chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-06-13 21:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Handle too large hostLen.

Browse Source 
This pops up in my log

```
 panic: runtime error: slice bounds out of range [:8821] with capacity 1160
 goroutine 4747 [running]:
 github.com/sagernet/sing-box/transport/hysteria.ParseUDPMessage({0xc000265900, 0x488, 0x488})
         github.com/sagernet/sing-box/transport/hysteria/protocol.go:296 +0x68b
 github.com/sagernet/sing-box/inbound.(*Hysteria).udpRecvLoop(0xc00012f680, {0xf20fc8, 0xc00010f800})
         github.com/sagernet/sing-box/inbound/hysteria.go:246 +0x92
 created by github.com/sagernet/sing-box/inbound.(*Hysteria).accept
         github.com/sagernet/sing-box/inbound/hysteria.go:223 +0x7ea
```

Apparently the preceding `Seek` operation does not validate the length, so we need to do the validation manually.
This commit is contained in:
Shadow750d6 2023-02-03 21:05:48 +08:00
parent 19d08b55c8
commit f21f3e51bb
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
transport/hysteria/protocol.go
View File

@ -293,6 +293,10 @@ func ParseUDPMessage(packet []byte) (message UDPMessage, err error) {
if err != nil {
return
}
if int(6+hostLen) > len(packet) {
err = E.New("Invalid hostLen")
return
}
message.Host = string(packet[6 : 6+hostLen])
err = binary.Read(reader, binary.BigEndian, &message.Port)
if err != nil {