DNS: Fix wrong protocol parse

[vanserox]

While buffer.go uses int32 type size not uint32 type, malformed dns response causes ReadFullFrom with negative size which leading to slice bounds out of range panic.

Here is the panic log (my dns server has additional fields):
2025/10/15 17:05:11.712529[Error] app/dns: failed to read response length > io: read/write on closed pipe panic: runtime error: slice bounds out of range [:-21477] goroutine 9214 [running]: github.com/xtls/xray-core/common/buf. (*Buffer).ReadFullFrom(Ox5af0a27200?, [Ox6f45a34200?,0x4000baad20?],0xf14d26c0?) github.com/xtls/xray-core/common/buf/ buffer.go:340 +0x23c github com/xtls/xray-core/app) dns.(*TCPNameServ er).sendQuery. func1(0x4000baac30) github. com/xtls/xray-core/ app/dns/ nameserver_tcp.go:184 +0x9c4 created by github.com/xtls/xray- core/app/dns. (*TCPNameServer) sendQuery in gor outine 9213 github.com/xtls/xray- core/app/dns/ nameserver. tcp.go:115 +0x274

[Fangliding]

跟下面out of bound合一起吧 if end > int32(len(b.v)) || end < int32(b.end)

[vanserox]

跟下面out of bound合一起吧 if end > int32(len(b.v)) || end < int32(b.end)

done.

[Fangliding]

我先前的要求不太对 我重新检查了一下dns over tcp的实现 它将长度读取为int16 但是实际数据类型是uint16 因为正数时二者的二进制布局刚好一致导致了问题 修正后应该没有问题了 可以按原设计抛出错误
之前好像就有过负数检查 但还是留下了panic 不然这个问题还没法发现(

[vanserox]

我先前的要求不太对 我重新检查了一下dns over tcp的实现 它将长度读取为int16 但是实际数据类型是uint16 因为正数时二者的二进制布局刚好一致导致了问题 修正后应该没有问题了 可以按原设计抛出错误 之前好像就有过负数检查 但还是留下了panic 不然这个问题还没法发现(

potential same panic in another code as well.

Xray-core/app/dns/nameserver_quic.go

Line 157 in b69a376

n, err = respBuf.ReadFullFrom(conn, int32(length))

Xray-core/transport/internet/kcp/io.go

Line 84 in b69a376

common.Must2(bb.ReadFullFrom(rand.Reader, int32(nonceSize)))

Xray-core/common/xudp/xudp.go

Line 180 in b69a376

if _, err := b.ReadFullFrom(r.Reader, length); err != nil {

ReadFullFrom as a common util function, it's better to add negative size check.

[Fangliding]

quic改了 nonceSize是负就应该panic xudp是有预检的 就这样吧 有问题再说