Merge ee1e4d33f8 into d1a9bcc4fb

fix possible null pointer dereference
cppcheck reports: network.cpp:1717:22: error: Null pointer dereference: payload [ctunullpointer] memcpy(tcp_data, payload, payloadlen); ^ client.cpp:193:22: note: Calling function send_raw0, 2nd argument is null send_raw0(raw_info, 0, 0); ^ network.cpp:2534:20: note: Calling function send_raw_tcp, 2nd argument is null return send_raw_tcp(raw_info, payload, payloadlen); ^ network.cpp:1717:22: note: Dereferencing argument payload that is null memcpy(tcp_data, payload, payloadlen); ^
2025-09-21 22:54:27 +08:00 · 2023-10-08 11:39:27 +08:00 · 2023-10-08 11:37:35 +08:00
4 changed files with 18 additions and 4 deletions
--- a/13
+++ b/13
@@ -0,0 +1,13 @@
+FROM alpine:3.6 as builder
+
+WORKDIR /
+
+RUN apk add --no-cache git  build-base linux-headers && \
+ git clone https://github.com/wangyu-/udp2raw-tunnel.git  && \
+ cd udp2raw-tunnel && \
+ make dynamic
+
+FROM alpine:3.6
+RUN apk add --no-cache libstdc++ iptables
+COPY --from=builder /udp2raw-tunnel/udp2raw_dynamic /bin/
+ENTRYPOINT [ "/bin/udp2raw_dynamic" ]
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@ Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your
 Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.

 ### Note
-To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki/Android-Guide)
+To run on Android, check [Android_Guide](/doc/android_guide.md)

 `-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relies on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.

--- a/connection.cpp
+++ b/connection.cpp
@@ -435,7 +435,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len)  //
        if (cipher_mode == cipher_xor) {
            send_data_buf2[0] ^= gro_xor[0];
            send_data_buf2[1] ^= gro_xor[1];
-        } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
+        } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
            aes_ecb_encrypt1(send_data_buf2);
        }
    }
@@ -586,7 +586,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
            if (cipher_mode == cipher_xor) {
                recv_data[0] ^= gro_xor[0];
                recv_data[1] ^= gro_xor[1];
-            } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
+            } else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
                aes_ecb_decrypt1(recv_data);
            }
            single_len = read_u16(recv_data);
--- a/network.cpp
+++ b/network.cpp
@@ -1714,7 +1714,8 @@ int send_raw_tcp(raw_info_t &raw_info, const char *payload, int payloadlen) {  /

    char *tcp_data = send_raw_tcp_buf + +tcph->doff * 4;

-    memcpy(tcp_data, payload, payloadlen);
+    if (payload)
+        memcpy(tcp_data, payload, payloadlen);
    int tcp_totlen = tcph->doff * 4 + payloadlen;

    if (raw_ip_version == AF_INET) {