This patch prevents the client for sending zero length username/passwords and prevents the server from accepting zero length username/passwords. Only useful for sites using username/password authentication (rfc1929). Index: upwd.c =================================================================== RCS file: socks5/lib/upwd.c,v retrieving revision 1.38.4.7 retrieving revision 1.38.4.9 diff -c -r1.38.4.7 -r1.38.4.9 *** upwd.c 1999/03/29 23:03:36 1.38.4.7 --- upwd.c 2000/03/08 17:04:09 1.38.4.9 *************** *** 78,83 **** --- 78,93 ---- pwd = getenv("SOCKS5_PASSWD"); MUTEX_UNLOCK(env_mutex); + if(!user || strlen(user)==0) { + S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Missing username "); + return AUTH_FAIL; + } + + if(!pwd || strlen(pwd)==0) { + S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Missing password "); + return AUTH_FAIL; + } + SETVERS(buf, 1); SETULEN(buf, user); SETUSER(buf, user); *************** *** 107,118 **** goto done; } ! if (GetString(sd, name, &timerm) < 0) { S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Failed to get valid username"); goto done; } ! if (GetString(sd, passwd, &timerm) < 0) { S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Failed to get valid password"); goto done; } --- 117,128 ---- goto done; } ! if (GetString(sd, name, &timerm) <= 0) { S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Failed to get valid username"); goto done; } ! if (GetString(sd, passwd, &timerm) <= 0) { S5LogUpdate(S5LogDefaultHandle, S5_LOG_DEBUG(10), 0, "UPWD: Failed to get valid password"); goto done; }