Skip to content

security: harden protocol parsing and resource limits#149

Open
zytakeshi wants to merge 2 commits into
cfal:masterfrom
zytakeshi:codex/security-hardening-protocols
Open

security: harden protocol parsing and resource limits#149
zytakeshi wants to merge 2 commits into
cfal:masterfrom
zytakeshi:codex/security-hardening-protocols

Conversation

@zytakeshi
Copy link
Copy Markdown

@zytakeshi zytakeshi commented Jun 3, 2026

Summary

  • Harden protocol parsers and authentication paths across ShadowTLS, Hysteria2, TUIC, VLESS, VMess, XUDP, WebSocket, AnyTLS, REALITY, SOCKS, HTTP, and Shadowsocks.
  • Add bounded resource caches/session tables, replay/nonce protections, release-mode bounds checks, and config/debug redaction.
  • Bump package version to 0.2.9 and add direct zeroize dependency for REALITY secret cleanup.

Changes

  • Protocol parsing: guard short/truncated frames, padding underflow, VMess AEAD header length, TUIC/Hysteria2 datagrams, VLESS varints, ShadowTLS zero-payload frames, WebSocket control frames.
  • Crypto/auth: constant-time comparisons, VMess auth-ID replay cache, VMess nonce exhaustion error, REALITY key zeroization and generic auth failure logs.
  • Resource limits: bounded DNS caches, worker queues, AnyTLS streams, TUIC/Hysteria2 UDP sessions, XUDP sessions, and TUIC fragment reassembly.
  • Runtime hardening: FFI startup defaults, write_all WriteZero handling, SlideBuffer release asserts, hot-reload error handling, and redacted config Debug output.

Verification

  • cargo fmt --all --check
  • git diff --check
  • cargo check --locked --lib
  • cargo test --locked --lib
  • cargo test --locked --bins
  • cargo test --locked --release --lib vmess::vmess_stream::tests::test_try_decrypt_rejects_padding_larger_than_data_len
  • cargo test --locked --release --lib xudp::message_stream::tests::skips_many_empty_frames_without_recursing
  • cargo check --locked --target aarch64-apple-ios --features ffi --lib

Notes

  • Existing warnings remain for unused interface variables in socket_util.rs and Rust 2024 unsafe-op warnings in ffi/ios.rs; they do not fail the checked builds.
  • This PR branch also includes the existing local SS2022 clock-skew commit already ahead of upstream.

@claude
shadowsocks: Align SS2022 timestamp check with SIP022 ±30s window
cf75684 
The AEAD-2022 header timestamp validation used an asymmetric window:
up to 30 seconds in the past, but only 2 seconds in the future. SIP022
specifies a single tolerance ("not more than 30 seconds away"), applied
in both directions, and the 60-second salt replay cache is sized for a
±30s window.

The 2-second future cap rejected peers whose clock ran only slightly
ahead (NTP drift, unsynced/virtualized hosts), failing the handshake
with "timestamp is N seconds in the future" even though the spec would
accept anything within 30 seconds. Replace both request- and
response-header checks with a symmetric abs_diff > 30 check.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@zytakeshi zytakeshi force-pushed the codex/security-hardening-protocols branch from 9096ce4 to 7f145b8 Compare June 3, 2026 00:58
@zytakeshi zytakeshi force-pushed the codex/security-hardening-protocols branch from 7f145b8 to 618ff45 Compare June 3, 2026 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zytakeshi