From b822aa9785ce25af53882a286233fbfd521bae43 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 25 Jul 2014 15:07:44 +0000
Subject: [PATCH] Fix Ncat's SOCKS5 password auth

See http://seclists.org/nmap-dev/2014/q3/4
---
 CHANGELOG           | 4 ++++
 ncat/ncat_connect.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index b8341d233..2bceb2d70 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
+  being written in the wrong place, so authentication could not succeed.
+  Reported with patch by Pierluigi Vittori.
+
 o [NSE] Add s7-info script to get device information from Siemens PLCs via the
   S7 service, tunnelled over ISO-TSAP on TCP port 102. [Stephen Hilt]
 
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index 1a473cabd..4a8a084d0 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -723,7 +723,7 @@ static int do_proxy_socks5(void)
             memcpy(socks5auth.data+1,username,strlen(username));
             len = 2 + strlen(username); // (version + strlen) + username
 
-            socks5auth.data[len]=strlen(password);
+            socks5auth.data[len-1]=strlen(password);
             memcpy(socks5auth.data+len,password,strlen(password));
             len += 1 + strlen(password);