search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
86.06k stars 13.31k forks source link

0.51.0 panic: runtime error: slice bounds out of range [20:16] #3529

Closed pierre-pretorius closed 6 months ago

pierre-pretorius commented 1 year ago

Bug Description

We did get the slice bounds out of range error in the cipher code in previous versions, but we upgraded to the latest 0.51.0 to ensure the bug is present in the latest code. It looks like the stack trace in the log below is too short to determine the root cause?

frpc Version

Various versions from 0.34.0 and upwards

frps Version

0.51.0

System Architecture

linux/amd64

Configurations

Server

[common]
bind_port = 8888
authentication_method = token
token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dashboard_port = 2000
dashboard_user = admin
dashboard_pwd = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
log_file = /var/log/frps.log
log_level = warn

[plugin.login]
addr = http://localhost:3000
path = /frps/login
ops = Login

[plugin.proxy]
addr = http://localhost:3000
path = /frps/proxy
ops = NewProxy

Client

[common]
server_addr = xxxxxxxxxxxxxxxxx
server_port = 8888
authentication_method = token
token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
user = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
meta_sid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
meta_gid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[web]
type = tcp
local_port = 80
remote_port = 30000
use_encryption = true
use_compression = true

Logs

Jul 14 02:43:01 systemd[1]: Started FRPS Service.
Jul 14 11:47:03 frps[1465596]: panic: runtime error: slice bounds out of range [20:16]
Jul 14 11:47:03 frps[1465596]: goroutine 9331955 [running]:
Jul 14 11:47:03 frps[1465596]: crypto/cipher.(*cfb).XORKeyStream(0xc02ea994f0, {0xc0253ca080?, 0x7fba61f785b8?, 0x20?}, {0xc0253ca080?, 0xc009c2a580?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         crypto/cipher/cfb.go:41 +0x31b
Jul 14 11:47:03 frps[1465596]: crypto/cipher.StreamReader.Read({{0xe7f140?, 0xc02ea994f0?}, {0x7fba3a9f10e8?, 0xc00a9f3680?}}, {0xc0253ca080, 0xc00f9ecb88?, 0x12a4e})
Jul 14 11:47:03 frps[1465596]:         crypto/cipher/io.go:21 +0xa3
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/crypto.(*Reader).Read(0xc00338a3c0, {0xc0253ca080?, 0x8000?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/crypto/decode.go:71 +0x1c7
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xc0170d8398?, {0xc0253ca080?, 0x0?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26
Jul 14 11:47:03 frps[1465596]: io.ReadAtLeast({0x7fba39f5e8f0, 0xc012e0a400}, {0xc0253ca000, 0x69f, 0x12ace}, 0x69f)
Jul 14 11:47:03 frps[1465596]:         io/io.go:332 +0x9a
Jul 14 11:47:03 frps[1465596]: io.ReadFull(...)
Jul 14 11:47:03 frps[1465596]:         io/io.go:351
Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).readFull(0xc00026b880, {0xc0253ca000?, 0xc0170d8380?, 0xc0315b4000?}, 0x0)
Jul 14 11:47:03 frps[1465596]:         github.com/golang/snappy@v0.0.3/decode.go:112 +0x48
Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).Read(0xc00026b880, {0xc0315b4000, 0x8000, 0xc0022edc01?})
Jul 14 11:47:03 frps[1465596]:         github.com/golang/snappy@v0.0.3/decode.go:159 +0x2a5
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xba61f785b8?, {0xc0315b4000?, 0xc0022edc30?, 0x10?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26
Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe81360, 0xc0022edc30}, {0x7fba39f5e8f0, 0xc030732380}, {0x0, 0x0, 0x0})
Jul 14 11:47:03 frps[1465596]:         io/io.go:427 +0x1b2
Jul 14 11:47:03 frps[1465596]: io.Copy(...)
Jul 14 11:47:03 frps[1465596]:         io/io.go:386
Jul 14 11:47:03 frps[1465596]: net.genericReadFrom({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0, 0xc030732380})
Jul 14 11:47:03 frps[1465596]:         net/net.go:675 +0x6a
Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).readFrom(0xc0073adc80, {0x7fba39f5e8f0, 0xc030732380})
Jul 14 11:47:03 frps[1465596]:         net/tcpsock_posix.go:54 +0x78
Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).ReadFrom(0xc0073adc80, {0x7fba39f5e8f0?, 0xc030732380?})
Jul 14 11:47:03 frps[1465596]:         net/tcpsock.go:130 +0x36
Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe802c0, 0xc0073adc80}, {0x7fba39f5e8f0, 0xc030732380}, {0xc0096d4000, 0x4000, 0x4000})
Jul 14 11:47:03 frps[1465596]:         io/io.go:413 +0x14b
Jul 14 11:47:03 frps[1465596]: io.CopyBuffer({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0?, 0xc030732380?}, {0xc0096d4000?, 0x1?, 0xc0097756e0?})
Jul 14 11:47:03 frps[1465596]:         io/io.go:400 +0x3c
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.Join.func1(0x1, {0x7fba39f5e930?, 0xc0073adc80}, {0xe84460?, 0xc030732380}, 0xc00e70b8d8)
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:36 +0x209
Jul 14 11:47:03 frps[1465596]: created by github.com/fatedier/golib/io.Join
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:41 +0x29b
Jul 14 11:47:04 systemd[1]: frps.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jul 14 11:47:04 systemd[1]: frps.service: Failed with result 'exit-code'.
Jul 14 11:47:09 systemd[1]: frps.service: Scheduled restart job, restart counter is at 1.
Jul 14 11:47:09 systemd[1]: Stopped FRPS Service.
Jul 14 11:47:09 systemd[1]: Started FRPS Service.

Steps to reproduce

We only see this error on high traffic servers, so it's not easy to reproduce. It happens more or less every day.

Affected area

fatedier commented 1 year ago

@pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself?

fatedier commented 1 year ago

In addition, starting from version 0.50.0, TLS will be enabled by default. The traffic between frpc and frps will be encrypted, so you no longer need to use use_encryption = true.

pierre-pretorius commented 1 year ago

@pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself?

I'm using the binary from Github

fatedier commented 1 year ago

@pierre-pretorius I have discovered a race condition issue, but I am not sure if it is related to your problem. I will fix this issue and release a minor version.

github-actions[bot] commented 7 months ago

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.