Fix Ncat's SOCKS5 password auth

See http://seclists.org/nmap-dev/2014/q3/4
2026-01-01 20:39:02 +00:00 · 2014-07-25 15:07:44 +00:00
parent e45016ea61
commit b822aa9785
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
+  being written in the wrong place, so authentication could not succeed.
+  Reported with patch by Pierluigi Vittori.
+
 o [NSE] Add s7-info script to get device information from Siemens PLCs via the
  S7 service, tunnelled over ISO-TSAP on TCP port 102. [Stephen Hilt]

--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -723,7 +723,7 @@ static int do_proxy_socks5(void)
            memcpy(socks5auth.data+1,username,strlen(username));
            len = 2 + strlen(username); // (version + strlen) + username

-            socks5auth.data[len]=strlen(password);
+            socks5auth.data[len-1]=strlen(password);
            memcpy(socks5auth.data+len,password,strlen(password));
            len += 1 + strlen(password);