Xray-core v25.12.8 crashes on malformed domains (nil pointer panic in DNS resolver) #28
Description
Description
The current xray-core version (v25.12.8) bundled with remnanode crashes with a panic when processing malformed domains that start with a dot (e.g., .google.com, .www.google.com). This causes the node to restart.
Environment
- remnanode version: 2.3.2
- xray-core version: v25.12.8 (bundled)
- OS: Ubuntu 22.04 (Docker)
Steps to Reproduce
HTTP request with malformed Host header
echo -e "GET / HTTP/1.1\r\nHost: .google.com\r\nConnection: close\r\n\r\n" | nc -v 142.250.74.78 80
TLS request with malformed SNI
echo | openssl s_client -connect 142.250.74.78:443 -servername ".google.com" 2>&1 | head -5
When xray sniffs a domain starting with ., it panics during DNS resolution.
Error Logs
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation]
goroutine 123456 [running]:
github.com/xtls/xray-core/app/dns.(*ClassicNameServer).sendQuery(...)
/go/src/github.com/xtls/xray-core/app/dns/nameserver_udp.go:176 +0x389
Preceding log entry:
app/dispatcher: sniffed domain: .www.google.com
Root Cause
Bug in xray-core app/dns/nameserver_udp.go:
// v25.12.8 - error is ignored
b, _ := dns.PackMessage(req.msg) // b = nil for malformed domain
b.UDP = ©Dest // PANIC: nil pointer dereference
Fix
Fixed in xray-core via PR #5512 (merged 2026-01-09):
// Fixed version - error is handled
b, err := dns.PackMessage(req.msg)
if err != nil {
errors.LogErrorInner(ctx, err, "failed to pack dns query")
return // graceful exit instead of panic
}
Affected Versions
| xray-core | Status |
|---|---|
| ≤ v25.12.8 | Vulnerable |
| ≥ v26.1.13 | Fixed |
Proposed Solution
Update XRAY_CORE_VERSION in Dockerfile from v25.12.8 to v26.1.23 (latest stable).
References
- xray-core issue: Malformed domain in the inbound request causes a panic XTLS/Xray-core#5506
- xray-core fix PR: DNS: Check err for UDP dns.PackMessage(req.msg) XTLS/Xray-core#5512