mahasona/clash
1
0
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2024-09-30 03:47:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: add length check for ssr auth_aes128_sha1 (#2129)

Browse source
This commit is contained in:
Kaming Chan 2022-05-13 11:21:39 +08:00 committed by 世界
parent 695fb64fa8
commit c3f4e1ba2e
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
transport/ssr/protocol/auth_aes128_sha1.go
View file

@ -154,6 +154,9 @@ func (a *authAES128) Encode(buf *bytes.Buffer, b []byte) error {
}
func (a *authAES128) DecodePacket(b []byte) ([]byte, error) {
if len(b) < 4 {
return nil, errAuthAES128LengthError
}
if !bytes.Equal(a.hmac(a.Key, b[:len(b)-4])[:4], b[len(b)-4:]) {
return nil, errAuthAES128ChksumError
}