Re: [Lynx-dev] SOCK5 crash+fix

[Thorsten Glaser]

Steffen Nurpmeso dixit:

> |    socks5_protocol = HTSprintf0(NULL,
> |                                 gettext("(for %s at %s) SOCKS5"),
> |                                 protocol, socks5_host);
> |
> |A NULL-ptr read which I fail to understand.

Which is NULL here, the target variable (does HTSprintf0 not
allocate) or one of the sources (does HTSprintf0, unlike some
OSes’ snprintf, not permit NULL for %s and replace it with the
string "(null)"), in which case the patch is also wrong because
not all OSes do that, and then it needs to be:

snprintf(socks5_buf, sizeof(socks5_buf),
    gettext("(for %s at %s) SOCKS5"), protocol ? protocol : "(null)",
    socks5_host ? socks5_host : "(null)");

> |    char socks5_buf [1000];

Large buffers on the stack are possibly harmful though.

> |+         (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == 112

This can’t be right.

>I do not know what 112 is, but i have no idea of Windows, what

WSA* errnos are in five-digit range. WSAEINPROGRESS is 10036,
for example. Magic numbers are bad, too; this probably needs
explaining.

>+#ifdef _WINDOWS
>+           || SOCKET_ERRNO == 112
> #endif

As I said above, almost certainly wrong.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.           -- Andreas Bogk über boehm-gc in d.a.s.r