From f989fd4d37dbec66ab847f59283e1cd2ce64018d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A0=B4=E5=A8=83=E9=85=B1?= Date: Tue, 16 Aug 2016 14:02:11 +0800 Subject: [PATCH] fix error return --- shadowsocks/obfsplugin/auth.py | 44 ++++++++++++++++------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py index afe27bc..8b673f3 100644 --- a/shadowsocks/obfsplugin/auth.py +++ b/shadowsocks/obfsplugin/auth.py @@ -63,6 +63,7 @@ class verify_base(plain.plain): def __init__(self, method): super(verify_base, self).__init__(method) self.method = method + self.no_compatible_method = '' def init_data(self): return '' @@ -82,6 +83,12 @@ class verify_base(plain.plain): def server_decode(self, buf): return (buf, True, False) + def not_match_return(self, buf): + self.raw_trans = True + if self.method == self.no_compatible_method: + return (b'E'*64, False) + return (buf, False) + class client_queue(object): def __init__(self, begin_id): self.front = begin_id - 64 @@ -189,6 +196,7 @@ class auth_sha1(verify_base): self.client_id = 0 self.connection_id = 0 self.max_time_dif = 60 * 60 # time dif (second) setting + self.no_compatible_method = 'auth_sha1' def init_data(self): return obfs_auth_data() @@ -294,45 +302,38 @@ class auth_sha1(verify_base): return (b'', False) crc = struct.pack('H', self.recv_buf[4:6])[0] if length > len(self.recv_buf): return (b'', False) sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] if sha1data != self.recv_buf[length - 10:length]: logging.error('auth_sha1 data uncorrect auth HMAC-SHA1') - return (b'E', False) + return self.not_match_return(self.recv_buf) pos = common.ord(self.recv_buf[6]) + 6 out_buf = self.recv_buf[pos:length - 10] if len(out_buf) < 12: - self.raw_trans = True self.recv_buf = b'' logging.info('auth_sha1: too short') - return (b'E', False) + return self.not_match_return(self.recv_buf) utc_time = struct.unpack(' self.max_time_dif \ or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2: - self.raw_trans = True self.recv_buf = b'' logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),)) - return (b'E', False) + return self.not_match_return(self.recv_buf) elif self.server_info.data.insert(client_id, connection_id): self.has_recv_header = True out_buf = out_buf[12:] self.client_id = client_id self.connection_id = connection_id else: - self.raw_trans = True self.recv_buf = b'' logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),)) - return (b'E', False) + return self.not_match_return(self.recv_buf) self.recv_buf = self.recv_buf[length:] self.has_recv_header = True @@ -418,6 +419,7 @@ class auth_sha1_v2(verify_base): self.client_id = 0 self.connection_id = 0 self.salt = b"auth_sha1_v2" + self.no_compatible_method = 'auth_sha1_v2' def init_data(self): return obfs_auth_v2_data() @@ -534,29 +536,24 @@ class auth_sha1_v2(verify_base): return (b'', False) crc = struct.pack('H', self.recv_buf[4:6])[0] if length > len(self.recv_buf): return (b'', False) sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] if sha1data != self.recv_buf[length - 10:length]: logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1') - return (b'E', False) + return self.not_match_return(self.recv_buf) pos = common.ord(self.recv_buf[6]) if pos < 255: pos += 6 else: pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6 out_buf = self.recv_buf[pos:length - 10] - if len(out_buf) < 8: - self.raw_trans = True + if len(out_buf) < 12: self.recv_buf = b'' - logging.info('auth_sha1_v2: too short') - return (b'E', False) + logging.info('auth_sha1_v2: too short, data %s' % (binascii.hexlify(out_buf),)) + return self.not_match_return(self.recv_buf) client_id = struct.unpack('