Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix infinite loop when parsing empty nonnative subscription content #3208

Merged
merged 1 commit into from
Oct 27, 2024

Conversation

xiaokangwang
Copy link
Contributor

This pull request fixes issue mentioned in #3206 that there is an infinite loop when vmess link are processed.

Root cause of error: an empty string is a valid base64 string, thus triggering an infinite processing loop.

@xiaokangwang xiaokangwang merged commit 2415b89 into v2fly:master Oct 27, 2024
37 of 39 checks passed
nervmor added a commit to nervmor/v2ray-core that referenced this pull request Nov 11, 2024
* Always use a DNS Message ID of 0 for DoH and DoQ

* Fix DNS servers with same tag wrongly merged

* Do not include index in when adding slice to tree path

* Support "services" root config in cfgv4

* feat: packet_encoding for v4 config

* Fix HTTP2 proxy client with uTLS

* fix fallbackTag missing on leastping balancer

This fix fallbackTag not working when balancer type is set to "leastping"

* Fix `transportcommon.ListenWithSecuritySettings`

* feat: add MPTCP support

* feat: check the network is TCP before set MPTCP

This actually won't have any impact

* style: remove random trailing spaces

更改配置文件时在 config.json 发现一个,顺便看到 debina 更改日志里也有一个。

* Add (Experimental) Meyka Building Blocks to request Transport (v2fly#3120)

* add packetconn assembler

* let kcp use environment dependency injection

* Add destination override to simplified setting

* add dtls dialer

* add dtls listener

* add dtls to default

* fix bugs

* add debug options to freedom outbound

* fix kcp test failure for transport environment

* Chore: bump github.com/miekg/dns from 1.1.59 to 1.1.62

Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.59 to 1.1.62.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.59...v1.1.62)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/quic-go/quic-go from 0.43.0 to 0.46.0

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.43.0 to 0.46.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.43.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/refraction-networking/utls from 1.6.5 to 1.6.7

Bumps [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls) from 1.6.5 to 1.6.7.
- [Release notes](https://github.com/refraction-networking/utls/releases)
- [Commits](refraction-networking/utls@v1.6.5...v1.6.7)

---
updated-dependencies:
- dependency-name: github.com/refraction-networking/utls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix packetconn assembler does not close incoming packet processor

* Chore: bump golang.org/x/sys from 0.19.0 to 0.24.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.24.0.
- [Commits](golang/sys@v0.19.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump golang.org/x/net from 0.24.0 to 0.28.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.28.0.
- [Commits](golang/net@v0.24.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump google.golang.org/grpc from 1.63.2 to 1.65.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.63.2...v1.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump google.golang.org/protobuf from 1.34.0 to 1.34.2

Bumps google.golang.org/protobuf from 1.34.0 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/gorilla/websocket from 1.5.1 to 1.5.3

Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](gorilla/websocket@v1.5.1...v1.5.3)

---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/go-playground/validator/v10

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.20.0 to 10.22.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.20.0...v10.22.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/pion/dtls/v2 from 2.2.7 to 2.2.12

Bumps [github.com/pion/dtls/v2](https://github.com/pion/dtls) from 2.2.7 to 2.2.12.
- [Release notes](https://github.com/pion/dtls/releases)
- [Changelog](https://github.com/pion/dtls/blob/master/.goreleaser.yml)
- [Commits](pion/dtls@v2.2.7...v2.2.12)

---
updated-dependencies:
- dependency-name: github.com/pion/dtls/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/pion/transport/v2 from 2.2.5 to 2.2.10

Bumps [github.com/pion/transport/v2](https://github.com/pion/transport) from 2.2.5 to 2.2.10.
- [Release notes](https://github.com/pion/transport/releases)
- [Changelog](https://github.com/pion/transport/blob/master/.goreleaser.yml)
- [Commits](pion/transport@v2.2.5...v2.2.10)

---
updated-dependencies:
- dependency-name: github.com/pion/transport/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/adrg/xdg from 0.4.0 to 0.5.0

Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/go-chi/chi/v5 from 5.0.12 to 5.1.0

Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.12 to 5.1.0.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.0.12...v5.1.0)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update to v5.17.0

* fix: use sync.Map in request to packet conn server

* update to v5.17.1

* Feat: add special handling for /dev/fd address

to support socket activation

* fix windows build

* add more checks

* apply control func to activated sockets

* Add AllowInsecureIfPinnedPeerCertificate option to tls security

* Add pprof flag for debugging

* Use pprof build tag for pprof debugging

* Register pprof as a plugin

* Adjust default build set to remove pprof from default distribution

* Chore: bump golang.org/x/crypto from 0.26.0 to 0.27.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.27.0.
- [Commits](golang/crypto@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump github.com/jhump/protoreflect from 1.16.0 to 1.17.0

Bumps [github.com/jhump/protoreflect](https://github.com/jhump/protoreflect) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/jhump/protoreflect/releases)
- [Commits](jhump/protoreflect@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/jhump/protoreflect
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump golang.org/x/net from 0.28.0 to 0.29.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.29.0.
- [Commits](golang/net@v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Chore: bump google.golang.org/grpc from 1.65.0 to 1.66.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.65.0 to 1.66.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.65.0...v1.66.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Add Add Hysteria2 Protocol

* update generated protocol for grpc transport

* removed unused hy2 config

* Add back tls certChainHash command

* Some fixes about Hysteria 2 (v2fly#3147)

* hysteria2: remove unused code

* hysteria2: don't ignore some errors

* hysteria2: properly implement TCP request padding

* hysteria2: fix dialer reuse

* update version to v5.18.0

* Add packetEncoding for Hysteria 2

* Chore: bump google.golang.org/grpc from 1.66.0 to 1.66.2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.0 to 1.66.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.66.0...v1.66.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update Go version to v1.23

* Update Go mod toolchain to v1.22

* Chore: bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version to v5.19.0

* Add Testing for meek, grpc, httpUpgrade Transport (v2fly#3160)

* Add instance management based testing

* Add testing for meek transport

* Add testing for grpc, httpupgrade transport

* 新增ECH客户端支持 (v2fly#3162)

* Add ECH support

* Use internet.DialSystem()
Why not

* Many fixes

* add support for parsing some shadowsocks links (v2fly#3169)

* generate alert instead of panic when encountering incorrect listen on port 0 on IPv4 or v6 address (v2fly#3172)

* Chore: bump google.golang.org/grpc from 1.66.2 to 1.67.1 (v2fly#3175)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.2 to 1.67.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.66.2...v1.67.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update version to v5.20.0

* hysteria2, grpc: fix the use of GetTLSConfig (v2fly#3176)

* Fix tls.WithDestination ignoring IP address (v2fly#3177)

* Add Mekya Stereotype (v2fly#3185)

* Add mekya stereotype config

* Add mekya stereotype config: autogenerated

* add autogenerated files

* add mekya stereotype

* add mekya stereotype: fixup

* add mekya stereotype to default distro

* add mekya testing

* drop unsupported domain address type in packet addr (v2fly#3186)

* feat: add jsonpb marshallers (v2fly#3165)

* Chore: bump golang.org/x/net from 0.29.0 to 0.30.0 (v2fly#3178)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.29.0 to 0.30.0.
- [Commits](golang/net@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/pires/go-proxyproto from 0.7.0 to 0.8.0 (v2fly#3183)

Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/pires/go-proxyproto/releases)
- [Commits](pires/go-proxyproto@v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/pires/go-proxyproto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (v2fly#3181)

Bumps google.golang.org/protobuf from 1.34.2 to 1.35.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/go-playground/validator/v10 (v2fly#3150)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.22.0 to 10.22.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.22.0...v10.22.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix the use of ServerName in ECH config (v2fly#3188)

* update version to v5.21.0

* fix infinite loop when parsing empty nonnative subscription content (v2fly#3208)

* Chore: bump github.com/quic-go/quic-go from 0.47.0 to 0.48.1 (v2fly#3201)

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.47.0 to 0.48.1.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.47.0...v0.48.1)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (v2fly#3193)

Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update version to v5.22.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dyhkwong <50692134+dyhkwong@users.noreply.github.com>
Co-authored-by: Vigilans <vigilans@foxmail.com>
Co-authored-by: mkmark <mark@mkmark.net>
Co-authored-by: povsister <povsister@foxmail.com>
Co-authored-by: Kaede Akino <i@akinokae.de>
Co-authored-by: unknowndevQwQ <unknowndevQwQ@pm.me>
Co-authored-by: Xiaokang Wang (Shelikhoo) <xiaokangwang@outlook.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Misaki Kasumi <misakikasumi@outlook.com>
Co-authored-by: sunshineplan <sunshineplan@users.noreply.github.com>
Co-authored-by: Jimmy Huang <jimmyhuang454@gmail.com>
Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
Co-authored-by: Kasefuchs <kasefuchs@protonmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant