Re: socks5 1.0r5 buffer overflow..

[jimd () STARSHINE ORG (Jim Dennis)]

> We on the LSAT have also been poking around code that people are
> likely to be running on linux boxen.  At work I was asked to install
> socks5 on our gateway boxes and thought it would be a good idea to
> make sure it was ship shape.  I was quite impressed with the careful
> coding, till I ran across this one foul up in lib/log.c:


        Has anyone on this list looked at the DeleGate code?
        (it provides SOCKS compatible proxying which is also
        accessible by non-SOCKS clients in a way that is similar
        to the user-driven TIS FWTK proxies).

        The URL for DeleGate is:  http://wall.etl.go.jp/delegate/

        ... and it seems to be under a much less restrictive
        license (BSD'ish? GPL?) than NEC SOCKS.

        So far I've shied way from NEC SOCKS since I don't understand
        their license.  My concern about DeleGate is whether that
        no one ever talks about it --- so I don't know if the code has
        received sufficient scrutiny.

        Maybe if LSA looked it over, RH and/or Debian could adopt this
        as a default applications proxy for their distributions.  I
        think we still need one since IP masquerading still doesn't
        seem to do as well on FTP as I'd like.

--
Jim Dennis  (800) 938-4078              consulting () starshine org
Proprietor, Starshine Technical Services:  http://www.starshine.org