socks5: please static code analyzer
Make sure we don't call memcpy() if the argument is NULL even though we also passed a zero length then, as the clang analyzer whined and we want to limit warnings (even false positives) when they're this easy to fix. The change of (char) to (unsigned char) will fix long user names and passwords on systems that have the char type signed by default.
This commit is contained in:
@@ -511,10 +511,12 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
|
|||||||
*/
|
*/
|
||||||
len = 0;
|
len = 0;
|
||||||
socksreq[len++] = 1; /* username/pw subnegotiation version */
|
socksreq[len++] = 1; /* username/pw subnegotiation version */
|
||||||
socksreq[len++] = (char) userlen;
|
socksreq[len++] = (unsigned char) userlen;
|
||||||
|
if(proxy_name && userlen)
|
||||||
memcpy(socksreq + len, proxy_name, userlen);
|
memcpy(socksreq + len, proxy_name, userlen);
|
||||||
len += (int)userlen;
|
len += (int)userlen;
|
||||||
socksreq[len++] = (char) pwlen;
|
socksreq[len++] = (unsigned char) pwlen;
|
||||||
|
if(proxy_password && pwlen)
|
||||||
memcpy(socksreq + len, proxy_password, pwlen);
|
memcpy(socksreq + len, proxy_password, pwlen);
|
||||||
len += (int)pwlen;
|
len += (int)pwlen;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user