dns: add length check to avoid panic

2025-02-23 01:15:41 +08:00 · 2020-05-05 01:30:57 +08:00 · 2020-05-05 01:30:57 +08:00 · e3c57ba369
commit e3c57ba369
parent 665d722d2c
6 changed files with 20 additions and 55 deletions
--- a/README.md
+++ b/README.md
@ -90,7 +90,7 @@ glider -h
 <summary>click to see details</summary>

 ```bash
-./glider 0.10.0 usage:
+glider 0.10.0 usage:
  -checkdisabledonly
    	check disabled fowarders only
  -checkinterval int
@ -138,30 +138,9 @@ glider -h
  -verbose
    	verbose mode

-Available Schemes:
-  mixed: serve as a http/socks5 proxy on the same port. (default)
-  ss: ss proxy
-  socks4: socks4 proxy
-  socks5: socks5 proxy
-  http: http proxy
-  ssr: ssr proxy
-  vmess: vmess proxy
-  trojan: trojan proxy
-  tls: tls transport
-  ws: websocket transport
-  redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
-  redir6: redirect proxy(ipv6)
-  tcptun: tcp tunnel
-  udptun: udp tunnel
-  uottun: udp over tcp tunnel
-  unix: unix domain socket
-  kcp: kcp protocol
-  simple-obfs: simple-obfs protocol
-  reject: a virtual proxy which just reject connections
-
-Available schemes for different modes:
+Available schemes:
  listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix kcp
-  forward: reject ss socks5 http ssr vmess trojan tls ws unix kcp simple-obfs
+  forward: reject ss socks4 socks5 http ssr ssh vmess trojan tls ws unix kcp simple-obfs

 SS scheme:
  ss://method:pass@host:port
--- a/conf.go
+++ b/conf.go
@ -114,31 +114,9 @@ func usage() {
 	flag.PrintDefaults()
 	fmt.Fprintf(w, "\n")

-	fmt.Fprintf(w, "Available Schemes:\n")
-	fmt.Fprintf(w, "  mixed: serve as a http/socks5 proxy on the same port. (default)\n")
-	fmt.Fprintf(w, "  ss: ss proxy\n")
-	fmt.Fprintf(w, "  socks4: socks4 proxy\n")
-	fmt.Fprintf(w, "  socks5: socks5 proxy\n")
-	fmt.Fprintf(w, "  http: http proxy\n")
-	fmt.Fprintf(w, "  ssr: ssr proxy\n")
-	fmt.Fprintf(w, "  vmess: vmess proxy\n")
-	fmt.Fprintf(w, "  trojan: trojan proxy\n")
-	fmt.Fprintf(w, "  tls: tls transport\n")
-	fmt.Fprintf(w, "  ws: websocket transport\n")
-	fmt.Fprintf(w, "  redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)\n")
-	fmt.Fprintf(w, "  redir6: redirect proxy(ipv6)\n")
-	fmt.Fprintf(w, "  tcptun: tcp tunnel\n")
-	fmt.Fprintf(w, "  udptun: udp tunnel\n")
-	fmt.Fprintf(w, "  uottun: udp over tcp tunnel\n")
-	fmt.Fprintf(w, "  unix: unix domain socket\n")
-	fmt.Fprintf(w, "  kcp: kcp protocol\n")
-	fmt.Fprintf(w, "  simple-obfs: simple-obfs protocol\n")
-	fmt.Fprintf(w, "  reject: a virtual proxy which just reject connections\n")
-	fmt.Fprintf(w, "\n")
-
-	fmt.Fprintf(w, "Available schemes for different modes:\n")
+	fmt.Fprintf(w, "Available schemes:\n")
 	fmt.Fprintf(w, "  listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix kcp\n")
-	fmt.Fprintf(w, "  forward: reject ss socks5 http ssr vmess trojan tls ws unix kcp simple-obfs\n")
+	fmt.Fprintf(w, "  forward: reject ss socks4 socks5 http ssr ssh vmess trojan tls ws unix kcp simple-obfs\n")
 	fmt.Fprintf(w, "\n")

 	fmt.Fprintf(w, "SS scheme:\n")
--- a/dns/client.go
+++ b/dns/client.go
@ -163,7 +163,9 @@ func (c *Client) exchange(qname string, reqBytes []byte, preferTCP bool) (
 		defer rc.Close()

 		// TODO: support timeout setting for different upstream server
-		rc.SetDeadline(time.Now().Add(time.Duration(c.config.Timeout) * time.Second))
+		if c.config.Timeout > 0 {
+			rc.SetDeadline(time.Now().Add(time.Duration(c.config.Timeout) * time.Second))
+		}

 		switch network {
 		case "tcp":
@ -219,14 +221,14 @@ func (c *Client) exchangeUDP(rc net.Conn, reqBytes []byte) ([]byte, error) {
 		return nil, err
 	}

-	reqBytes = make([]byte, 2+UDPMaxLen)
-	n, err := rc.Read(reqBytes[2:])
+	respBytes := make([]byte, 2+UDPMaxLen)
+	n, err := rc.Read(respBytes[2:])
 	if err != nil {
 		return nil, err
 	}
-	binary.BigEndian.PutUint16(reqBytes[:2], uint16(n))
+	binary.BigEndian.PutUint16(respBytes[:2], uint16(n))

-	return reqBytes[:2+n], nil
+	return respBytes[:2+n], nil
 }

 // SetServers sets upstream dns servers for the given domain.
--- a/dns/message.go
+++ b/dns/message.go
@ -403,6 +403,10 @@ func MarshalDomainTo(w io.Writer, domain string) (int, error) {

 // UnmarshalDomain gets domain from bytes.
 func (m *Message) UnmarshalDomain(b []byte) (string, int, error) {
+	if len(b) < 2 {
+		return "", 0, errors.New("UnmarshalDomain: not enough size")
+	}
+
 	var idx, size int
 	var labels = []string{}

--- a/proxy/direct.go
+++ b/proxy/direct.go
@ -89,7 +89,7 @@ func (d *Direct) dial(network, addr string, localIP net.IP) (net.Conn, error) {
 		c.SetKeepAlive(true)
 	}

-	if d.relayTimeout != 0 {
+	if d.relayTimeout > 0 {
 		c.SetDeadline(time.Now().Add(d.relayTimeout))
 	}

--- a/strategy/strategy.go
+++ b/strategy/strategy.go
@ -256,7 +256,9 @@ func checkWebSite(fwdr *Forwarder, website string, timeout time.Duration, buf []
 	}
 	defer rc.Close()

-	rc.SetDeadline(time.Now().Add(timeout))
+	if timeout > 0 {
+		rc.SetDeadline(time.Now().Add(timeout))
+	}

 	_, err = rc.Write([]byte("GET / HTTP/1.0\r\n\r\n"))
 	if err != nil {