Refactor proxy and transport modules for improved safety and performance

- Enhanced linting rules in `src/proxy/mod.rs` to enforce stricter code quality checks in production. - Updated hash functions in `src/proxy/middle_relay.rs` for better efficiency. - Added new security tests in `src/proxy/tests/middle_relay_stub_completion_security_tests.rs` to validate desynchronization behavior. - Removed ignored test stubs in `src/proxy/tests/middle_relay_security_tests.rs` to clean up the test suite. - Improved error handling and code readability in various transport modules, including `src/transport/middle_proxy/config_updater.rs` and `src/transport/middle_proxy/pool.rs`. - Introduced new padding functions in `src/stream/frame_stream_padding_security_tests.rs` to ensure consistent behavior across different implementations. - Adjusted TLS stream validation in `src/stream/tls_stream.rs` for better boundary checking. - General code cleanup and dead code elimination across multiple files to enhance maintainability.
2026-04-25 14:34:10 +03:00 · 2026-03-21 20:05:07 +04:00
parent a6c298b633
commit 4c32370b25
35 changed files with 794 additions and 174 deletions
--- a/src/stream/frame_codec.rs
+++ b/src/stream/frame_codec.rs
@@ -652,7 +652,7 @@ mod tests {
            let mut out = BytesMut::new();
            codec.encode(&frame, &mut out).unwrap();

-            assert!(out.len() >= 4 + payload.len() + 1);
+            assert!(out.len() > 4 + payload.len());
            let wire_len = u32::from_le_bytes([out[0], out[1], out[2], out[3]]) as usize;
            assert!(
                (payload.len() + 1..=payload.len() + 3).contains(&wire_len),
--- a/src/stream/frame_stream.rs
+++ b/src/stream/frame_stream.rs
@@ -584,7 +584,7 @@ mod tests {

        // Long frame (> 0x7f words = 508 bytes)
        let data: Vec<u8> = (0..1000).map(|i| (i % 256) as u8).collect();
-        let padded_len = (data.len() + 3) / 4 * 4;
+        let padded_len = data.len().div_ceil(4) * 4;
        let mut padded = data.clone();
        padded.resize(padded_len, 0);

--- a/src/stream/frame_stream_padding_security_tests.rs
+++ b/src/stream/frame_stream_padding_security_tests.rs
@@ -0,0 +1,56 @@
+fn old_padding_round_up_to_4(len: usize) -> Option<usize> {
+    len.checked_add(3)
+        .map(|sum| sum / 4)
+        .and_then(|words| words.checked_mul(4))
+}
+
+fn new_padding_round_up_to_4(len: usize) -> Option<usize> {
+    len.div_ceil(4).checked_mul(4)
+}
+
+#[test]
+fn padding_rounding_equivalent_for_extensive_safe_domain() {
+    for len in 0usize..=200_000usize {
+        let old = old_padding_round_up_to_4(len).expect("old expression must be safe");
+        let new = new_padding_round_up_to_4(len).expect("new expression must be safe");
+        assert_eq!(old, new, "mismatch for len={len}");
+        assert!(new >= len, "rounded length must not shrink: len={len}, out={new}");
+        assert_eq!(new % 4, 0, "rounded length must stay 4-byte aligned");
+    }
+}
+
+#[test]
+fn padding_rounding_equivalent_near_usize_limit_when_old_is_defined() {
+    let candidates = [
+        usize::MAX - 3,
+        usize::MAX - 4,
+        usize::MAX - 5,
+        usize::MAX - 6,
+        usize::MAX - 7,
+        usize::MAX - 8,
+        usize::MAX - 15,
+        usize::MAX / 2,
+        (usize::MAX / 2) + 1,
+    ];
+
+    for len in candidates {
+        let old = old_padding_round_up_to_4(len);
+        let new = new_padding_round_up_to_4(len);
+        if let Some(old_val) = old {
+            assert_eq!(Some(old_val), new, "safe-domain mismatch for len={len}");
+        }
+    }
+}
+
+#[test]
+fn padding_rounding_documents_overflow_boundary_behavior() {
+    // For very large lengths, arithmetic round-up may overflow regardless of spelling.
+    // This documents the boundary so future changes do not assume universal safety.
+    assert_eq!(old_padding_round_up_to_4(usize::MAX), None);
+    assert_eq!(old_padding_round_up_to_4(usize::MAX - 1), None);
+    assert_eq!(old_padding_round_up_to_4(usize::MAX - 2), None);
+
+    // The div_ceil form avoids `len + 3` overflow, but final `* 4` can still overflow.
+    assert_eq!(new_padding_round_up_to_4(usize::MAX), None);
+    assert_eq!(new_padding_round_up_to_4(usize::MAX - 1), None);
+}
--- a/src/stream/mod.rs
+++ b/src/stream/mod.rs
@@ -8,6 +8,9 @@ pub mod state;
 pub mod tls_stream;
 pub mod traits;

+#[cfg(test)]
+mod frame_stream_padding_security_tests;
+
 // Legacy compatibility - will be removed later
 pub mod frame_stream;

--- a/src/stream/tls_stream.rs
+++ b/src/stream/tls_stream.rs
@@ -154,7 +154,7 @@ impl TlsRecordHeader {
            }

            TLS_RECORD_HANDSHAKE => {
-                if len < 4 || len > MAX_TLS_PLAINTEXT_SIZE {
+                if !(4..=MAX_TLS_PLAINTEXT_SIZE).contains(&len) {
                    return Err(Error::new(
                        ErrorKind::InvalidData,
                        format!(