From c5276df32e19afc03b70b32a48797c26ade4354d Mon Sep 17 00:00:00 2001
From: Andy Wang <cbeuw.andy@gmail.com>
Date: Sun, 18 Oct 2020 21:41:30 +0100
Subject: [PATCH] Check payload AEAD's size in relation to frame header's size

---
 internal/multiplex/obfs.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/multiplex/obfs.go b/internal/multiplex/obfs.go
index 4768453..a36787e 100644
--- a/internal/multiplex/obfs.go
+++ b/internal/multiplex/obfs.go
@@ -185,6 +185,12 @@ func MakeObfuscator(encryptionMethod byte, sessionKey [32]byte) (obfuscator Obfu
 		return obfuscator, errors.New("Unknown encryption method")
 	}
 
+	if payloadCipher != nil {
+		if payloadCipher.NonceSize() > HEADER_LEN {
+			return obfuscator, errors.New("payload AEAD's nonce size cannot be greater than size of frame header")
+		}
+	}
+
 	obfuscator.Obfs = MakeObfs(sessionKey, payloadCipher)
 	obfuscator.Deobfs = MakeDeobfs(sessionKey, payloadCipher)
 	return