From fe01033efeed515d8c56d44725d073f6e9e33e74 Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Sat, 12 Apr 2025 22:27:07 +0800
Subject: [PATCH] chore: quic sniffer should use the exact length of crypto
 stream when assembling

---
 component/sniffer/quic_sniffer.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/component/sniffer/quic_sniffer.go b/component/sniffer/quic_sniffer.go
index 6cc377d2..a1b39f92 100644
--- a/component/sniffer/quic_sniffer.go
+++ b/component/sniffer/quic_sniffer.go
@@ -399,9 +399,7 @@ func (q *quicPacketSender) readQuicData(b []byte) error {
 		}
 	}
 
-	_ = q.tryAssemble()
-
-	return nil
+	return q.tryAssemble()
 }
 
 func (q *quicPacketSender) tryAssemble() error {
@@ -415,7 +413,17 @@ func (q *quicPacketSender) tryAssemble() error {
 
 	if len(q.ranges) != 1 || q.ranges[0].Start() != 0 || q.ranges[0].End() != uint64(len(q.buffer)) {
 		q.lock.RUnlock()
-		return ErrNoClue
+		// incomplete fragment, just return
+		return nil
+	}
+
+	if len(q.buffer) <= 4 ||
+		// Handshake Type (1) + uint24 Length (3) + ClientHello body
+		// maxCryptoStreamOffset is in the valid range of uint16 so just ignore the q.buffer[1]
+		int(binary.BigEndian.Uint16([]byte{q.buffer[2], q.buffer[3]})+4) != len(q.buffer) {
+		q.lock.RUnlock()
+		// end of segment not reached, just return
+		return nil
 	}
 
 	domain, err := ReadClientHello(q.buffer)