Closed v-p-b closed 3 years ago
Based on a quick review I think that was a mistake and it should be memset(answer2, 0, 300 + sizeof(DWORD) + sizeof(DWORD) + 1);
*answer is only used as a pointer there. Can you please compile like that and get back to me. Will check and fix ASAP but I think with testing could take up a few days.
Thanks for the bug report.
Makes sense, and also the compilation succeeds this way.
First 9 bytes were reserved for header that contained the thread ID, length of packet and end of transmission flag. That is why it was there, and it seemed the wrong variable was zero'd.
Fixed, committed and pushed, now considered closed until the next bug :) https://github.com/nccgroup/SocksOverRDP/commit/1c9dee27f3d1274254f82388d6fb1f70d1c9bf9d
Compiling the server project results in the following error in VS:
error C4789: buffer 'answer2' of size 309 bytes will be overrun; 309 bytes will be written starting at offset 9
This is the relevant code:
https://github.com/nccgroup/SocksOverRDP/blob/master/SocksOverRDP-Server/SocksServer.cpp#L184
While
answer
is pointed inside theanswer2
buffer, memset writes the full size of theanswer2
buffer.I'm not sure about the intention here, but based on the initialization of
answer
, I assume that only 300 bytes should be set here (first two pointers and one byte remains intact at the beginning of the buffer).