dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

disconnect if wrong handshake package

dev
BreakWa11 10 years ago
parent
80604a9421
commit
202f0f6142
1 changed files with 7 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      shadowsocks/obfsplugin/obfs_tls.py

21
shadowsocks/obfsplugin/obfs_tls.py
View File

@ -176,12 +176,10 @@ class tls_auth(plain.plain):
if self.has_recv_header: if self.has_recv_header:
return (buf, False) return (buf, False)
if len(buf) < 11 + 32 + 1 + 32: if len(buf) < 11 + 32 + 1 + 32:
logging.error('client_decode data error') raise Exception('client_decode data error')
return (b'', True)
verify = buf[11:33] verify = buf[11:33]
if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]: if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]:
logging.error('client_decode data error') raise Exception('client_decode data error')
return (b'', True)
self.has_recv_header = True self.has_recv_header = True
return (b'', True) return (b'', True)
@ -212,21 +210,16 @@ class tls_auth(plain.plain):
verify = buf verify = buf
verify_len = 43 - 10 verify_len = 43 - 10
if len(buf) < 43: if len(buf) < 43:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
buf = buf[6:] buf = buf[6:]
if not match_begin(buf, b"\x16" + self.tls_version + "\x00\x20"): #Finished if not match_begin(buf, b"\x16" + self.tls_version + "\x00\x20"): #Finished
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]: if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if len(buf) < 37: if len(buf) < 37:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
buf = buf[37:] buf = buf[37:]
self.raw_trans_recv = True self.raw_trans_recv = True
return (buf, True, False) return (buf, True, False)

Write Preview
Loading…
Cancel
Save