sticnarf
commented
1 year ago validate_auth checks the length of the username and password. The buf size 513 is calculated according to the limitation.
Open JeremyRubin opened 1 year ago
sticnarf
commented
1 year ago validate_auth checks the length of the username and password. The buf size 513 is calculated according to the limitation.
JeremyRubin
commented
1 year ago you are totally correct!
https://github.com/sticnarf/tokio-socks/blob/9fdcccc3da5693712c07fcfc5bb1212df0e3f989/src/tcp.rs#L337
if the username len is 256, and so is the password, then it seems our buf won't have enough space to write all the data and we'll possibly panic.
We should make the buffer larger, or return an err if username/password is too long.
another option would be to make the buf heap allocated and growable