未知原因导致aead解密过程出错而崩溃
Closed this issue · 6 comments
最近ss-rust版本做了一次大升级,性能得到提高的同时,有个问题一直困扰着我。
编译系统:fedora 32
rust tool-chain:nightly-x86_64-unknown-linux-gnu (12-30)
rust编译的版本:shadowsocks/shadowsocks-rust@e048bc2
启动命令:
screen -S ss.rust -d -m -L ./ssserver --config shadowsocks.json -v -U --inbound-send-buffer-size 8192 --inbound-recv-buffer-size 8192 --outbound-send-buffer-size 8192 --outbound-recv-buffer-size 8192运行一段时间,会导致ss服务奔溃。时间周期未测试出来,不过应该跟时间关系不大。
奔溃的日志如下:
thread 'main' panicked at 'assertion failed: aead_pkt.len() >= Self::TAG_LEN', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/shadowsocks-crypto-0.1.0/src/v1/ring.rs:116:9
打开上述的ring.rs文件,定位到116行,代码如下:
#[must_use]
pub fn decrypt_slice(&self, nonce: &[u8], aad: &[u8], aead_pkt: &mut [u8]) -> bool {
assert_eq!(nonce.len(), Self::NONCE_LEN);
assert!(aead_pkt.len() >= Self::TAG_LEN);
let clen = aead_pkt.len() - Self::TAG_LEN;
let nonce = Nonce::try_assume_unique_for_key(nonce).unwrap();
let aad = Aad::from(aad);
match self.cipher.open_in_place(nonce, aad, aead_pkt) {
Ok(plaintext) => {
assert_eq!(plaintext.len(), clen);
true
},
Err(_) => {
false
}
}
}从逻辑来看没什么毛病,不知如何入手解决,麻烦替我看看怎么处理。
Strange. It shouldn't happen.
Strange. It shouldn't happen.
回去后,我把那几个buffer size参数去掉试试
Please rerun with RUST_BACKTRACE=full
I suspect that it happened because decrypt_payload_aead didn't check the received packet before calling decrypt_packet. Some clients sent invalid UDP packets to your server.
I suspect that it is happened because
decrypt_payload_aeaddidn't check the received packet before callingdecrypt_packet. Some clients send invalid UDP packets to your server.
好的,回去我编译试试。