From f21f3e51bbedbfef00c030f90e80f914550d3b49 Mon Sep 17 00:00:00 2001
From: Shadow750d6 <shadow750d6@gmail.com>
Date: Fri, 3 Feb 2023 21:05:48 +0800
Subject: [PATCH] Handle too large hostLen.

This pops up in my log

```
 panic: runtime error: slice bounds out of range [:8821] with capacity 1160
 goroutine 4747 [running]:
 github.com/sagernet/sing-box/transport/hysteria.ParseUDPMessage({0xc000265900, 0x488, 0x488})
         github.com/sagernet/sing-box/transport/hysteria/protocol.go:296 +0x68b
 github.com/sagernet/sing-box/inbound.(*Hysteria).udpRecvLoop(0xc00012f680, {0xf20fc8, 0xc00010f800})
         github.com/sagernet/sing-box/inbound/hysteria.go:246 +0x92
 created by github.com/sagernet/sing-box/inbound.(*Hysteria).accept
         github.com/sagernet/sing-box/inbound/hysteria.go:223 +0x7ea
```

Apparently the preceding `Seek` operation does not validate the length, so we need to do the validation manually.
---
 transport/hysteria/protocol.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/transport/hysteria/protocol.go b/transport/hysteria/protocol.go
index aa2eab30..f7becde1 100644
--- a/transport/hysteria/protocol.go
+++ b/transport/hysteria/protocol.go
@@ -293,6 +293,10 @@ func ParseUDPMessage(packet []byte) (message UDPMessage, err error) {
 	if err != nil {
 		return
 	}
+	if int(6+hostLen) > len(packet) {
+		err = E.New("Invalid hostLen")
+		return
+	}
 	message.Host = string(packet[6 : 6+hostLen])
 	err = binary.Read(reader, binary.BigEndian, &message.Port)
 	if err != nil {