Fix DoS attack vulnerability in CommandSwitchAccountFactory

This commit is contained in:
Shelikhoo 2021-12-05 19:15:38 +00:00 committed by yuhan6665
parent 4fc284a8e9
commit 6fb5c887b2
2 changed files with 22 additions and 1 deletions

View File

@ -139,7 +139,7 @@ func (f *CommandSwitchAccountFactory) Unmarshal(data []byte) (interface{}, error
} }
cmd.Level = uint32(data[levelStart]) cmd.Level = uint32(data[levelStart])
timeStart := levelStart + 1 timeStart := levelStart + 1
if len(data) < timeStart { if len(data) < timeStart+1 {
return nil, newError("insufficient length.") return nil, newError("insufficient length.")
} }
cmd.ValidMin = data[timeStart] cmd.ValidMin = data[timeStart]

View File

@ -4,6 +4,7 @@ import (
"testing" "testing"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
"github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/buf"
@ -35,3 +36,23 @@ func TestSwitchAccount(t *testing.T) {
t.Error(r) t.Error(r)
} }
} }
func TestSwitchAccountBugOffByOne(t *testing.T) {
sa := &protocol.CommandSwitchAccount{
Port: 1234,
ID: uuid.New(),
AlterIds: 1024,
Level: 128,
ValidMin: 16,
}
buffer := buf.New()
csaf := CommandSwitchAccountFactory{}
common.Must(csaf.Marshal(sa, buffer))
Payload := buffer.Bytes()
cmd, err := csaf.Unmarshal(Payload[:len(Payload)-1])
assert.Error(t, err)
assert.Nil(t, cmd)
}