|
|
@@ -35,7 +35,7 @@ func wrapSysConn(rawConn net.PacketConn, config *Config) (*sysConn, error) {
|
|
|
}, nil
|
|
|
}
|
|
|
|
|
|
-var errCipherError = errors.New("cipher error")
|
|
|
+var errInvalidPacket = errors.New("invalid packet")
|
|
|
|
|
|
func (c *sysConn) readFromInternal(p []byte) (int, net.Addr, error) {
|
|
|
buffer := getBuffer()
|
|
|
@@ -48,6 +48,9 @@ func (c *sysConn) readFromInternal(p []byte) (int, net.Addr, error) {
|
|
|
|
|
|
payload := buffer[:nBytes]
|
|
|
if c.header != nil {
|
|
|
+ if len(payload) <= int(c.header.Size()) {
|
|
|
+ return 0, nil, errInvalidPacket
|
|
|
+ }
|
|
|
payload = payload[c.header.Size():]
|
|
|
}
|
|
|
|
|
|
@@ -56,12 +59,16 @@ func (c *sysConn) readFromInternal(p []byte) (int, net.Addr, error) {
|
|
|
return n, addr, nil
|
|
|
}
|
|
|
|
|
|
+ if len(payload) <= c.auth.NonceSize() {
|
|
|
+ return 0, nil, errInvalidPacket
|
|
|
+ }
|
|
|
+
|
|
|
nonce := payload[:c.auth.NonceSize()]
|
|
|
payload = payload[c.auth.NonceSize():]
|
|
|
|
|
|
p, err = c.auth.Open(p[:0], nonce, payload, nil)
|
|
|
if err != nil {
|
|
|
- return 0, nil, errCipherError
|
|
|
+ return 0, nil, errInvalidPacket
|
|
|
}
|
|
|
|
|
|
return len(p), addr, nil
|
|
|
@@ -74,7 +81,7 @@ func (c *sysConn) ReadFrom(p []byte) (int, net.Addr, error) {
|
|
|
|
|
|
for {
|
|
|
n, addr, err := c.readFromInternal(p)
|
|
|
- if err != nil && err != errCipherError {
|
|
|
+ if err != nil && err != errInvalidPacket {
|
|
|
return 0, nil, err
|
|
|
}
|
|
|
if err == nil {
|
Darien Raymond