Validate address port range in SOCKS5 request handling.

This update adds a validation check for port values in SOCKS5 requests to ensure they fall within the acceptable range of 0 to 65535. If the port is outside this range, an error is returned, preventing potential malfunctions or crashes due to invalid port numbers.
ryanbekhen · Dec 7, 2024 · b5e3a76 · b5e3a76
1 parent 1500f7d
commit b5e3a76
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pkg/socks5/request.go b/pkg/socks5/request.go
@@ -140,16 +140,25 @@ func sendReply(conn io.Writer, reply uint8, addr *AddrSpec) error {
 	case addr.FQDN != "":
 		addrType = AddressTypeDomain.Uint8()
 		addrBody = append([]byte{byte(len(addr.FQDN))}, addr.FQDN...)
+		if addr.Port < 0 || addr.Port > 65535 {
+			return fmt.Errorf("port value out of range uint16: %d", addr.Port)
+		}
 		addrPort = uint16(addr.Port)
 
 	case addr.IP.To4() != nil:
 		addrType = AddressTypeIPv4.Uint8()
 		addrBody = addr.IP.To4()
+		if addr.Port < 0 || addr.Port > 65535 {
+			return fmt.Errorf("port value out of range uint16: %d", addr.Port)
+		}
 		addrPort = uint16(addr.Port)
 
 	case addr.IP.To16() != nil:
 		addrType = AddressTypeIPv6.Uint8()
 		addrBody = addr.IP.To16()
+		if addr.Port < 0 || addr.Port > 65535 {
+			return fmt.Errorf("port value out of range uint16: %d", addr.Port)
+		}
 		addrPort = uint16(addr.Port)
 
 	default: