From 59c59bcb17317f6861da07b30233631bd00a302a Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 17 Sep 2025 21:09:03 +0500 Subject: [PATCH 1/2] fix: Improve shadowsocks userinfo decoding with format validation and error handling` --- podkop/files/usr/lib/helpers.sh | 8 ++++++++ podkop/files/usr/lib/sing_box_config_facade.sh | 6 +++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/podkop/files/usr/lib/helpers.sh b/podkop/files/usr/lib/helpers.sh index fe3d616..3823510 100644 --- a/podkop/files/usr/lib/helpers.sh +++ b/podkop/files/usr/lib/helpers.sh @@ -40,6 +40,14 @@ is_base64() { return 1 } +# Checks if the given string looks like a Shadowsocks userinfo +is_shadowsocks_userinfo_format() { + local str="$1" + local regex='^[^:]+:[^:]+(:[^:]+)?$' + + [[ "$str" =~ $regex ]] +} + # Checks if the given file exists file_exists() { local filepath="$1" diff --git a/podkop/files/usr/lib/sing_box_config_facade.sh b/podkop/files/usr/lib/sing_box_config_facade.sh index 657ca7e..251afa1 100644 --- a/podkop/files/usr/lib/sing_box_config_facade.sh +++ b/podkop/files/usr/lib/sing_box_config_facade.sh @@ -131,8 +131,12 @@ sing_box_cf_add_proxy_outbound() { local userinfo tag host port method password udp_over_tcp userinfo=$(url_get_userinfo "$url") - if is_base64 "$userinfo"; then + if ! is_shadowsocks_userinfo_format "$userinfo"; then userinfo=$(base64_decode "$userinfo") + if [ $? -ne 0 ]; then + log "Cannot decode shadowsocks userinfo or it does not match the expected format. Aborted." "fatal" + exit 1 + fi fi tag=$(get_outbound_tag_by_section "$section") From 515c0be38b44ea6ddf189728ec244fad86445e81 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 17 Sep 2025 21:14:57 +0500 Subject: [PATCH 2/2] fix: revert changes from issue #148 --- podkop/files/usr/bin/podkop | 18 +++--------------- podkop/files/usr/lib/constants.sh | 3 +-- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 7062dab..cc1f22a 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -240,14 +240,8 @@ migration() { validate_service() { local service="$1" - for domain_service in $COMMUNITY_DOMAIN_SERVICES; do - if [ "$service" = "$domain_service" ]; then - return 0 - fi - done - - for subnet_service in $COMMUNITY_SUBNET_SERVICES; do - if [ "$service" = "$subnet_service" ]; then + for community_service in $COMMUNITY_SERVICES; do + if [ "$service" = "$community_service" ]; then return 0 fi done @@ -977,13 +971,7 @@ configure_community_list_handler() { config=$(sing_box_cm_add_remote_ruleset "$config" "$ruleset_tag" "$format" "$url" "$detour" "$update_interval") config=$(sing_box_cm_patch_route_rule "$config" "$route_rule_tag" "rule_set" "$ruleset_tag") - - for service in $COMMUNITY_DOMAIN_SERVICES; do - if [ "$tag" = "$service" ]; then - _add_ruleset_to_dns_rules "$ruleset_tag" - break - fi - done + _add_ruleset_to_dns_rules "$ruleset_tag" } configure_user_domain_or_subnets_list() { diff --git a/podkop/files/usr/lib/constants.sh b/podkop/files/usr/lib/constants.sh index 46b132d..8114154 100644 --- a/podkop/files/usr/lib/constants.sh +++ b/podkop/files/usr/lib/constants.sh @@ -63,5 +63,4 @@ SUBNETS_HETZNER="${GITHUB_RAW_URL}/Subnets/IPv4/hetzner.lst" SUBNETS_OVH="${GITHUB_RAW_URL}/Subnets/IPv4/ovh.lst" SUBNETS_DIGITALOCEAN="${GITHUB_RAW_URL}/Subnets/IPv4/digitalocean.lst" SUBNETS_CLOUDFRONT="${GITHUB_RAW_URL}/Subnets/IPv4/cloudfront.lst" -COMMUNITY_DOMAIN_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube hdrezka tiktok google_ai google_play hodca" -COMMUNITY_SUBNET_SERVICES="discord meta twitter cloudflare cloudfront digitalocean hetzner ovh telegram" \ No newline at end of file +COMMUNITY_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube hdrezka tiktok google_ai google_play hodca discord meta twitter cloudflare cloudfront digitalocean hetzner ovh telegram" \ No newline at end of file