From d49b38b00f03c7c5a2f29fb7f639dcbee46c9461 Mon Sep 17 00:00:00 2001 From: Kr328 Date: Mon, 13 Sep 2021 23:43:28 +0800 Subject: [PATCH 1/6] Fix: should not unmarshal to pointer (#1615) --- config/config.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index 82417512..004a935f 100644 --- a/config/config.go +++ b/config/config.go @@ -22,7 +22,7 @@ import ( R "github.com/Dreamacro/clash/rule" T "github.com/Dreamacro/clash/tunnel" - yaml "gopkg.in/yaml.v2" + "gopkg.in/yaml.v2" ) // General config @@ -188,7 +188,7 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) { }, } - if err := yaml.Unmarshal(buf, &rawCfg); err != nil { + if err := yaml.Unmarshal(buf, rawCfg); err != nil { return nil, err } From beb88cc46f01e2215934441287f1a553a9290e16 Mon Sep 17 00:00:00 2001 From: Kr328 Date: Mon, 13 Sep 2021 23:46:39 +0800 Subject: [PATCH 2/6] Fix: should not trust address of http.Client (#1616) --- adapter/inbound/http.go | 4 ++-- listener/http/client.go | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/adapter/inbound/http.go b/adapter/inbound/http.go index 94b9fc21..89960cf3 100644 --- a/adapter/inbound/http.go +++ b/adapter/inbound/http.go @@ -9,8 +9,8 @@ import ( ) // NewHTTP receive normal http request and return HTTPContext -func NewHTTP(target string, source net.Addr, conn net.Conn) *context.ConnContext { - metadata := parseSocksAddr(socks5.ParseAddr(target)) +func NewHTTP(target socks5.Addr, source net.Addr, conn net.Conn) *context.ConnContext { + metadata := parseSocksAddr(target) metadata.NetWork = C.TCP metadata.Type = C.HTTP if ip, port, err := parseAddr(source.String()); err == nil { diff --git a/listener/http/client.go b/listener/http/client.go index 3b5fd384..15078b0a 100644 --- a/listener/http/client.go +++ b/listener/http/client.go @@ -9,6 +9,7 @@ import ( "github.com/Dreamacro/clash/adapter/inbound" C "github.com/Dreamacro/clash/constant" + "github.com/Dreamacro/clash/transport/socks5" ) func newClient(source net.Addr, in chan<- C.ConnContext) *http.Client { @@ -25,9 +26,14 @@ func newClient(source net.Addr, in chan<- C.ConnContext) *http.Client { return nil, errors.New("unsupported network " + network) } + dstAddr := socks5.ParseAddr(address) + if dstAddr == nil { + return nil, socks5.ErrAddressNotSupported + } + left, right := net.Pipe() - in <- inbound.NewHTTP(address, source, right) + in <- inbound.NewHTTP(dstAddr, source, right) return left, nil }, From 55600c49c9299744c2c3d67dc72ac0d798bc3437 Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Mon, 13 Sep 2021 23:58:34 +0800 Subject: [PATCH 3/6] Fix: potential pitfalls --- dns/client.go | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/dns/client.go b/dns/client.go index d386ed4c..6a54f9fa 100644 --- a/dns/client.go +++ b/dns/client.go @@ -20,15 +20,20 @@ type client struct { host string } -func (c *client) Exchange(m *D.Msg) (msg *D.Msg, err error) { +func (c *client) Exchange(m *D.Msg) (*D.Msg, error) { return c.ExchangeContext(context.Background(), m) } -func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error) { - var ip net.IP +func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error) { + var ( + ip net.IP + err error + ) if c.r == nil { // a default ip dns - ip = net.ParseIP(c.host) + if ip = net.ParseIP(c.host); ip == nil { + return nil, fmt.Errorf("dns %s not a valid ip", c.host) + } } else { if ip, err = resolver.ResolveIPWithResolver(c.host, c.r); err != nil { return nil, fmt.Errorf("use default dns resolve failed: %w", err) @@ -58,7 +63,7 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err conn = tls.Client(conn, c.Client.TLSConfig) } - msg, _, err = c.Client.ExchangeWithConn(m, &D.Conn{ + msg, _, err := c.Client.ExchangeWithConn(m, &D.Conn{ Conn: conn, UDPSize: c.Client.UDPSize, TsigSecret: c.Client.TsigSecret, From f5806d92639db21a86a8f8418995ba7a47d8bcf3 Mon Sep 17 00:00:00 2001 From: Xuen Li Date: Tue, 14 Sep 2021 00:08:23 +0800 Subject: [PATCH 4/6] Fix: http/https proxy authentication (#1613) --- listener/http/proxy.go | 12 ++++++------ listener/http/utils.go | 16 ++++++++-------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/listener/http/proxy.go b/listener/http/proxy.go index 449658ca..229106df 100644 --- a/listener/http/proxy.go +++ b/listener/http/proxy.go @@ -63,8 +63,8 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache) { request.RequestURI = "" - RemoveHopByHopHeaders(request.Header) - RemoveExtraHTTPHostPort(request) + removeHopByHopHeaders(request.Header) + removeExtraHTTPHostPort(request) if request.URL.Scheme == "" || request.URL.Host == "" { resp = responseWith(http.StatusBadRequest) @@ -74,9 +74,9 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache) { resp = responseWith(http.StatusBadGateway) } } - } - RemoveHopByHopHeaders(resp.Header) + removeHopByHopHeaders(resp.Header) + } if keepAlive { resp.Header.Set("Proxy-Connection", "keep-alive") @@ -98,7 +98,7 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache) { func authenticate(request *http.Request, cache *cache.Cache) *http.Response { authenticator := authStore.Authenticator() if authenticator != nil { - credential := ParseBasicProxyAuthorization(request) + credential := parseBasicProxyAuthorization(request) if credential == "" { resp := responseWith(http.StatusProxyAuthRequired) resp.Header.Set("Proxy-Authenticate", "Basic") @@ -107,7 +107,7 @@ func authenticate(request *http.Request, cache *cache.Cache) *http.Response { var authed interface{} if authed = cache.Get(credential); authed == nil { - user, pass, err := DecodeBasicProxyAuthorization(credential) + user, pass, err := decodeBasicProxyAuthorization(credential) authed = err == nil && authenticator.Verify(user, pass) cache.Put(credential, authed, time.Minute) } diff --git a/listener/http/utils.go b/listener/http/utils.go index f3d7840c..17760799 100644 --- a/listener/http/utils.go +++ b/listener/http/utils.go @@ -8,8 +8,8 @@ import ( "strings" ) -// RemoveHopByHopHeaders remove hop-by-hop header -func RemoveHopByHopHeaders(header http.Header) { +// removeHopByHopHeaders remove hop-by-hop header +func removeHopByHopHeaders(header http.Header) { // Strip hop-by-hop header based on RFC: // http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1 // https://www.mnot.net/blog/2011/07/11/what_proxies_must_do @@ -32,9 +32,9 @@ func RemoveHopByHopHeaders(header http.Header) { } } -// RemoveExtraHTTPHostPort remove extra host port (example.com:80 --> example.com) +// removeExtraHTTPHostPort remove extra host port (example.com:80 --> example.com) // It resolves the behavior of some HTTP servers that do not handle host:80 (e.g. baidu.com) -func RemoveExtraHTTPHostPort(req *http.Request) { +func removeExtraHTTPHostPort(req *http.Request) { host := req.Host if host == "" { host = req.URL.Host @@ -48,8 +48,8 @@ func RemoveExtraHTTPHostPort(req *http.Request) { req.URL.Host = host } -// ParseBasicProxyAuthorization parse header Proxy-Authorization and return base64-encoded credential -func ParseBasicProxyAuthorization(request *http.Request) string { +// parseBasicProxyAuthorization parse header Proxy-Authorization and return base64-encoded credential +func parseBasicProxyAuthorization(request *http.Request) string { value := request.Header.Get("Proxy-Authorization") if !strings.HasPrefix(value, "Basic ") { return "" @@ -58,8 +58,8 @@ func ParseBasicProxyAuthorization(request *http.Request) string { return value[6:] // value[len("Basic "):] } -// DecodeBasicProxyAuthorization decode base64-encoded credential -func DecodeBasicProxyAuthorization(credential string) (string, string, error) { +// decodeBasicProxyAuthorization decode base64-encoded credential +func decodeBasicProxyAuthorization(credential string) (string, string, error) { plain, err := base64.StdEncoding.DecodeString(credential) if err != nil { return "", "", err From b0f83e401f612d294d456730286be2ca44c82bf8 Mon Sep 17 00:00:00 2001 From: Excited Codes <61885669+ExcitedCodes@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:45:57 +0800 Subject: [PATCH 5/6] Fix: socks4 request continues after authentication failed (#1624) --- transport/socks4/socks4.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/transport/socks4/socks4.go b/transport/socks4/socks4.go index c6b2f2db..c06bea20 100644 --- a/transport/socks4/socks4.go +++ b/transport/socks4/socks4.go @@ -91,6 +91,7 @@ func ServerHandshake(rw io.ReadWriter, authenticator auth.Authenticator) (addr s code = RequestGranted } else { code = RequestIdentdMismatched + err = ErrRequestIdentdMismatched } var reply [8]byte @@ -99,7 +100,10 @@ func ServerHandshake(rw io.ReadWriter, authenticator auth.Authenticator) (addr s copy(reply[4:8], dstIP) copy(reply[2:4], dstPort) - _, err = rw.Write(reply[:]) + _, wErr := rw.Write(reply[:]) + if err == nil { + err = wErr + } return } From b3cd4ebbd3c34697c9fe87f7f536421ada5004cf Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Wed, 15 Sep 2021 20:21:30 +0800 Subject: [PATCH 6/6] Fix: use 1.17.x on github actions --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index d8a514ea..2b9366f9 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.17 + go-version: 1.17.x - name: Check out code into the Go module directory uses: actions/checkout@v2