From b21b8ee046a83b9661d0e8cb55f25887950cb2e8 Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Wed, 16 Apr 2025 22:22:56 +0800
Subject: [PATCH] fix: panic in ssr packet

---
 transport/shadowsocks/shadowstream/packet.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/transport/shadowsocks/shadowstream/packet.go b/transport/shadowsocks/shadowstream/packet.go
index 39d09a70..f8cd7e61 100644
--- a/transport/shadowsocks/shadowstream/packet.go
+++ b/transport/shadowsocks/shadowstream/packet.go
@@ -29,6 +29,18 @@ func Pack(dst, plaintext []byte, s Cipher) ([]byte, error) {
 	return dst[:len(iv)+len(plaintext)], nil
 }
 
+// UnpackInplace decrypts pkt using stream cipher s.
+// Returns a slice of pkt containing decrypted plaintext.
+// Note: The data in the input dst will be changed
+func UnpackInplace(pkt []byte, s Cipher) ([]byte, error) {
+	if len(pkt) < s.IVSize() {
+		return nil, ErrShortPacket
+	}
+	iv, dst := pkt[:s.IVSize()], pkt[s.IVSize():]
+	s.Decrypter(iv).XORKeyStream(dst, dst)
+	return dst, nil
+}
+
 // Unpack decrypts pkt using stream cipher s.
 // Returns a slice of dst containing decrypted plaintext.
 func Unpack(dst, pkt []byte, s Cipher) ([]byte, error) {
@@ -71,7 +83,7 @@ func (c *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	if err != nil {
 		return n, addr, err
 	}
-	bb, err := Unpack(b[c.IVSize():], b[:n], c.Cipher)
+	bb, err := UnpackInplace(b[:n], c.Cipher)
 	if err != nil {
 		return n, addr, err
 	}
@@ -84,7 +96,7 @@ func (c *PacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err
 	if err != nil {
 		return
 	}
-	data, err = Unpack(data[c.IVSize():], data, c)
+	data, err = UnpackInplace(data, c.Cipher)
 	if err != nil {
 		if put != nil {
 			put()