From a42d3a68d088151fd1eda83af0d30231161becb5 Mon Sep 17 00:00:00 2001 From: nadoo <287492+nadoo@users.noreply.github.com> Date: Fri, 21 Aug 2020 23:54:18 +0800 Subject: [PATCH] dns: check length in UnmarshalDomain to avoid panic --- dns/client.go | 4 ++-- dns/message.go | 4 ++++ go.mod | 6 +++--- go.sum | 10 ++++++---- proxy/ss/ss.go | 2 +- proxy/uottun/uottun.go | 3 ++- 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/dns/client.go b/dns/client.go index e280024..51be180 100644 --- a/dns/client.go +++ b/dns/client.go @@ -14,7 +14,7 @@ import ( ) // HandleFunc function handles the dns TypeA or TypeAAAA answer. -type HandleFunc func(Domain, ip string) error +type HandleFunc func(domain, ip string) error // Config for dns. type Config struct { @@ -55,7 +55,7 @@ func NewClient(proxy proxy.Proxy, config *Config) (*Client, error) { } // Exchange handles request message and returns response message. -// reqBytes = reqLen + reqMsg +// NOTE: reqBytes = reqLen + reqMsg. func (c *Client) Exchange(reqBytes []byte, clientAddr string, preferTCP bool) ([]byte, error) { req, err := UnmarshalMessage(reqBytes[2:]) if err != nil { diff --git a/dns/message.go b/dns/message.go index 7481803..3cdde75 100644 --- a/dns/message.go +++ b/dns/message.go @@ -415,6 +415,10 @@ func (m *Message) UnmarshalDomain(b []byte) (string, int, error) { break } else if b[idx]&0xC0 == 0xC0 { + if len(b[idx:]) < 2 { + return "", 0, errors.New("UnmarshalDomain: not enough size for compressed domain") + } + offset := binary.BigEndian.Uint16(b[idx : idx+2]) label, err := m.UnmarshalDomainPoint(int(offset & 0x3FFF)) if err != nil { diff --git a/go.mod b/go.mod index 4a2edf2..1114178 100644 --- a/go.mod +++ b/go.mod @@ -8,10 +8,10 @@ require ( github.com/nadoo/go-shadowsocks2 v0.1.2 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect github.com/xtaci/kcp-go/v5 v5.5.15 - golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de + golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc // indirect - golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed // indirect - golang.org/x/tools v0.0.0-20200815165600-90abf76919f3 // indirect + golang.org/x/sys v0.0.0-20200821140526-fda516888d29 // indirect + golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7 // indirect gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect ) diff --git a/go.sum b/go.sum index 18671e7..6ec9773 100644 --- a/go.sum +++ b/go.sum @@ -86,6 +86,8 @@ golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM= +golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= @@ -115,15 +117,15 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9 h1:yi1hN8dcqI9l8klZfy4B8mJvFmmAxJEePIQQFNSd7Cs= golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ= -golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200821140526-fda516888d29 h1:mNuhGagCf3lDDm5C0376C/sxh6V7fy9WbdEu/YDNA04= +golang.org/x/sys v0.0.0-20200821140526-fda516888d29/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200425043458-8463f397d07c h1:iHhCR0b26amDCiiO+kBguKZom9aMF+NrFxh9zeKR/XU= golang.org/x/tools v0.0.0-20200425043458-8463f397d07c/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200808161706-5bf02b21f123/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200815165600-90abf76919f3 h1:0aScV/0rLmANzEYIhjCOi2pTvDyhZNduBUMD2q3iqs4= -golang.org/x/tools v0.0.0-20200815165600-90abf76919f3/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7 h1:E83yjTcMGvlL0ixGmFgJr/jvcp8L2LPDg7K0MQONeGA= +golang.org/x/tools v0.0.0-20200821144610-c886c0b611b7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= diff --git a/proxy/ss/ss.go b/proxy/ss/ss.go index 9fbd83e..9f8a209 100644 --- a/proxy/ss/ss.go +++ b/proxy/ss/ss.go @@ -127,7 +127,7 @@ func (s *SS) Serve(c net.Conn) { n, err := c.Read(buf) if err != nil { - log.F("[ss-uottun] error in ioutil.ReadAll: %s\n", err) + log.F("[ss-uottun] error in read: %s\n", err) return } diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go index 3bbe142..97cdb54 100644 --- a/proxy/uottun/uottun.go +++ b/proxy/uottun/uottun.go @@ -88,9 +88,10 @@ func (s *UoTTun) ListenAndServe() { } // remote forwarder, udp over tcp + // TODO: check here carefully, ReadAll allocates buffer and may leads to memory leak. resp, err := ioutil.ReadAll(rc) if err != nil { - log.F("error in ioutil.ReadAll: %s\n", err) + log.F("[uottun] error in ioutil.ReadAll: %s\n", err) return } rc.Close()