From 6aa585c22870adb0902729462dc2010e38bcb949 Mon Sep 17 00:00:00 2001
From: NI <nirui@gmx.com>
Date: Thu, 19 Sep 2019 14:48:19 +0800
Subject: [PATCH] Use more accurate size to verify payload length

---
 application/controller/socket.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/application/controller/socket.go b/application/controller/socket.go
index 4b79213..6ad8cf5 100644
--- a/application/controller/socket.go
+++ b/application/controller/socket.go
@@ -354,11 +354,11 @@ func (s socket) Get(
 
 	// Start service
 	const cipherReadBufSize = 4096
+	const cipherMaxDataPayloadLen = cipherReadBufSize - 2
 
 	cipherReadBuf := [cipherReadBufSize]byte{}
 	cipherWriteBuf := [cipherReadBufSize]byte{}
-
-	maxWriteLen := cipherReadBufSize - (writeCipher.Overhead() + 2)
+	maxWriteLen := int(cipherReadBufSize) - (writeCipher.Overhead() + 2)
 
 	senderLock := sync.Mutex{}
 	cmdExec, cmdExecErr := s.commander.New(
@@ -381,7 +381,7 @@ func (s socket) Get(
 			packageSize <<= 8
 			packageSize |= uint16(cipherReadBuf[1])
 
-			if packageSize <= 0 {
+			if packageSize <= 0 || packageSize > cipherMaxDataPayloadLen {
 				return nil, ErrSocketInvalidDataPackage
 			}
 
@@ -392,11 +392,8 @@ func (s socket) Get(
 					return nil, rErr
 				}
 
-				return readCipher.Open(rData[:0], readNonce[:], rData, nil)
-			}
-
-			if packageSize > cipherReadBufSize {
-				return nil, ErrSocketInvalidDataPackage
+				return readCipher.Open(
+					cipherReadBuf[:0], readNonce[:], rData, nil)
 			}
 
 			_, rErr = io.ReadFull(&wsReader, cipherReadBuf[:packageSize])