Fix infinite loop when parsing empty nonnative subscription content #3208
+4
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nervmor
added a commit
to nervmor/v2ray-core
that referenced
this pull request
Nov 11, 2024
* Always use a DNS Message ID of 0 for DoH and DoQ * Fix DNS servers with same tag wrongly merged * Do not include index in when adding slice to tree path * Support "services" root config in cfgv4 * feat: packet_encoding for v4 config * Fix HTTP2 proxy client with uTLS * fix fallbackTag missing on leastping balancer This fix fallbackTag not working when balancer type is set to "leastping" * Fix `transportcommon.ListenWithSecuritySettings` * feat: add MPTCP support * feat: check the network is TCP before set MPTCP This actually won't have any impact * style: remove random trailing spaces 更改配置文件时在 config.json 发现一个,顺便看到 debina 更改日志里也有一个。 * Add (Experimental) Meyka Building Blocks to request Transport (v2fly#3120) * add packetconn assembler * let kcp use environment dependency injection * Add destination override to simplified setting * add dtls dialer * add dtls listener * add dtls to default * fix bugs * add debug options to freedom outbound * fix kcp test failure for transport environment * Chore: bump github.com/miekg/dns from 1.1.59 to 1.1.62 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.59 to 1.1.62. - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.59...v1.1.62) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/quic-go/quic-go from 0.43.0 to 0.46.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.43.0 to 0.46.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](quic-go/quic-go@v0.43.0...v0.46.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/refraction-networking/utls from 1.6.5 to 1.6.7 Bumps [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls) from 1.6.5 to 1.6.7. - [Release notes](https://github.com/refraction-networking/utls/releases) - [Commits](refraction-networking/utls@v1.6.5...v1.6.7) --- updated-dependencies: - dependency-name: github.com/refraction-networking/utls dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix packetconn assembler does not close incoming packet processor * Chore: bump golang.org/x/sys from 0.19.0 to 0.24.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.24.0. - [Commits](golang/sys@v0.19.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump golang.org/x/net from 0.24.0 to 0.28.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.28.0. - [Commits](golang/net@v0.24.0...v0.28.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump google.golang.org/grpc from 1.63.2 to 1.65.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.65.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.63.2...v1.65.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump google.golang.org/protobuf from 1.34.0 to 1.34.2 Bumps google.golang.org/protobuf from 1.34.0 to 1.34.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/gorilla/websocket from 1.5.1 to 1.5.3 Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.1 to 1.5.3. - [Release notes](https://github.com/gorilla/websocket/releases) - [Commits](gorilla/websocket@v1.5.1...v1.5.3) --- updated-dependencies: - dependency-name: github.com/gorilla/websocket dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/go-playground/validator/v10 Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.20.0 to 10.22.0. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](go-playground/validator@v10.20.0...v10.22.0) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/pion/dtls/v2 from 2.2.7 to 2.2.12 Bumps [github.com/pion/dtls/v2](https://github.com/pion/dtls) from 2.2.7 to 2.2.12. - [Release notes](https://github.com/pion/dtls/releases) - [Changelog](https://github.com/pion/dtls/blob/master/.goreleaser.yml) - [Commits](pion/dtls@v2.2.7...v2.2.12) --- updated-dependencies: - dependency-name: github.com/pion/dtls/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/pion/transport/v2 from 2.2.5 to 2.2.10 Bumps [github.com/pion/transport/v2](https://github.com/pion/transport) from 2.2.5 to 2.2.10. - [Release notes](https://github.com/pion/transport/releases) - [Changelog](https://github.com/pion/transport/blob/master/.goreleaser.yml) - [Commits](pion/transport@v2.2.5...v2.2.10) --- updated-dependencies: - dependency-name: github.com/pion/transport/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/adrg/xdg from 0.4.0 to 0.5.0 Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/adrg/xdg/releases) - [Commits](adrg/xdg@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: github.com/adrg/xdg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/go-chi/chi/v5 from 5.0.12 to 5.1.0 Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.12 to 5.1.0. - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.0.12...v5.1.0) --- updated-dependencies: - dependency-name: github.com/go-chi/chi/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * update to v5.17.0 * fix: use sync.Map in request to packet conn server * update to v5.17.1 * Feat: add special handling for /dev/fd address to support socket activation * fix windows build * add more checks * apply control func to activated sockets * Add AllowInsecureIfPinnedPeerCertificate option to tls security * Add pprof flag for debugging * Use pprof build tag for pprof debugging * Register pprof as a plugin * Adjust default build set to remove pprof from default distribution * Chore: bump golang.org/x/crypto from 0.26.0 to 0.27.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.27.0. - [Commits](golang/crypto@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump github.com/jhump/protoreflect from 1.16.0 to 1.17.0 Bumps [github.com/jhump/protoreflect](https://github.com/jhump/protoreflect) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/jhump/protoreflect/releases) - [Commits](jhump/protoreflect@v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/jhump/protoreflect dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump golang.org/x/net from 0.28.0 to 0.29.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.29.0. - [Commits](golang/net@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Chore: bump google.golang.org/grpc from 1.65.0 to 1.66.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.65.0 to 1.66.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.65.0...v1.66.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add Add Hysteria2 Protocol * update generated protocol for grpc transport * removed unused hy2 config * Add back tls certChainHash command * Some fixes about Hysteria 2 (v2fly#3147) * hysteria2: remove unused code * hysteria2: don't ignore some errors * hysteria2: properly implement TCP request padding * hysteria2: fix dialer reuse * update version to v5.18.0 * Add packetEncoding for Hysteria 2 * Chore: bump google.golang.org/grpc from 1.66.0 to 1.66.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.0 to 1.66.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.66.0...v1.66.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update Go version to v1.23 * Update Go mod toolchain to v1.22 * Chore: bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.46.0 to 0.47.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](quic-go/quic-go@v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * update version to v5.19.0 * Add Testing for meek, grpc, httpUpgrade Transport (v2fly#3160) * Add instance management based testing * Add testing for meek transport * Add testing for grpc, httpupgrade transport * 新增ECH客户端支持 (v2fly#3162) * Add ECH support * Use internet.DialSystem() Why not * Many fixes * add support for parsing some shadowsocks links (v2fly#3169) * generate alert instead of panic when encountering incorrect listen on port 0 on IPv4 or v6 address (v2fly#3172) * Chore: bump google.golang.org/grpc from 1.66.2 to 1.67.1 (v2fly#3175) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.2 to 1.67.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.66.2...v1.67.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update version to v5.20.0 * hysteria2, grpc: fix the use of GetTLSConfig (v2fly#3176) * Fix tls.WithDestination ignoring IP address (v2fly#3177) * Add Mekya Stereotype (v2fly#3185) * Add mekya stereotype config * Add mekya stereotype config: autogenerated * add autogenerated files * add mekya stereotype * add mekya stereotype: fixup * add mekya stereotype to default distro * add mekya testing * drop unsupported domain address type in packet addr (v2fly#3186) * feat: add jsonpb marshallers (v2fly#3165) * Chore: bump golang.org/x/net from 0.29.0 to 0.30.0 (v2fly#3178) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.29.0 to 0.30.0. - [Commits](golang/net@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: bump github.com/pires/go-proxyproto from 0.7.0 to 0.8.0 (v2fly#3183) Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/pires/go-proxyproto/releases) - [Commits](pires/go-proxyproto@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/pires/go-proxyproto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (v2fly#3181) Bumps google.golang.org/protobuf from 1.34.2 to 1.35.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: bump github.com/go-playground/validator/v10 (v2fly#3150) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.22.0 to 10.22.1. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](go-playground/validator@v10.22.0...v10.22.1) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix the use of ServerName in ECH config (v2fly#3188) * update version to v5.21.0 * fix infinite loop when parsing empty nonnative subscription content (v2fly#3208) * Chore: bump github.com/quic-go/quic-go from 0.47.0 to 0.48.1 (v2fly#3201) Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.47.0 to 0.48.1. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](quic-go/quic-go@v0.47.0...v0.48.1) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (v2fly#3193) Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/adrg/xdg/releases) - [Commits](adrg/xdg@v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/adrg/xdg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update version to v5.22.0 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dyhkwong <[email protected]> Co-authored-by: Vigilans <[email protected]> Co-authored-by: mkmark <[email protected]> Co-authored-by: povsister <[email protected]> Co-authored-by: Kaede Akino <[email protected]> Co-authored-by: unknowndevQwQ <[email protected]> Co-authored-by: Xiaokang Wang (Shelikhoo) <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Misaki Kasumi <[email protected]> Co-authored-by: sunshineplan <[email protected]> Co-authored-by: Jimmy Huang <[email protected]> Co-authored-by: 风扇滑翔翼 <[email protected]> Co-authored-by: Kasefuchs <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request fixes issue mentioned in #3206 that there is an infinite loop when vmess link are processed.
Root cause of error: an empty string is a valid base64 string, thus triggering an infinite processing loop.