dest-unreach / socat / contrib /

socat patches and contributions

socat security advisory 4

Under certain circumstances an FD leak occurs and may be misused for denial of service attacks against socat running in server mode (CVE-2013-3571, advisory)

socat security advisory 3

A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (CVE-2012-0219, advisory). Fixed versions are 1.7.2.1 and 2.0.0-b5. Patches are available in the download area.

OpenSSL compression feature (for socat 1.7.1.3)

Michael Hanselmann provided a patch that adds option openssl-compress to disable the compress feature of actual OpenSSL versions.

Redirection feature (for socat 2.0.0-b3)

Vitali Shukela provided a patch that allows to use the original target address of an accepted connection in a socks or proxy address

Proxy certificates feature (for socat 1.6.0.0)

Jan Just Keijser implemented proxy certificates and provided a patch

RFC 2217 feature (for socat 1.6.0.0)

An extension for RFC 2217 support written by Kenneth Kassing is provided in the contrib section.

GNU Hurd port (for socat 1.6.0.0)

Thomas Schwinge and socats author performed some changes to make socat compile and (partially) run on GNU Hurd systems

Obsolete patches

These patches are already integrated into the actual socat distribution. Apply them to older socat versions only.

SCTP feature (for socat 2.0.0-b1)

SCTP support for socat has already been requested. Before it could be added to the official distribution, Jonathan Brannan contributed a patch.

Mac OS X port (for socat 1.6.0.1)

It is reported that new socat versions do not build on new Mac OS X versions. Camillo Lugaresi provided a patch that makes socat 1.6.0.1 compile and run on Mac OS X 10.4.

socat 1.6.0.1 patch (for socat 1.6.0.0)

Use this patch if you already have socat 1.6.0.0 source and want to update to 1.6.0.1 but are low on bandwidth or have changed the source code.

Too many open file descriptors fix (for socat 1.6.0.0)

Daniel Lucq found that socat might hang when invoked with many file descriptors already opened. Find more info and a patch to this problem.

Service name resolution failure

James Sainsbury found a problem with socat's service name resolution and contributed a solution. Find more info and a patch.

OpenSSL FIPS with socat

David Acker contributed a patch that allows the integration of the OpenSSL FIPS extension.

socat 1.4.3.1 patch

Use this patch if you already have socat 1.4.3.0 source and want to update to 1.4.3.1 but are low on bandwidth or have changed the source code.

socat 1.4.0.3 patch

Use this patch if you already have socat 1.4.0.2 source and want to update to 1.4.0.3 but are low on bandwidth or have changed the source code.

socat patch for pty

This patch changes the behaviour of the pty address to block until a process opens the slave side: socat-pty.html.

filan extensions

Luigi Iotti added two features to filan.

socat 1.4.0.2 patch

Use this patch if you already have socat 1.4.0.1 source and want to update to 1.4.0.2 but are low on bandwidth or have changed the source code.

socat 1.4.0.1 patch

Use this patch if you already have socat 1.4.0.0 source and want to update to 1.4.0.1 and but are low on bandwidth or have changed the source code.

socks4a patch

socat's socks4a implementation up to version 1.4.0.0 is buggy. Here find the temporary fix: socat-socks4a.html.