Check shadowsocks 2022 client padding

2025-04-03 20:07:38 +03:00 · 2022-05-12 19:35:15 +08:00 · 2022-05-12 19:35:15 +08:00 · 6973a8f4c3
commit 6973a8f4c3
parent 2aae93c5b8
5 changed files with 19 additions and 9 deletions
--- a/protocol/shadowsocks/protocol.go
+++ b/protocol/shadowsocks/protocol.go
@ -13,8 +13,8 @@ import (
 )

 var (
-	ErrBadKey          = E.New("shadowsocks: bad key")
-	ErrMissingPassword = E.New("shadowsocks: missing password")
+	ErrBadKey          = E.New("bad key")
+	ErrMissingPassword = E.New("missing password")
 )

 type Method interface {
--- a/protocol/shadowsocks/shadowaead/aead.go
+++ b/protocol/shadowsocks/shadowaead/aead.go
@ -198,6 +198,10 @@ func (r *Reader) Discard(n int) error {
 	}
 }

+func (r *Reader) Cached() int {
+	return r.cached
+}
+
 type Writer struct {
 	upstream      io.Writer
 	cipher        cipher.AEAD
--- a/protocol/shadowsocks/shadowaead_2022/protocol.go
+++ b/protocol/shadowsocks/shadowaead_2022/protocol.go
@ -49,13 +49,13 @@ const (
 )

 var (
-	ErrMissingPasswordPSK    = E.New("shadowsocks: missing password or psk")
-	ErrBadHeaderType         = E.New("shadowsocks: bad header type")
-	ErrBadTimestamp          = E.New("shadowsocks: bad timestamp")
-	ErrBadRequestSalt        = E.New("shadowsocks: bad request salt")
-	ErrBadClientSessionId    = E.New("shadowsocks: bad client session id")
-	ErrPacketIdNotUnique     = E.New("shadowsocks: packet id not unique")
-	ErrTooManyServerSessions = E.New("shadowsocks: server session changed more than once during the last minute")
+	ErrMissingPasswordPSK    = E.New("missing password or psk")
+	ErrBadHeaderType         = E.New("bad header type")
+	ErrBadTimestamp          = E.New("bad timestamp")
+	ErrBadRequestSalt        = E.New("bad request salt")
+	ErrBadClientSessionId    = E.New("bad client session id")
+	ErrPacketIdNotUnique     = E.New("packet id not unique")
+	ErrTooManyServerSessions = E.New("server session changed more than once during the last minute")
 )

 var List = []string{
--- a/protocol/shadowsocks/shadowaead_2022/service.go
+++ b/protocol/shadowsocks/shadowaead_2022/service.go
@ -27,6 +27,8 @@ import (
 	wgReplay "golang.zx2c4.com/wireguard/replay"
 )

+var ErrNoPadding = E.New("bad request: missing payload or padding")
+
 type Service struct {
 	name             string
 	secureRNG        io.Reader
@ -157,6 +159,8 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M
 		if err != nil {
 			return E.Cause(err, "discard padding")
 		}
+	} else if reader.Cached() == 0 {
+		return ErrNoPadding
 	}

 	metadata.Protocol = "shadowsocks"
--- a/protocol/shadowsocks/shadowaead_2022/service_multi.go
+++ b/protocol/shadowsocks/shadowaead_2022/service_multi.go
@ -169,6 +169,8 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
 		if err != nil {
 			return E.Cause(err, "discard padding")
 		}
+	} else if reader.Cached() == 0 {
+		return ErrNoPadding
 	}

 	var userCtx shadowsocks.UserContext[U]