Shikong/Clash.Meta
1
0
Fork 0
mirror of https://gitclone.com/github.com/MetaCubeX/Clash.Meta synced 2024-11-14 21:31:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: add length check for ssr auth_aes128_sha1 (#2129)

Browse Source
This commit is contained in:
Kaming Chan 2022-05-13 11:21:39 +08:00 committed by GitHub
parent 5dd94c8298
commit da7ffc0da9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
transport/ssr/protocol/auth_aes128_sha1.go
View File

@ -154,6 +154,9 @@ func (a *authAES128) Encode(buf *bytes.Buffer, b []byte) error {
}
func (a *authAES128) DecodePacket(b []byte) ([]byte, error) {
if len(b) < 4 {
return nil, errAuthAES128LengthError
}
if !bytes.Equal(a.hmac(a.Key, b[:len(b)-4])[:4], b[len(b)-4:]) {
return nil, errAuthAES128ChksumError
}