mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-06-10 09:50:43 +00:00
Fix: security issues & overflow potentiality (#465)
This commit is contained in:
parent
0bf185e705
commit
8cb2db5321
|
@ -8,6 +8,7 @@ import (
|
|||
"v2ray.com/core/common"
|
||||
"v2ray.com/core/common/buf"
|
||||
"v2ray.com/core/common/bytespool"
|
||||
"v2ray.com/core/common/errors"
|
||||
"v2ray.com/core/common/protocol"
|
||||
)
|
||||
|
||||
|
@ -278,7 +279,11 @@ func (w *AuthenticationWriter) writeStream(mb buf.MultiBuffer) error {
|
|||
}
|
||||
|
||||
payloadSize := buf.Size - int32(w.auth.Overhead()) - w.sizeParser.SizeBytes() - maxPadding
|
||||
mb2Write := make(buf.MultiBuffer, 0, len(mb)+10)
|
||||
if len(mb)+10 > 64*1024*1024 {
|
||||
return errors.New("value too large")
|
||||
}
|
||||
sliceSize := len(mb) + 10
|
||||
mb2Write := make(buf.MultiBuffer, 0, sliceSize)
|
||||
|
||||
temp := buf.New()
|
||||
defer temp.Release()
|
||||
|
@ -307,7 +312,11 @@ func (w *AuthenticationWriter) writeStream(mb buf.MultiBuffer) error {
|
|||
func (w *AuthenticationWriter) writePacket(mb buf.MultiBuffer) error {
|
||||
defer buf.ReleaseMulti(mb)
|
||||
|
||||
mb2Write := make(buf.MultiBuffer, 0, len(mb)+1)
|
||||
if len(mb)+1 > 64*1024*1024 {
|
||||
return errors.New("value too large")
|
||||
}
|
||||
sliceSize := len(mb) + 1
|
||||
mb2Write := make(buf.MultiBuffer, 0, sliceSize)
|
||||
|
||||
for _, b := range mb {
|
||||
if b.IsEmpty() {
|
||||
|
|
|
@ -3,6 +3,7 @@ package mux
|
|||
import (
|
||||
"v2ray.com/core/common"
|
||||
"v2ray.com/core/common/buf"
|
||||
"v2ray.com/core/common/errors"
|
||||
"v2ray.com/core/common/net"
|
||||
"v2ray.com/core/common/protocol"
|
||||
"v2ray.com/core/common/serial"
|
||||
|
@ -70,7 +71,11 @@ func writeMetaWithFrame(writer buf.Writer, meta FrameMetadata, data buf.MultiBuf
|
|||
return err
|
||||
}
|
||||
|
||||
mb2 := make(buf.MultiBuffer, 0, len(data)+1)
|
||||
if len(data)+1 > 64*1024*1024 {
|
||||
return errors.New("value too large")
|
||||
}
|
||||
sliceSize := len(data) + 1
|
||||
mb2 := make(buf.MultiBuffer, 0, sliceSize)
|
||||
mb2 = append(mb2, frame)
|
||||
mb2 = append(mb2, data...)
|
||||
return writer.WriteMultiBuffer(mb2)
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"v2ray.com/core/common"
|
||||
"v2ray.com/core/common/buf"
|
||||
"v2ray.com/core/common/errors"
|
||||
"v2ray.com/core/common/signal/done"
|
||||
)
|
||||
|
||||
|
@ -109,8 +110,12 @@ func (c *connection) Write(b []byte) (int, error) {
|
|||
return 0, io.ErrClosedPipe
|
||||
}
|
||||
|
||||
if len(b)/buf.Size+1 > 64*1024*1024 {
|
||||
return 0, errors.New("value too large")
|
||||
}
|
||||
l := len(b)
|
||||
mb := make(buf.MultiBuffer, 0, l/buf.Size+1)
|
||||
sliceSize := l/buf.Size + 1
|
||||
mb := make(buf.MultiBuffer, 0, sliceSize)
|
||||
mb = buf.MergeBytes(mb, b)
|
||||
return l, c.writer.WriteMultiBuffer(mb)
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ func ParseHost(rawHost string, defaultPort net.Port) (net.Destination, error) {
|
|||
return net.Destination{}, err
|
||||
}
|
||||
} else if len(rawPort) > 0 {
|
||||
intPort, err := strconv.Atoi(rawPort)
|
||||
intPort, err := strconv.ParseUint(rawPort, 0, 16)
|
||||
if err != nil {
|
||||
return net.Destination{}, err
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/golang/protobuf/proto"
|
||||
"v2ray.com/core/common/buf"
|
||||
"v2ray.com/core/common/errors"
|
||||
"v2ray.com/core/common/protocol"
|
||||
)
|
||||
|
||||
|
@ -67,7 +68,12 @@ type MultiLengthPacketWriter struct {
|
|||
|
||||
func (w *MultiLengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
||||
defer buf.ReleaseMulti(mb)
|
||||
mb2Write := make(buf.MultiBuffer, 0, len(mb)+1)
|
||||
|
||||
if len(mb)+1 > 64*1024*1024 {
|
||||
return errors.New("value too large")
|
||||
}
|
||||
sliceSize := len(mb) + 1
|
||||
mb2Write := make(buf.MultiBuffer, 0, sliceSize)
|
||||
for _, b := range mb {
|
||||
length := b.Len()
|
||||
if length == 0 || length+2 > buf.Size {
|
||||
|
|
Loading…
Reference in New Issue
Block a user