diff --git a/component/ssr/protocol/auth_aes128_md5.go b/component/ssr/protocol/auth_aes128_md5.go
index cbe56921..0740f0b3 100644
--- a/component/ssr/protocol/auth_aes128_md5.go
+++ b/component/ssr/protocol/auth_aes128_md5.go
@@ -81,8 +81,9 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
 
 		h := a.hmac(key, b[:2])
 		if !bytes.Equal(h[:2], b[2:4]) {
-			return nil, 0, errAuthAES128HMACError
+			return nil, 0, errAuthAES128IncorrectMAC
 		}
+
 		length := int(binary.LittleEndian.Uint16(b[:2]))
 		if length >= 8192 || length < 8 {
 			return nil, 0, errAuthAES128DataLengthError
@@ -90,6 +91,12 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
 		if length > bSize {
 			break
 		}
+
+		h = a.hmac(key, b[:bSize-4])
+		if !bytes.Equal(h[:4], b[bSize-4:]) {
+			return nil, 0, errAuthAES128IncorrectChecksum
+		}
+
 		a.recvID++
 		pos := int(b[4])
 		if pos < 255 {
@@ -98,6 +105,9 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
 			pos = int(binary.LittleEndian.Uint16(b[5:7])) + 4
 		}
 
+		if pos > length-4 {
+			return nil, 0, errAuthAES128PositionTooLarge
+		}
 		a.buffer.Write(b[pos : length-4])
 		b = b[length:]
 		bSize -= length
@@ -144,7 +154,7 @@ func (a *authAES128) DecodePacket(b []byte) ([]byte, int, error) {
 	bSize := len(b)
 	h := a.hmac(a.Key, b[:bSize-4])
 	if !bytes.Equal(h[:4], b[bSize-4:]) {
-		return nil, 0, errAuthAES128HMACError
+		return nil, 0, errAuthAES128IncorrectMAC
 	}
 	return b[:bSize-4], bSize - 4, nil
 }
diff --git a/component/ssr/protocol/protocol.go b/component/ssr/protocol/protocol.go
index b2aa8e93..943303da 100644
--- a/component/ssr/protocol/protocol.go
+++ b/component/ssr/protocol/protocol.go
@@ -9,8 +9,10 @@ import (
 )
 
 var (
-	errAuthAES128HMACError         = errors.New("auth_aes128_* post decrypt hmac error")
+	errAuthAES128IncorrectMAC      = errors.New("auth_aes128_* post decrypt incorrect mac")
 	errAuthAES128DataLengthError   = errors.New("auth_aes128_* post decrypt length mismatch")
+	errAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
+	errAuthAES128PositionTooLarge  = errors.New("auth_aes128_* post decrypt posision is too large")
 	errAuthSHA1v4CRC32Error        = errors.New("auth_sha1_v4 post decrypt data crc32 error")
 	errAuthSHA1v4DataLengthError   = errors.New("auth_sha1_v4 post decrypt data length error")
 	errAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")