CVE-2023-38545: curl SOCKS5 state machine TOCTOU heap overflow via non-persistent socks5_resolve_local flag

CVE-2023-38545 is a heap buffer overflow in curl's SOCKS5 handshake (lib/socks.c, function do_SOCKS5). The vulnerability is a TOCTOU (time-of-check vs time-of-use) bug in the non-blocking state machine. The function do_SOCKS5 is called repeatedly (once per I/O event). Each call re-initializes a local variable socks5_resolve_local from the proxy type. For SOCKS5H (CURLPROXY_SOCKS5_HOSTNAME), this starts as FALSE. A protection check at lines 589-593 only runs in CONNECT_SOCKS_INIT state: if hostname > 255 chars, socks5_resolve_local is set to TRUE (fall back to local resolution). But since this is a local variable and the socks_state struct (lines 74-83) has no field for it, subsequent invocations reset it to FALSE. When CONNECT_REQ_INIT runs in a later call, socks5_resolve_local = FALSE causes goto CONNECT_RESOLVE_REMOTE, where memcpy(&socksreq[len], sx->hostname, hostname_len) overflows the heap buffer if hostname_len exceeds data->set.buffer_size (default 16384 bytes). Attack vector: follow an HTTP redirect to a URL with >16384-char hostname via a SOCKS5H proxy.