Skip to content

Commit

Permalink
check UDP packet's data length before decrypt_packet
Browse files Browse the repository at this point in the history 
fixes shadowsocks/crypto2#8
  • Loading branch information
@zonyitoo
zonyitoo committed Dec 31, 2020
1 parent 474e57a commit 9abf384
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions crates/shadowsocks/src/relay/udprelay/crypto_io.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,10 @@ async fn decrypt_payload_aead(
let mut cipher = Cipher::new(method, &key, &salt);
let tag_len = cipher.tag_len();

if data.len() < tag_len {
return Err(io::Error::new(io::ErrorKind::Other, "udp packet too short for tag"));
}

if !cipher.decrypt_packet(data) {
return Err(io::Error::new(io::ErrorKind::Other, "invalid tag-in"));
}
Expand Down

0 comments on commit 9abf384

Please sign in to comment.