XChat's Socks-5 proxy code is vulnerable to a remote exploit. To

successfully exploit the code, you would need to enable socks5 traversal (default off) and connect to the attacker's own custom proxy server. If you never intend to use a Socks5 proxy, you are not affected at all by this issue. http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html ok pvalchev@
2004-08-14 19:16:44 +00:00 · 2004-08-14 19:16:44 +00:00 · b0ed136e82
commit b0ed136e82
parent 25a514f29c
1 changed files with 21 additions and 0 deletions
--- a/net/xchat/patches/patch-src_common_server_c
+++ b/net/xchat/patches/patch-src_common_server_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-src_common_server_c,v 1.1 2004/08/14 19:16:44 brad Exp $
+--- src/common/server.c.orig	Sat Aug 14 14:50:33 2004
+++ src/common/server.c	Sat Aug 14 14:51:24 2004
+@@ -837,7 +837,7 @@ traverse_socks5 (int sok, char *serverAd
+ 	struct sock5_connect1 sc1;
+ 	unsigned char *sc2;
+ 	unsigned int packetlen, addrlen;
+-	unsigned char buf[10];
+	unsigned char buf[260];
+ 
+ 	sc1.version = 5;
+ 	sc1.nmethods = 1;
+@@ -878,7 +878,7 @@ traverse_socks5 (int sok, char *serverAd
+ 	{
+ 		if (recv (sok, buf, 1, 0) != 1)
+ 			return 1;
+-		packetlen = buf[0] + 2;
+		packetlen = buf[0] + 2; /* can't exceed 260 */
+ 		if (recv (sok, buf, packetlen, 0) != packetlen)
+ 			return 1;
+ 	}