From 59c59bcb17317f6861da07b30233631bd00a302a Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 17 Sep 2025 21:09:03 +0500 Subject: [PATCH] fix: Improve shadowsocks userinfo decoding with format validation and error handling` --- podkop/files/usr/lib/helpers.sh | 8 ++++++++ podkop/files/usr/lib/sing_box_config_facade.sh | 6 +++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/podkop/files/usr/lib/helpers.sh b/podkop/files/usr/lib/helpers.sh index fe3d616..3823510 100644 --- a/podkop/files/usr/lib/helpers.sh +++ b/podkop/files/usr/lib/helpers.sh @@ -40,6 +40,14 @@ is_base64() { return 1 } +# Checks if the given string looks like a Shadowsocks userinfo +is_shadowsocks_userinfo_format() { + local str="$1" + local regex='^[^:]+:[^:]+(:[^:]+)?$' + + [[ "$str" =~ $regex ]] +} + # Checks if the given file exists file_exists() { local filepath="$1" diff --git a/podkop/files/usr/lib/sing_box_config_facade.sh b/podkop/files/usr/lib/sing_box_config_facade.sh index 657ca7e..251afa1 100644 --- a/podkop/files/usr/lib/sing_box_config_facade.sh +++ b/podkop/files/usr/lib/sing_box_config_facade.sh @@ -131,8 +131,12 @@ sing_box_cf_add_proxy_outbound() { local userinfo tag host port method password udp_over_tcp userinfo=$(url_get_userinfo "$url") - if is_base64 "$userinfo"; then + if ! is_shadowsocks_userinfo_format "$userinfo"; then userinfo=$(base64_decode "$userinfo") + if [ $? -ne 0 ]; then + log "Cannot decode shadowsocks userinfo or it does not match the expected format. Aborted." "fatal" + exit 1 + fi fi tag=$(get_outbound_tag_by_section "$section")