SagerNet/sing-shadowsocks
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-shadowsocks.git synced 2025-04-04 20:37:44 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check bad packet

Browse source
This commit is contained in:
世界 2022-06-28 07:44:14 +08:00
parent 6d5e7fb635
commit 689e0165ef
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
5 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
go.mod
View file

@ -3,7 +3,7 @@ module github.com/sagernet/sing-shadowsocks
go 1.18 go 1.18
require ( require (
github.com/sagernet/sing v0.0.0-20220627092450-605697c1aec0 github.com/sagernet/sing v0.0.0-20220627234642-a817f7084d9c
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
lukechampine.com/blake3 v1.1.7 lukechampine.com/blake3 v1.1.7
) )

4
go.sum
View file

@ -1,8 +1,8 @@
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE= github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
github.com/sagernet/sing v0.0.0-20220627092450-605697c1aec0 h1:WRc+FBhOM12FwVphxpRgPLcr9+9JmFLuDKIBtoSrvwk= github.com/sagernet/sing v0.0.0-20220627234642-a817f7084d9c h1:98QC0wtaD648MFPw82KaT1O9LloQgR4ZyIDtNtsno8Y=
github.com/sagernet/sing v0.0.0-20220627092450-605697c1aec0/go.mod h1:I67R/q5f67xDExL2kL3RLIP7kGJBOPkYXkpRAykgC+E= github.com/sagernet/sing v0.0.0-20220627234642-a817f7084d9c/go.mod h1:I67R/q5f67xDExL2kL3RLIP7kGJBOPkYXkpRAykgC+E=
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU=

8
shadowaead_2022/protocol.go
View file

@ -37,6 +37,7 @@ const (
PacketNonceSize = 24 PacketNonceSize = 24
MaxPacketSize = 65535 MaxPacketSize = 65535
RequestHeaderFixedChunkLength = 1 + 8 + 2 RequestHeaderFixedChunkLength = 1 + 8 + 2
PacketMinimalHeaderSize = 30
HeaderTypeClientEncrypted = 10 HeaderTypeClientEncrypted = 10
HeaderTypeServerEncrypted = 11 HeaderTypeServerEncrypted = 11
@ -51,6 +52,7 @@ var (
ErrBadClientSessionId = E.New("bad client session id") ErrBadClientSessionId = E.New("bad client session id")
ErrPacketIdNotUnique = E.New("packet id not unique") ErrPacketIdNotUnique = E.New("packet id not unique")
ErrTooManyServerSessions = E.New("server session changed more than once during the last minute") ErrTooManyServerSessions = E.New("server session changed more than once during the last minute")
ErrPacketTooShort = E.New("packet too short")
) )
var List = []string{ var List = []string{
@ -560,6 +562,9 @@ func (c *clientPacketConn) ReadPacket(buffer *buf.Buffer) (M.Socksaddr, error) {
var packetHeader []byte var packetHeader []byte
if c.udpCipher != nil { if c.udpCipher != nil {
if buffer.Len() < PacketNonceSize+PacketMinimalHeaderSize {
return M.Socksaddr{}, ErrPacketTooShort
}
_, err = c.udpCipher.Open(buffer.Index(PacketNonceSize), buffer.To(PacketNonceSize), buffer.From(PacketNonceSize), nil) _, err = c.udpCipher.Open(buffer.Index(PacketNonceSize), buffer.To(PacketNonceSize), buffer.From(PacketNonceSize), nil)
if err != nil { if err != nil {
return M.Socksaddr{}, E.Cause(err, "decrypt packet") return M.Socksaddr{}, E.Cause(err, "decrypt packet")
@ -567,6 +572,9 @@ func (c *clientPacketConn) ReadPacket(buffer *buf.Buffer) (M.Socksaddr, error) {
buffer.Advance(PacketNonceSize) buffer.Advance(PacketNonceSize)
buffer.Truncate(buffer.Len() - shadowaead.Overhead) buffer.Truncate(buffer.Len() - shadowaead.Overhead)
} else { } else {
if buffer.Len() < PacketMinimalHeaderSize {
return M.Socksaddr{}, ErrPacketTooShort
}
packetHeader = buffer.To(aes.BlockSize) packetHeader = buffer.To(aes.BlockSize)
c.udpBlockDecryptCipher.Decrypt(packetHeader, packetHeader) c.udpBlockDecryptCipher.Decrypt(packetHeader, packetHeader)
} }

6
shadowaead_2022/service.go
View file

@ -368,6 +368,9 @@ func (s *Service) NewPacket(ctx context.Context, conn N.PacketConn, buffer *buf.
func (s *Service) newPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata M.Metadata) error { func (s *Service) newPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata M.Metadata) error {
var packetHeader []byte var packetHeader []byte
if s.udpCipher != nil { if s.udpCipher != nil {
if buffer.Len() < PacketNonceSize+PacketMinimalHeaderSize {
return ErrPacketTooShort
}
_, err := s.udpCipher.Open(buffer.Index(PacketNonceSize), buffer.To(PacketNonceSize), buffer.From(PacketNonceSize), nil) _, err := s.udpCipher.Open(buffer.Index(PacketNonceSize), buffer.To(PacketNonceSize), buffer.From(PacketNonceSize), nil)
if err != nil { if err != nil {
return E.Cause(err, "decrypt packet header") return E.Cause(err, "decrypt packet header")
@ -375,6 +378,9 @@ func (s *Service) newPacket(ctx context.Context, conn N.PacketConn, buffer *buf.
buffer.Advance(PacketNonceSize) buffer.Advance(PacketNonceSize)
buffer.Truncate(buffer.Len() - shadowaead.Overhead) buffer.Truncate(buffer.Len() - shadowaead.Overhead)
} else { } else {
if buffer.Len() < PacketMinimalHeaderSize {
return ErrPacketTooShort
}
packetHeader = buffer.To(aes.BlockSize) packetHeader = buffer.To(aes.BlockSize)
s.udpBlockCipher.Decrypt(packetHeader, packetHeader) s.udpBlockCipher.Decrypt(packetHeader, packetHeader)
} }

4
shadowaead_2022/service_multi.go
View file

@ -263,6 +263,10 @@ func (s *MultiService[U]) NewPacket(ctx context.Context, conn N.PacketConn, buff
} }
func (s *MultiService[U]) newPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata M.Metadata) error { func (s *MultiService[U]) newPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata M.Metadata) error {
if buffer.Len() < PacketMinimalHeaderSize {
return ErrPacketTooShort
}
packetHeader := buffer.To(aes.BlockSize) packetHeader := buffer.To(aes.BlockSize)
s.udpBlockCipher.Decrypt(packetHeader, packetHeader) s.udpBlockCipher.Decrypt(packetHeader, packetHeader)