🚓 Shadowsocks 2022 TCP server: reject requests whose first payload chunk contains neither padding nor initial payload

Author: database64128

service/tcp.go

@@ -278,7 +278,7 @@ func (s *tcpService) handleConnection(clientTCPConn tfo.Conn) {
 		}
 
 		ssr := ss.NewShadowsocksReader(clientReader, cipherEntry.Cipher)
-		tgtAddr, err := ss.ParseTCPReqHeader(ssr, cipherEntry.Cipher.Config(), ss.HeaderTypeClientStream)
+		tgtAddr, initPayload, err := ss.ParseTCPReqHeader(ssr, cipherEntry.Cipher.Config(), ss.HeaderTypeClientStream)
 		if err != nil {
 			logger.Warn("Failed to parse header",
 				zap.Stringer("clientConnLocalAddress", clientLocalAddr),
@@ -343,6 +343,20 @@ func (s *tcpService) handleConnection(clientTCPConn tfo.Conn) {
 			return onet.NewConnectionError("ERR_CREATE_SS_WRITER", "Failed to create Shadowsocks writer", err)
 		}
 
+		// Write initial payload.
+		if len(initPayload) > 0 {
+			_, err = tgtConn.Write(initPayload)
+			if err != nil {
+				logger.Warn("Failed to write initial payload client -> target",
+					zap.Stringer("clientConnLocalAddress", clientLocalAddr),
+					zap.Stringer("clientConnRemoteAddress", clientRemoteAddr),
+					zap.String("targetAddress", tgtAddr),
+					zap.Error(err),
+				)
+				return onet.NewConnectionError("ERR_WRITE_INIT_PAYLOAD", "Failed to write initial payload", err)
+			}
+		}
+
 		fromClientErrCh := make(chan error)
 		go func() {
 			_, fromClientErr := ssr.WriteTo(tgtConn)

shadowsocks/header.go

@@ -11,7 +11,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/Shadowsocks-NET/outline-ss-server/slicepool"
 	"github.com/Shadowsocks-NET/outline-ss-server/socks"
 )
 
@@ -36,78 +35,79 @@ const (
 )
 
 var (
-	ErrBadTimestamp            = errors.New("time diff is over 30 seconds")
-	ErrTypeMismatch            = errors.New("header type mismatch")
-	ErrPaddingLengthOutOfRange = errors.New("padding length is less than 0 or greater than 900")
-	ErrClientSaltMismatch      = errors.New("client salt in response header does not match request")
-	ErrSessionIDMismatch       = errors.New("unexpected session ID")
-
-	tcpReqHeaderPool = slicepool.MakePool(TCPReqHeaderMaxLength)
+	ErrIncompleteHeaderInFirstChunk = errors.New("header in first chunk is missing or incomplete")
+	ErrPaddingExceedChunkBorder     = errors.New("padding in first chunk is shorter than advertised")
+	ErrBadTimestamp                 = errors.New("time diff is over 30 seconds")
+	ErrTypeMismatch                 = errors.New("header type mismatch")
+	ErrPaddingLengthOutOfRange      = errors.New("padding length is less than 0 or greater than 900")
+	ErrClientSaltMismatch           = errors.New("client salt in response header does not match request")
+	ErrSessionIDMismatch            = errors.New("unexpected session ID")
 )
 
-func ParseTCPReqHeader(r io.Reader, cipherConfig CipherConfig, htype byte) (string, error) {
-	if !cipherConfig.IsSpec2022 {
-		a, err := socks.AddrFromReader(r)
-		if err != nil {
-			return "", err
-		}
-		return a.String(), nil
+// ParseTCPReqHeader reads the first payload chunk, validates the header,
+// and returns the target address, initial payload, or an error.
+//
+// For Shadowsocks 2022, the first payload chunk MUST contain
+// either a non-zero-length padding or initial payload, or both (not recommended client behavior but allowed).
+// If the padding length is 0 and there's no initial payload, an error is returned.
+func ParseTCPReqHeader(r Reader, cipherConfig CipherConfig, htype byte) (string, []byte, error) {
+	// Read first payload chunk.
+	if err := r.EnsureLeftover(); err != nil {
+		return "", nil, err
 	}
+	b := r.LeftoverZeroCopy()
 
-	lazySlice := tcpReqHeaderPool.LazySlice()
-	b := lazySlice.Acquire()
-	defer lazySlice.Release()
+	var offset int
 
-	// Read type & timestamp
-	_, err := io.ReadFull(r, b[:1+8])
-	if err != nil {
-		return "", fmt.Errorf("failed to read type and timestamp: %w", err)
-	}
+	if cipherConfig.IsSpec2022 {
+		if len(b) < 1+8 {
+			return "", nil, ErrIncompleteHeaderInFirstChunk
+		}
 
-	// Verify type
-	if b[0] != htype {
-		return "", ErrTypeMismatch
-	}
+		// Verify type
+		if b[0] != htype {
+			return "", nil, ErrTypeMismatch
+		}
 
-	// Verify timestamp
-	epoch := int64(binary.BigEndian.Uint64(b[1 : 1+8]))
-	nowEpoch := time.Now().Unix()
-	diff := epoch - nowEpoch
-	if diff < -30 || diff > 30 {
-		return "", ErrBadTimestamp
-	}
+		// Verify timestamp
+		epoch := int64(binary.BigEndian.Uint64(b[1 : 1+8]))
+		nowEpoch := time.Now().Unix()
+		diff := epoch - nowEpoch
+		if diff < -30 || diff > 30 {
+			return "", nil, ErrBadTimestamp
+		}
 
-	offset := 1 + 8
+		offset = 1 + 8
+	}
 
 	// Read socks address
-	n, err := socks.ReadAddr(b[offset:], r)
+	socksaddr, err := socks.SplitAddr(b[offset:])
 	if err != nil {
-		return "", fmt.Errorf("failed to read socks address: %w", err)
+		return "", nil, fmt.Errorf("failed to read socks address: %w", err)
 	}
-	socksaddr := socks.Addr(b[offset : offset+n])
-	offset += n
+	offset += len(socksaddr)
 
-	// Read padding length
-	_, err = io.ReadFull(r, b[offset:offset+2])
-	if err != nil {
-		return "", fmt.Errorf("failed to read padding length: %w", err)
-	}
+	if cipherConfig.IsSpec2022 {
+		// Make sure the remaining length > 2 (padding length + either padding or payload)
+		if len(b)-offset <= 2 {
+			return "", nil, ErrIncompleteHeaderInFirstChunk
+		}
 
-	// Verify padding length
-	paddingLen := int(binary.BigEndian.Uint16(b[offset : offset+2]))
-	if paddingLen < MinPaddingLength || paddingLen > MaxPaddingLength {
-		return "", ErrPaddingLengthOutOfRange
-	}
+		// Verify padding length
+		paddingLen := int(binary.BigEndian.Uint16(b[offset : offset+2]))
+		if paddingLen < MinPaddingLength || paddingLen > MaxPaddingLength {
+			return "", nil, ErrPaddingLengthOutOfRange
+		}
+		offset += 2
 
-	// Read padding
-	if paddingLen > 0 {
-		_, err := io.ReadFull(r, b[offset+2:offset+2+paddingLen])
-		if err != nil {
-			return "", fmt.Errorf("failed to read padding: %w", err)
+		// Skip padding.
+		offset += paddingLen
+		if offset >= len(b) {
+			return "", nil, ErrPaddingExceedChunkBorder
 		}
 	}
 
-	return socksaddr.String(), nil
+	return socksaddr.String(), b[offset:], nil
 }
 
 func WriteTCPReqHeader(dst, socksaddr []byte, addPadding bool, cipherConfig CipherConfig) (n int) {

shadowsocks/stream.go

@@ -443,7 +443,16 @@ type Reader interface {
 	io.Reader
 	io.WriterTo
 
+	// Salt returns the salt used by this instance to derive the subkey.
 	Salt() []byte
+
+	// EnsureLeftover makes sure that the leftover slice is not nil.
+	// If it's nil, a read is attempted and the result is returned.
+	EnsureLeftover() error
+
+	// LeftoverZeroCopy returns the leftover slice without copying.
+	// The content of the returned slice won't change until next read.
+	LeftoverZeroCopy() []byte
 }
 
 // readConverter adapts from ChunkReader, with source-controlled
@@ -479,8 +488,14 @@ func (c *readConverter) Salt() []byte {
 	return c.cr.Salt()
 }
 
+func (c *readConverter) LeftoverZeroCopy() (leftover []byte) {
+	leftover = c.leftover
+	c.leftover = nil
+	return
+}
+
 func (c *readConverter) Read(b []byte) (int, error) {
-	if err := c.ensureLeftover(); err != nil {
+	if err := c.EnsureLeftover(); err != nil {
 		return 0, err
 	}
 	n := copy(b, c.leftover)
@@ -490,7 +505,7 @@ func (c *readConverter) Read(b []byte) (int, error) {
 
 func (c *readConverter) WriteTo(w io.Writer) (written int64, err error) {
 	for {
-		if err = c.ensureLeftover(); err != nil {
+		if err = c.EnsureLeftover(); err != nil {
 			if err == io.EOF {
 				err = nil
 			}
@@ -508,7 +523,7 @@ func (c *readConverter) WriteTo(w io.Writer) (written int64, err error) {
 // Ensures that c.leftover is nonempty.  If leftover is empty, this method
 // waits for incoming data and decrypts it.
 // Returns an error only if c.leftover could not be populated.
-func (c *readConverter) ensureLeftover() error {
+func (c *readConverter) EnsureLeftover() error {
 	if len(c.leftover) > 0 {
 		return nil
 	}