Fix: ssr bounds out of range panic (#882)
This commit is contained in:
parent
83a684c551
commit
4ba6f248bc
2 changed files with 15 additions and 3 deletions
|
@ -81,8 +81,9 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
|
||||||
|
|
||||||
h := a.hmac(key, b[:2])
|
h := a.hmac(key, b[:2])
|
||||||
if !bytes.Equal(h[:2], b[2:4]) {
|
if !bytes.Equal(h[:2], b[2:4]) {
|
||||||
return nil, 0, errAuthAES128HMACError
|
return nil, 0, errAuthAES128IncorrectMAC
|
||||||
}
|
}
|
||||||
|
|
||||||
length := int(binary.LittleEndian.Uint16(b[:2]))
|
length := int(binary.LittleEndian.Uint16(b[:2]))
|
||||||
if length >= 8192 || length < 8 {
|
if length >= 8192 || length < 8 {
|
||||||
return nil, 0, errAuthAES128DataLengthError
|
return nil, 0, errAuthAES128DataLengthError
|
||||||
|
@ -90,6 +91,12 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
|
||||||
if length > bSize {
|
if length > bSize {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
|
h = a.hmac(key, b[:bSize-4])
|
||||||
|
if !bytes.Equal(h[:4], b[bSize-4:]) {
|
||||||
|
return nil, 0, errAuthAES128IncorrectChecksum
|
||||||
|
}
|
||||||
|
|
||||||
a.recvID++
|
a.recvID++
|
||||||
pos := int(b[4])
|
pos := int(b[4])
|
||||||
if pos < 255 {
|
if pos < 255 {
|
||||||
|
@ -98,6 +105,9 @@ func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
|
||||||
pos = int(binary.LittleEndian.Uint16(b[5:7])) + 4
|
pos = int(binary.LittleEndian.Uint16(b[5:7])) + 4
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if pos > length-4 {
|
||||||
|
return nil, 0, errAuthAES128PositionTooLarge
|
||||||
|
}
|
||||||
a.buffer.Write(b[pos : length-4])
|
a.buffer.Write(b[pos : length-4])
|
||||||
b = b[length:]
|
b = b[length:]
|
||||||
bSize -= length
|
bSize -= length
|
||||||
|
@ -144,7 +154,7 @@ func (a *authAES128) DecodePacket(b []byte) ([]byte, int, error) {
|
||||||
bSize := len(b)
|
bSize := len(b)
|
||||||
h := a.hmac(a.Key, b[:bSize-4])
|
h := a.hmac(a.Key, b[:bSize-4])
|
||||||
if !bytes.Equal(h[:4], b[bSize-4:]) {
|
if !bytes.Equal(h[:4], b[bSize-4:]) {
|
||||||
return nil, 0, errAuthAES128HMACError
|
return nil, 0, errAuthAES128IncorrectMAC
|
||||||
}
|
}
|
||||||
return b[:bSize-4], bSize - 4, nil
|
return b[:bSize-4], bSize - 4, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,10 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
errAuthAES128HMACError = errors.New("auth_aes128_* post decrypt hmac error")
|
errAuthAES128IncorrectMAC = errors.New("auth_aes128_* post decrypt incorrect mac")
|
||||||
errAuthAES128DataLengthError = errors.New("auth_aes128_* post decrypt length mismatch")
|
errAuthAES128DataLengthError = errors.New("auth_aes128_* post decrypt length mismatch")
|
||||||
|
errAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
|
||||||
|
errAuthAES128PositionTooLarge = errors.New("auth_aes128_* post decrypt posision is too large")
|
||||||
errAuthSHA1v4CRC32Error = errors.New("auth_sha1_v4 post decrypt data crc32 error")
|
errAuthSHA1v4CRC32Error = errors.New("auth_sha1_v4 post decrypt data crc32 error")
|
||||||
errAuthSHA1v4DataLengthError = errors.New("auth_sha1_v4 post decrypt data length error")
|
errAuthSHA1v4DataLengthError = errors.New("auth_sha1_v4 post decrypt data length error")
|
||||||
errAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
|
errAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
|
||||||
|
|
Loading…
Reference in a new issue