From e3f755503217e101d4b2800b076f1b7fe541ed91 Mon Sep 17 00:00:00 2001
From: nadoo <287492+nadoo@users.noreply.github.com>
Date: Fri, 24 Dec 2021 19:40:36 +0800
Subject: [PATCH] vmess: fix aead painc #301 (ref: #302)

---
 README.md                        | 5 +++--
 config.go                        | 8 ++++----
 proxy/vmess/aead.go              | 7 +++++++
 proxy/vmess/chunk_size_parser.go | 8 --------
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 242adf2..b6df850 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,9 @@ VMess scheme:
   vmess://[security:]uuid@host:port[?alterID=num]
     if alterID=0 or not set, VMessAEAD will be enabled
 
+Available securities for vmess:
+  none, aes-128-gcm, chacha20-poly1305
+  
 VLESS scheme:
   vless://uuid@host:port[?fallback=127.0.0.1:80]
 
@@ -224,8 +227,6 @@ Trojan server scheme:
   trojan://pass@host:port?cert=PATH&key=PATH[&fallback=127.0.0.1]
   trojanc://pass@host:port[?fallback=127.0.0.1]     (cleartext, without TLS)
 
-Available securities for vmess:
-  none, aes-128-gcm, chacha20-poly1305
 
 TLS client scheme:
   tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2]
diff --git a/config.go b/config.go
index 138591e..a88e634 100644
--- a/config.go
+++ b/config.go
@@ -186,6 +186,10 @@ func usage() {
 	fmt.Fprintf(w, "    if alterID=0 or not set, VMessAEAD will be enabled\n")
 	fmt.Fprintf(w, "\n")
 
+	fmt.Fprintf(w, "Available securities for vmess:\n")
+	fmt.Fprintf(w, "  none, aes-128-gcm, chacha20-poly1305\n")
+	fmt.Fprintf(w, "\n")
+
 	fmt.Fprintf(w, "VLESS scheme:\n")
 	fmt.Fprintf(w, "  vless://uuid@host:port[?fallback=127.0.0.1:80]\n")
 	fmt.Fprintf(w, "\n")
@@ -200,10 +204,6 @@ func usage() {
 	fmt.Fprintf(w, "  trojanc://pass@host:port[?fallback=127.0.0.1]     (cleartext, without TLS)\n")
 	fmt.Fprintf(w, "\n")
 
-	fmt.Fprintf(w, "Available securities for vmess:\n")
-	fmt.Fprintf(w, "  none, aes-128-gcm, chacha20-poly1305\n")
-	fmt.Fprintf(w, "\n")
-
 	fmt.Fprintf(w, "TLS client scheme:\n")
 	fmt.Fprintf(w, "  tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2]\n")
 	fmt.Fprintf(w, "\n")
diff --git a/proxy/vmess/aead.go b/proxy/vmess/aead.go
index 7436c61..c37841e 100644
--- a/proxy/vmess/aead.go
+++ b/proxy/vmess/aead.go
@@ -88,6 +88,11 @@ func (r *aeadReader) read(p []byte) (int, error) {
 	if err != nil {
 		return 0, err
 	}
+
+	if int(size) > len(p) {
+		return 0, io.EOF
+	}
+
 	p = p[:size]
 	if _, err := io.ReadFull(r.Reader, p); err != nil {
 		return 0, err
@@ -106,6 +111,8 @@ func (r *aeadReader) read(p []byte) (int, error) {
 
 func (r *aeadReader) Read(p []byte) (int, error) {
 	if r.buf == nil {
+		// https://www.v2fly.org/en_US/developer/protocols/vmess.html#standard-format
+		// According to the spec, the maximum data length is 2^14 (chunkSize)
 		if len(p) >= chunkSize {
 			return r.read(p)
 		}
diff --git a/proxy/vmess/chunk_size_parser.go b/proxy/vmess/chunk_size_parser.go
index 3ee3df4..e173a14 100644
--- a/proxy/vmess/chunk_size_parser.go
+++ b/proxy/vmess/chunk_size_parser.go
@@ -51,11 +51,3 @@ func (s *ShakeSizeParser) Encode(size uint16, b []byte) []byte {
 	binary.BigEndian.PutUint16(b, mask^size)
 	return b[:2]
 }
-
-func (s *ShakeSizeParser) NextPaddingLen() uint16 {
-	return s.next() % 64
-}
-
-func (s *ShakeSizeParser) MaxPaddingLen() uint16 {
-	return 64
-}