Ethereal-dev: Re: [Ethereal-dev] SOCKS decoding (small bug)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Sep 2003 01:41:18 -0700
On Sun, Sep 14, 2003 at 12:21:20PM +0200, Jerome Delamarche wrote:
> During a SOCKS4 session debugging using Ethereal, I found a bug that
> produces a "heap overflow". Here is how it comes:
> 
> 1) a SOCKS client (v4 or v5) initiates a connection to a SOCKS server. The
> standard server port for SOCKS is 1080.
> 
> 2) in the CONNECT packet, the Client asks for a Destination Port which is
> still 1080 (could be another SOCKS server !)
> 
> 3) the server answers OK
> 
> 4) the client now sends the payload.... and Ethereal crashes: it tries to
> decode the payload based on the destination port given in the CONNECT
> packet. Since it is the SOCKS port (1080), it creates an infinite loop that
> includes "dissect_socks()" and "call_next_dissector()".

That payload looks like HTTP, if you're referring to frame 10.

Is this a bug (i.e., should it be sending a SOCKS connect request)?