Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix DoS attack vulnerability in CommandSwitchAccountFactory
  • Loading branch information
xiaokangwang committed Dec 5, 2021
1 parent 7b0699e commit c1af2bf
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
2 changes: 1 addition & 1 deletion proxy/vmess/encoding/commands.go
Expand Up @@ -139,7 +139,7 @@ func (f *CommandSwitchAccountFactory) Unmarshal(data []byte) (interface{}, error
}
cmd.Level = uint32(data[levelStart])
timeStart := levelStart + 1
if len(data) < timeStart {
if len(data) < timeStart+1 {
return nil, newError("insufficient length.")
}
cmd.ValidMin = data[timeStart]
Expand Down
21 changes: 21 additions & 0 deletions proxy/vmess/encoding/commands_test.go
@@ -1,6 +1,7 @@
package encoding_test

import (
"github.com/stretchr/testify/assert"
"testing"

"github.com/google/go-cmp/cmp"
Expand Down Expand Up @@ -35,3 +36,23 @@ func TestSwitchAccount(t *testing.T) {
t.Error(r)
}
}

func TestSwitchAccountBugOffByOne(t *testing.T) {
sa := &protocol.CommandSwitchAccount{
Port: 1234,
ID: uuid.New(),
AlterIds: 1024,
Level: 128,
ValidMin: 16,
}

buffer := buf.New()
csaf := CommandSwitchAccountFactory{}
common.Must(csaf.Marshal(sa, buffer))

Payload := buffer.Bytes()

cmd, err := csaf.Unmarshal(Payload[:len(Payload)-1])
assert.Error(t, err)
assert.Nil(t, cmd)
}

0 comments on commit c1af2bf

Please sign in to comment.