From 4e21f83bd66287c54d15c08d5a85d47d68777c92 Mon Sep 17 00:00:00 2001
From: Zou Yong <zouy02@gmail.com>
Date: Wed, 15 Mar 2017 00:35:17 +0800
Subject: [PATCH] Handle cipher exceptions #783 (#791)

---
 shadowsocks/tcprelay.py |  1 +
 shadowsocks/tunnel.py   |  0
 shadowsocks/udprelay.py | 35 +++++++++++++++++++++++++----------
 3 files changed, 26 insertions(+), 10 deletions(-)
 mode change 100644 => 100755 shadowsocks/tunnel.py

diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
index c57406d..ea85e4d 100644
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@@ -641,6 +641,7 @@ class TCPRelayHandler(object):
             logging.error(eventloop.get_sock_error(self._remote_sock))
         self.destroy()
 
+    @shell.exception_handle(self_=True, destroy=True)
     def handle_event(self, sock, event):
         # handle all events in this handler and dispatch them to methods
         if self._stage == STAGE_DESTROYED:
diff --git a/shadowsocks/tunnel.py b/shadowsocks/tunnel.py
old mode 100644
new mode 100755
diff --git a/shadowsocks/udprelay.py b/shadowsocks/udprelay.py
index e966541..38af1b6 100644
--- a/shadowsocks/udprelay.py
+++ b/shadowsocks/udprelay.py
@@ -170,14 +170,16 @@ class UDPRelay(object):
                 else:
                     data = data[3:]
         else:
-            data, key, iv = cryptor.decrypt_all(self._password,
-                                                self._method,
-                                                data)
             # decrypt data
+            try:
+                data, key, iv = cryptor.decrypt_all(self._password,
+                                                    self._method,
+                                                    data)
+            except Exception:
+                logging.debug('UDP handle_server: decrypt data failed')
+                return
             if not data:
-                logging.debug(
-                    'UDP handle_server: data is empty after decrypt'
-                )
+                logging.debug('UDP handle_server: data is empty after decrypt')
                 return
         header_result = parse_header(data)
         if header_result is None:
@@ -238,7 +240,11 @@ class UDPRelay(object):
             # spec https://shadowsocks.org/en/spec/one-time-auth.html
             if self._ota_enable_session:
                 data = self._ota_chunk_data_gen(key, iv, data)
-            data = cryptor.encrypt_all_m(key, iv, m, self._method, data)
+            try:
+                data = cryptor.encrypt_all_m(key, iv, m, self._method, data)
+            except Exception:
+                logging.debug("UDP handle_server: encrypt data failed")
+                return
             if not data:
                 return
         else:
@@ -267,12 +273,21 @@ class UDPRelay(object):
                 # drop
                 return
             data = pack_addr(r_addr[0]) + struct.pack('>H', r_addr[1]) + data
-            response = cryptor.encrypt_all(self._password, self._method, data)
+            try:
+                response = cryptor.encrypt_all(self._password,
+                                               self._method, data)
+            except Exception:
+                logging.debug("UDP handle_client: encrypt data failed")
+                return
             if not response:
                 return
         else:
-            data, key, iv = cryptor.decrypt_all(self._password,
-                                                self._method, data)
+            try:
+                data, key, iv = cryptor.decrypt_all(self._password,
+                                                    self._method, data)
+            except Exception:
+                logging.debug('UDP handle_client: decrypt data failed')
+                return
             if not data:
                 return
             header_result = parse_header(data)