From 6cd0e58fd03f362ff98380f07746653ca9a365c7 Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Sun, 22 Oct 2023 23:39:46 +0800
Subject: [PATCH] fix: ssr panic

---
 transport/ssr/protocol/auth_chain_a.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/transport/ssr/protocol/auth_chain_a.go b/transport/ssr/protocol/auth_chain_a.go
index 23efb390..12345db6 100644
--- a/transport/ssr/protocol/auth_chain_a.go
+++ b/transport/ssr/protocol/auth_chain_a.go
@@ -7,6 +7,7 @@ import (
 	"crypto/rc4"
 	"encoding/base64"
 	"encoding/binary"
+	"errors"
 	"net"
 	"strconv"
 	"strings"
@@ -107,6 +108,10 @@ func (a *authChainA) Decode(dst, src *bytes.Buffer) error {
 		dataLength := int(binary.LittleEndian.Uint16(src.Bytes()[:2]) ^ binary.LittleEndian.Uint16(a.lastServerHash[14:16]))
 		randDataLength := a.randDataLength(dataLength, a.lastServerHash, &a.randomServer)
 		length := dataLength + randDataLength
+		// Temporary workaround for https://github.com/Dreamacro/clash/issues/1352
+		if dataLength < 0 || randDataLength < 0 || length < 0 {
+			return errors.New("ssr crashing blocked")
+		}
 
 		if length >= 4096 {
 			a.rawTrans = true
@@ -130,6 +135,11 @@ func (a *authChainA) Decode(dst, src *bytes.Buffer) error {
 		if dataLength > 0 && randDataLength > 0 {
 			pos += getRandStartPos(randDataLength, &a.randomServer)
 		}
+		// Temporary workaround for https://github.com/Dreamacro/clash/issues/1352
+		if pos < 0 || pos+dataLength < 0 || dataLength < 0 {
+			return errors.New("ssr crashing blocked")
+		}
+
 		wantedData := src.Bytes()[pos : pos+dataLength]
 		a.decrypter.XORKeyStream(wantedData, wantedData)
 		if a.recvID == 1 {