From 07581446e6a05674a14e550186d377fa48470da6 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Mon, 17 Nov 2014 20:28:38 +0000
Subject: [PATCH] Bounds checking for socks domain name inputs.

---
 lib/socks_mosq.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/socks_mosq.c b/lib/socks_mosq.c
index dd7b68ef..9085fd2a 100644
--- a/lib/socks_mosq.c
+++ b/lib/socks_mosq.c
@@ -336,8 +336,10 @@ int mosquitto__socks5_read(struct mosquitto *mosq)
 				mosq->in_packet.to_process += 16+2-1; /* 16 bytes IPv6, 2 bytes port, -1 byte because we've already read the first byte */
 				mosq->in_packet.packet_length += 16+2-1;
 			}else if(mosq->in_packet.payload[3] == SOCKS_ATYPE_DOMAINNAME){
-				mosq->in_packet.to_process += mosq->in_packet.payload[4];
-				mosq->in_packet.packet_length += mosq->in_packet.payload[4];
+				if(mosq->in_packet.payload[4] > 0 && mosq->in_packet.payload[4] <= 255){
+					mosq->in_packet.to_process += mosq->in_packet.payload[4];
+					mosq->in_packet.packet_length += mosq->in_packet.payload[4];
+				}
 			}else{
 				_mosquitto_packet_cleanup(&mosq->in_packet);
 				return MOSQ_ERR_PROTOCOL;