From d9ebd008d3aa097c448c4ac341974c4bf9a01c2b Mon Sep 17 00:00:00 2001
From: V2Ray <admin@v2ray.com>
Date: Tue, 3 Nov 2015 18:20:28 +0100
Subject: [PATCH] Check lenth of the udp packet before parsing

---
 proxy/socks/protocol/udp.go | 26 +++++++++++++++++++++-----
 proxy/socks/udp.go          |  4 +++-
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/proxy/socks/protocol/udp.go b/proxy/socks/protocol/udp.go
index 8ed8ca4a3..7204035bb 100644
--- a/proxy/socks/protocol/udp.go
+++ b/proxy/socks/protocol/udp.go
@@ -7,6 +7,7 @@ import (
 	"github.com/v2ray/v2ray-core/common/alloc"
 	"github.com/v2ray/v2ray-core/common/log"
 	v2net "github.com/v2ray/v2ray-core/common/net"
+	"github.com/v2ray/v2ray-core/transport"
 )
 
 var (
@@ -37,7 +38,12 @@ func (request *Socks5UDPRequest) Write(buffer *alloc.Buffer) {
 	buffer.Append(request.Data.Value)
 }
 
-func ReadUDPRequest(packet []byte) (request Socks5UDPRequest, err error) {
+func ReadUDPRequest(packet []byte) (*Socks5UDPRequest, error) {
+	if len(packet) < 5 {
+		return nil, transport.CorruptedPacket
+	}
+	request := new(Socks5UDPRequest)
+
 	// packet[0] and packet[1] are reserved
 	request.Fragment = packet[2]
 
@@ -46,28 +52,38 @@ func ReadUDPRequest(packet []byte) (request Socks5UDPRequest, err error) {
 
 	switch addrType {
 	case AddrTypeIPv4:
+		if len(packet) < 10 {
+			return nil, transport.CorruptedPacket
+		}
 		ip := packet[4:8]
 		port := binary.BigEndian.Uint16(packet[8:10])
 		request.Address = v2net.IPAddress(ip, port)
 		dataBegin = 10
 	case AddrTypeIPv6:
+		if len(packet) < 22 {
+			return nil, transport.CorruptedPacket
+		}
 		ip := packet[4:20]
 		port := binary.BigEndian.Uint16(packet[20:22])
 		request.Address = v2net.IPAddress(ip, port)
 		dataBegin = 22
 	case AddrTypeDomain:
 		domainLength := int(packet[4])
+		if len(packet) < 5+domainLength+2 {
+			return nil, transport.CorruptedPacket
+		}
 		domain := string(packet[5 : 5+domainLength])
 		port := binary.BigEndian.Uint16(packet[5+domainLength : 5+domainLength+2])
 		request.Address = v2net.DomainAddress(domain, port)
 		dataBegin = 5 + domainLength + 2
 	default:
 		log.Warning("Unknown address type %d", addrType)
-		err = ErrorUnknownAddressType
-		return
+		return nil, ErrorUnknownAddressType
 	}
 
-	request.Data = alloc.NewBuffer().Clear().Append(packet[dataBegin:])
+	if len(packet) > dataBegin {
+		request.Data = alloc.NewBuffer().Clear().Append(packet[dataBegin:])
+	}
 
-	return
+	return request, nil
 }
diff --git a/proxy/socks/udp.go b/proxy/socks/udp.go
index e5460134f..071fbba7f 100644
--- a/proxy/socks/udp.go
+++ b/proxy/socks/udp.go
@@ -46,7 +46,9 @@ func (server *SocksServer) AcceptPackets(conn *net.UDPConn) error {
 		buffer.Release()
 		if err != nil {
 			log.Error("Socks failed to parse UDP request: %v", err)
-			request.Data.Release()
+			continue
+		}
+		if request.Data == nil || request.Data.Len() == 0 {
 			continue
 		}
 		if request.Fragment != 0 {