mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-05-17 09:38:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

QUIC sniffer: Fix potential slice panic (#4732)

Browse source 
Fixes https://github.com/XTLS/Xray-core/issues/3914#issuecomment-2853392827
This commit is contained in:
风扇滑翔翼 2025-05-16 20:08:29 +08:00 committed by GitHub
parent bb0e561caf
commit ef1c165cc5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/protocol/quic/sniff.go
View file

@ -114,6 +114,10 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
if err != nil { if err != nil {
return nil, errNotQuic return nil, errNotQuic
} }
// packetLen is impossible to be shorter than this
if packetLen < 4 {
return nil, errNotQuic
}
hdrLen := len(b) - int(buffer.Len()) hdrLen := len(b) - int(buffer.Len())
if len(b) < hdrLen+int(packetLen) { if len(b) < hdrLen+int(packetLen) {

18
common/protocol/quic/sniff_test.go
View file

@ -267,3 +267,21 @@ func TestSniffQUICPacketNumberLength4(t *testing.T) {
t.Error("failed") t.Error("failed")
} }
} }
func TestSniffFakeQUICPacketWithInvalidPacketNumberLength(t *testing.T) {
pkt, err := hex.DecodeString("cb00000001081c8c6d5aeb53d54400000090709b8600000000000000000000000000000000")
common.Must(err)
_, err = quic.SniffQUIC(pkt)
if err == nil {
t.Error("failed")
}
}
func TestSniffFakeQUICPacketWithTooShortData(t *testing.T) {
pkt, err := hex.DecodeString("cb00000001081c8c6d5aeb53d54400000090709b86")
common.Must(err)
_, err = quic.SniffQUIC(pkt)
if err == nil {
t.Error("failed")
}
}