[PATCH] socks: return error if hostname too long for remote resolve
Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was too long. Unfortunately
that did not always work as intended, leading to a security issue. And
when it did it's a privacy violation for users of socks5h that may
expect their DNS requests will not leak.
Bug: https://curl.se/docs/CVE-2023-38545.html
Backported by: Samuel Henrique <samueloph@debian.org>
Gbp-Pq: Name CVE-2023-38545.patch
projects / curl.git / commit