dns: check length in UnmarshalDomain to avoid panic

2025-02-23 01:15:41 +08:00 · 2020-08-21 23:54:18 +08:00 · 2020-08-21 23:54:18 +08:00 · a42d3a68d0
commit a42d3a68d0
parent a118ec5837
6 changed files with 18 additions and 11 deletions
--- a/dns/client.go
+++ b/dns/client.go
@ -14,7 +14,7 @@ import (
 )

 // HandleFunc function handles the dns TypeA or TypeAAAA answer.
-type HandleFunc func(Domain, ip string) error
+type HandleFunc func(domain, ip string) error

 // Config for dns.
 type Config struct {
@ -55,7 +55,7 @@ func NewClient(proxy proxy.Proxy, config *Config) (*Client, error) {
 }

 // Exchange handles request message and returns response message.
-// reqBytes = reqLen + reqMsg
+// NOTE: reqBytes = reqLen + reqMsg.
 func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([]byte, error) {
 	req, err := UnmarshalMessage(reqBytes[2:])
 	if err != nil {
--- a/dns/message.go
+++ b/dns/message.go
@ -415,6 +415,10 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
 			break

 		} else if b[idx]&0xC0 == 0xC0 {
+			if len(b[idx:]) < 2 {
+				return "", 0, errors.New("UnmarshalDomain: not enough size for compressed domain")
+			}
+
 			offset := binary.BigEndian.Uint16(b[idx : idx+2])
 			label, err := m.UnmarshalDomainPoint(int(offset & 0x3FFF))
 			if err != nil {
--- a/go.mod
+++ b/go.mod
@ -8,10 +8,10 @@ require (
 	github.com/nadoo/go-shadowsocks2 v0.1.2
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/xtaci/kcp-go/v5 v5.5.15
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
 	golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc // indirect
-	golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed // indirect
-	golang.org/x/tools v0.0.0-20200815165600-90abf76919f3 // indirect
+	golang.org/x/sys v0.0.0-20200821140526-fda516888d29 // indirect
+	golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 )

--- a/go.sum
+++ b/go.sum
@ -86,6 +86,8 @@ golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
@ -115,15 +117,15 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9 h1:yi1hN8dcqI9l8klZfy4B8mJvFmmAxJEePIQQFNSd7Cs=
 golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ=
-golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200821140526-fda516888d29 h1:mNuhGagCf3lDDm5C0376C/sxh6V7fy9WbdEu/YDNA04=
+golang.org/x/sys v0.0.0-20200821140526-fda516888d29/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200425043458-8463f397d07c h1:iHhCR0b26amDCiiO+kBguKZom9aMF+NrFxh9zeKR/XU=
 golang.org/x/tools v0.0.0-20200425043458-8463f397d07c/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200808161706-5bf02b21f123/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200815165600-90abf76919f3 h1:0aScV/0rLmANzEYIhjCOi2pTvDyhZNduBUMD2q3iqs4=
-golang.org/x/tools v0.0.0-20200815165600-90abf76919f3/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7 h1:E83yjTcMGvlL0ixGmFgJr/jvcp8L2LPDg7K0MQONeGA=
+golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
--- a/proxy/ss/ss.go
+++ b/proxy/ss/ss.go
@ -127,7 +127,7 @@ func (s *SS) Serve(c net.Conn) {

 		n, err := c.Read(buf)
 		if err != nil {
-			log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err)
+			log.F("[ss-uottun] error in read: %s\n", err)
 			return
 		}

--- a/proxy/uottun/uottun.go
+++ b/proxy/uottun/uottun.go
@ -88,9 +88,10 @@ func (s *UoTTun) ListenAndServe() {
 			}

 			// remote forwarder, udp over tcp
+			// TODO: check here carefully, ReadAll allocates buffer and may leads to memory leak.
 			resp, err := ioutil.ReadAll(rc)
 			if err != nil {
-				log.F("error in ioutil.ReadAll: %s\n", err)
+				log.F("[uottun] error in ioutil.ReadAll: %s\n", err)
 				return
 			}
 			rc.Close()