vbatts/shadowsocks
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

disconnect if wrong handshake package

Browse source
This commit is contained in:
BreakWa11 2015-12-21 18:43:47 +08:00
parent 80604a9421
commit 202f0f6142
1 changed files with 7 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
shadowsocks/obfsplugin/obfs_tls.py
View file

@ -176,12 +176,10 @@ class tls_auth(plain.plain):
if self.has_recv_header: if self.has_recv_header:
return (buf, False) return (buf, False)
if len(buf) < 11 + 32 + 1 + 32: if len(buf) < 11 + 32 + 1 + 32:
logging.error('client_decode data error') raise Exception('client_decode data error')
return (b'', True)
verify = buf[11:33] verify = buf[11:33]
if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]: if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]:
logging.error('client_decode data error') raise Exception('client_decode data error')
return (b'', True)
self.has_recv_header = True self.has_recv_header = True
return (b'', True) return (b'', True)
@ -212,21 +210,16 @@ class tls_auth(plain.plain):
verify = buf verify = buf
verify_len = 43 - 10 verify_len = 43 - 10
if len(buf) < 43: if len(buf) < 43:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
buf = buf[6:] buf = buf[6:]
if not match_begin(buf, b"\x16" + self.tls_version + "\x00\x20"): #Finished if not match_begin(buf, b"\x16" + self.tls_version + "\x00\x20"): #Finished
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]: if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
if len(buf) < 37: if len(buf) < 37:
logging.error('server_decode data error') raise Exception('server_decode data error')
return self.decode_error_return(b'')
buf = buf[37:] buf = buf[37:]
self.raw_trans_recv = True self.raw_trans_recv = True
return (buf, True, False) return (buf, True, False)