From 494a10971b7c942f4c72ffe0ff116f21481b0bd9 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 20 Nov 2022 18:54:07 -0500 Subject: [PATCH] Fix xtls vision issue with big server hello --- proxy/vless/encoding/encoding.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 950cabd0..836007bb 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -406,7 +406,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt startsBytes := b.BytesTo(6) if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == 0x02 { total := (int(startsBytes[3])<<8 | int(startsBytes[4])) + 5 - if b.Len() >= int32(total) && total >= 74 { + if b.Len() >= 74 && total >= 74 { if bytes.Contains(b.BytesTo(int32(total)), tls13SupportedVersions) { sessionIdLen := int32(b.Byte(43)) cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3) @@ -417,22 +417,24 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt } else if (v != "TLS_AES_128_CCM_8_SHA256") { *enableXtls = true } - newError("XtlsFilterTls13 found tls 1.3! ", buffer.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsFilterTls found tls 1.3! ", buffer.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) } else { - newError("XtlsFilterTls13 found tls 1.2! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsFilterTls found tls 1.2! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } *isTLS12orAbove = true *isTLS = true *numberOfPacketToFilter = 0 return + } else { + newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", total).WriteToLog(session.ExportIDToError(ctx)) } } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == 0x01 { *isTLS = true - newError("XtlsFilterTls13 found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } } if *numberOfPacketToFilter <= 0 { - newError("XtlsFilterTls13 stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } } }