diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py index b787b33..943caa1 100755 --- a/shadowsocks/obfsplugin/auth.py +++ b/shadowsocks/obfsplugin/auth.py @@ -1319,12 +1319,12 @@ class auth_aes128_sha1(auth_base): sendback = False if not self.has_recv_header: - if len(self.recv_buf) < 7: - return (b'', False) - mac_key = self.server_info.recv_iv + self.server_info.key - sha1data = hmac.new(mac_key, self.recv_buf[:1], self.hashfunc).digest()[:6] - if sha1data != self.recv_buf[1:7]: - return self.not_match_return(self.recv_buf) + if len(self.recv_buf) >= 7 or len(self.recv_buf) in [2, 3]: + recv_len = min(len(self.recv_buf), 7) + mac_key = self.server_info.recv_iv + self.server_info.key + sha1data = hmac.new(mac_key, self.recv_buf[:1], self.hashfunc).digest()[:recv_len - 1] + if sha1data != self.recv_buf[1:recv_len]: + return self.not_match_return(self.recv_buf) if len(self.recv_buf) < 31: return (b'', False) diff --git a/shadowsocks/obfsplugin/http_simple.py b/shadowsocks/obfsplugin/http_simple.py index 6549f77..19e2a75 100644 --- a/shadowsocks/obfsplugin/http_simple.py +++ b/shadowsocks/obfsplugin/http_simple.py @@ -168,6 +168,11 @@ class http_simple(plain.plain): return (b'E'*2048, False, False) return (buf, True, False) + def error_return(self, buf): + self.has_sent_header = True + self.has_recv_header = True + return (b'E'*2048, False, False) + def server_decode(self, buf): if self.has_recv_header: return (buf, True, False) @@ -199,10 +204,10 @@ class http_simple(plain.plain): if host not in hosts: return self.not_match_return(buf) if len(ret_buf) < 4: - return self.not_match_return(buf) + return self.error_return(buf) if len(datas) > 1: ret_buf += datas[1] - if len(ret_buf) >= 7: + if len(ret_buf) >= 13: self.has_recv_header = True return (ret_buf, True, False) return self.not_match_return(buf)