, const char *, struct addrinfo, int,
 	    const char *);
@@ -201,7 +201,7 @@ socks_connect(const char *host, const char *port,
 	if (authretry++ > 3)
 		errx(1, "Too many authentication failures");
 
-	proxyfd = remote_connect(proxyhost, proxyport, proxyhints);
+	proxyfd = remote_connect(proxyhost, proxyport, proxyhints, NULL);
 
 	if (proxyfd < 0)
 		return (-1);
-- 
cgit v1.2.3-55-g6feb