mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-12 15:46:06 +00:00
fix(link): strip query and trailing slash when parsing ss:// port (#5895)
* fix(link): strip query and trailing slash when parsing ss:// port Subscription-provided Shadowsocks links use the SIP002 form ss://userinfo@host:port[/][?plugin=...]#tag. parseShadowsocks only stripped the #fragment, so a "?plugin=" / "?type=" query and the optional trailing slash leaked into the host:port split, strconv.Atoi failed, and the port was silently set to 0 (the error was discarded). Direct link import was unaffected because it runs through the frontend parser, which already handles this. Strip the query and the trailing slash before splitting host:port, mirroring the frontend outbound-link-parser and the SIP002 grammar. This complements #5432, which fixed the SS2022 generation side. Add table-driven parseShadowsocks tests covering modern, legacy, base64url userinfo, the SIP002 slash+plugin form, and SIP022 percent-encoded userinfo with a dual-key password. * fix(link): surface ss:// port parse errors instead of defaulting to 0 The modern and legacy Shadowsocks branches discarded the strconv.Atoi error when reading the port, silently yielding port 0 for any malformed host:port. Return a parse error instead, matching defaultPort's existing pattern in this file, so a bad link is skipped by ParseSubscriptionBody rather than injected as an unusable port-0 outbound.
This commit is contained in:
@@ -338,12 +338,15 @@ func parseShadowsocks(link string) (*ParseResult, error) {
|
||||
remark, _ = url.QueryUnescape(link[i+1:])
|
||||
link = link[:i]
|
||||
}
|
||||
if i := strings.Index(link, "?"); i >= 0 {
|
||||
link = link[:i]
|
||||
}
|
||||
core := strings.TrimPrefix(link, "ss://")
|
||||
at := strings.Index(core, "@")
|
||||
if at >= 0 {
|
||||
// modern
|
||||
userB64 := core[:at]
|
||||
hp := core[at+1:]
|
||||
hp := strings.TrimRight(core[at+1:], "/")
|
||||
userInfo, err := base64DecodeFlexible(userB64)
|
||||
if err != nil {
|
||||
// SIP022 (2022-blake3-*) userinfo is percent-encoded, not base64.
|
||||
@@ -358,7 +361,10 @@ func parseShadowsocks(link string) (*ParseResult, error) {
|
||||
return nil, fmt.Errorf("bad ss host:port")
|
||||
}
|
||||
host := hp[:colon]
|
||||
port, _ := strconv.Atoi(hp[colon+1:])
|
||||
port, err := strconv.Atoi(hp[colon+1:])
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("bad ss port %q: %w", hp[colon+1:], err)
|
||||
}
|
||||
method, pass := splitMethodPass(userInfo)
|
||||
identity := "ss:" + method + ":" + pass + "@" + host + ":" + strconv.Itoa(port)
|
||||
ob := Outbound{
|
||||
@@ -388,7 +394,10 @@ func parseShadowsocks(link string) (*ParseResult, error) {
|
||||
return nil, fmt.Errorf("bad legacy ss hp")
|
||||
}
|
||||
host := hp[:colon]
|
||||
port, _ := strconv.Atoi(hp[colon+1:])
|
||||
port, err := strconv.Atoi(hp[colon+1:])
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("bad legacy ss port %q: %w", hp[colon+1:], err)
|
||||
}
|
||||
method, pass := splitMethodPass(userInfo)
|
||||
identity := "ss:" + method + ":" + pass + "@" + host + ":" + strconv.Itoa(port)
|
||||
ob := Outbound{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package link
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -113,6 +114,115 @@ func TestSanitizeFinalMaskQuicParams_ClampsAndRejects(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseShadowsocks(t *testing.T) {
|
||||
modernUser := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass"))
|
||||
legacyBody := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass@1.2.3.4:8388"))
|
||||
cases := []struct {
|
||||
name string
|
||||
link string
|
||||
host string
|
||||
port int
|
||||
method string
|
||||
pass string
|
||||
}{
|
||||
{
|
||||
name: "modern",
|
||||
link: "ss://" + modernUser + "@1.2.3.4:8388#node",
|
||||
host: "1.2.3.4",
|
||||
port: 8388,
|
||||
method: "aes-256-gcm",
|
||||
pass: "secretpass",
|
||||
},
|
||||
{
|
||||
name: "modern with plugin query",
|
||||
link: "ss://" + modernUser + "@1.2.3.4:8388?plugin=v2ray-plugin#node",
|
||||
host: "1.2.3.4",
|
||||
port: 8388,
|
||||
method: "aes-256-gcm",
|
||||
pass: "secretpass",
|
||||
},
|
||||
{
|
||||
name: "modern sip002 slash query",
|
||||
link: "ss://" + modernUser + "@1.2.3.4:8388/?plugin=obfs-local%3Bobfs%3Dhttp#node",
|
||||
host: "1.2.3.4",
|
||||
port: 8388,
|
||||
method: "aes-256-gcm",
|
||||
pass: "secretpass",
|
||||
},
|
||||
{
|
||||
name: "legacy",
|
||||
link: "ss://" + legacyBody + "#node",
|
||||
host: "1.2.3.4",
|
||||
port: 8388,
|
||||
method: "aes-256-gcm",
|
||||
pass: "secretpass",
|
||||
},
|
||||
{
|
||||
name: "base64url userinfo with plugin and trailing slash",
|
||||
link: "ss://" + base64.RawURLEncoding.EncodeToString([]byte("aes-128-gcm:pa+ss/word")) + "@1.2.3.4:8388/?plugin=obfs-local%3Bobfs%3Dhttp#node",
|
||||
host: "1.2.3.4",
|
||||
port: 8388,
|
||||
method: "aes-128-gcm",
|
||||
pass: "pa+ss/word",
|
||||
},
|
||||
{
|
||||
name: "sip022 percent-encoded userinfo",
|
||||
link: "ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%3D@example.com:8888#Example3",
|
||||
host: "example.com",
|
||||
port: 8888,
|
||||
method: "2022-blake3-aes-256-gcm",
|
||||
pass: "YctPZ6U7xPPcU+gp3u+0tx/tRizJN9K8y+uKlW2qjlI=",
|
||||
},
|
||||
{
|
||||
name: "sip022 dual-key password with type query preserves inner colon",
|
||||
link: "ss://2022-blake3-aes-256-gcm:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB%3D@1.2.3.4:9999?type=tcp#node",
|
||||
host: "1.2.3.4",
|
||||
port: 9999,
|
||||
method: "2022-blake3-aes-256-gcm",
|
||||
pass: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=",
|
||||
},
|
||||
}
|
||||
for _, c := range cases {
|
||||
t.Run(c.name, func(t *testing.T) {
|
||||
res, err := ParseLink(c.link)
|
||||
if err != nil {
|
||||
t.Fatalf("parse ss: %v", err)
|
||||
}
|
||||
if res.Outbound["protocol"] != "shadowsocks" {
|
||||
t.Fatalf("protocol = %v, want shadowsocks", res.Outbound["protocol"])
|
||||
}
|
||||
srv := res.Outbound["settings"].(map[string]any)["servers"].([]any)[0].(map[string]any)
|
||||
if srv["address"] != c.host {
|
||||
t.Errorf("address = %v, want %v", srv["address"], c.host)
|
||||
}
|
||||
if srv["port"] != c.port {
|
||||
t.Errorf("port = %v, want %v", srv["port"], c.port)
|
||||
}
|
||||
if srv["method"] != c.method {
|
||||
t.Errorf("method = %v, want %v", srv["method"], c.method)
|
||||
}
|
||||
if srv["password"] != c.pass {
|
||||
t.Errorf("password = %v, want %v", srv["password"], c.pass)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseShadowsocksBadPort(t *testing.T) {
|
||||
user := base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass"))
|
||||
cases := map[string]string{
|
||||
"modern": "ss://" + user + "@1.2.3.4:notaport#node",
|
||||
"legacy": "ss://" + base64.StdEncoding.EncodeToString([]byte("aes-256-gcm:secretpass@1.2.3.4:notaport")) + "#node",
|
||||
}
|
||||
for name, link := range cases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
if _, err := ParseLink(link); err == nil {
|
||||
t.Errorf("expected parse error for non-numeric port, got nil")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseSubscriptionBody_Base64(t *testing.T) {
|
||||
// base64 of the two joined links:
|
||||
// vless://u@h:443?type=tcp#A\nvless://u2@h2:443?type=tcp#B
|
||||
|
||||
Reference in New Issue
Block a user