From 13579f1ca437f81175b638ebc2a49beec0ff33d6 Mon Sep 17 00:00:00 2001 From: BreakWa11 Date: Mon, 14 Dec 2015 02:32:24 +0800 Subject: [PATCH] return after destory fix "tls1.0_session_auth" --- shadowsocks/obfsplugin/auth.py | 10 ++-------- shadowsocks/obfsplugin/obfs_tls.py | 4 +++- shadowsocks/obfsplugin/verify.py | 15 +++------------ shadowsocks/tcprelay.py | 3 +++ 4 files changed, 11 insertions(+), 21 deletions(-) diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py index 0f639aa..16ee20a 100644 --- a/shadowsocks/obfsplugin/auth.py +++ b/shadowsocks/obfsplugin/auth.py @@ -247,20 +247,14 @@ class auth_simple(verify_base): if length >= 8192 or length < 7: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data error') + raise Exception('client_post_decrypt data error') if length > len(self.recv_buf): break if (binascii.crc32(self.recv_buf[:length]) & 0xffffffff) != 0xffffffff: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data uncorrect CRC32') + raise Exception('client_post_decrypt data uncorrect CRC32') pos = common.ord(self.recv_buf[2]) + 2 out_buf += self.recv_buf[pos:length - 4] diff --git a/shadowsocks/obfsplugin/obfs_tls.py b/shadowsocks/obfsplugin/obfs_tls.py index 82f25d0..3f98dd6 100644 --- a/shadowsocks/obfsplugin/obfs_tls.py +++ b/shadowsocks/obfsplugin/obfs_tls.py @@ -268,9 +268,11 @@ class tls_auth(plain.plain): if sha1 != verifyid[22:]: logging.debug("tls_auth wrong sha1") return self.decode_error_return(ogn_buf) - if verifyid[4:22] in self.server_info.data.client_data: + if self.server_info.data.client_data.get(verifyid[:22]): logging.error("replay attack detect, id = %s" % (binascii.hexlify(verifyid))) return self.decode_error_return(ogn_buf) + self.server_info.data.client_data.sweep() + self.server_info.data.client_data[verifyid[:22]] = sessionid # (buffer_to_recv, is_need_decrypt, is_need_to_encode_and_send_back) return (b'', False, True) diff --git a/shadowsocks/obfsplugin/verify.py b/shadowsocks/obfsplugin/verify.py index 8b17345..fada8d9 100644 --- a/shadowsocks/obfsplugin/verify.py +++ b/shadowsocks/obfsplugin/verify.py @@ -124,20 +124,14 @@ class verify_simple(verify_base): if length >= 8192 or length < 7: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data error') + raise Exception('client_post_decrypt data error') if length > len(self.recv_buf): break if (binascii.crc32(self.recv_buf[:length]) & 0xffffffff) != 0xffffffff: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data uncorrect CRC32') + raise Exception('client_post_decrypt data uncorrect CRC32') pos = common.ord(self.recv_buf[2]) + 2 out_buf += self.recv_buf[pos:length - 4] @@ -221,10 +215,7 @@ class verify_deflate(verify_base): if length >= 32768 or length < 6: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data error') + raise Exception('client_post_decrypt data error') if length > len(self.recv_buf): break diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py index 2773d8b..ac9e8fb 100644 --- a/shadowsocks/tcprelay.py +++ b/shadowsocks/tcprelay.py @@ -603,6 +603,7 @@ class TCPRelayHandler(object): except Exception as e: shell.print_exception(e) self.destroy() + return if obfs_decode[2]: self._write_to_sock(b'', self._local_sock) if obfs_decode[1]: @@ -674,6 +675,7 @@ class TCPRelayHandler(object): except Exception as e: shell.print_exception(e) self.destroy() + return if obfs_decode[1]: send_back = self._obfs.client_encode(b'') self._write_to_sock(send_back, self._remote_sock) @@ -686,6 +688,7 @@ class TCPRelayHandler(object): except Exception as e: shell.print_exception(e) self.destroy() + return else: if self._encrypt_correct: data = self._protocol.server_pre_encrypt(data)