From edb08d6feca72dec719ea7d292b08676539a9b9a Mon Sep 17 00:00:00 2001
From: Chris Forbes <chrisf@ijw.co.nz>
Date: Mon, 8 Jul 2013 14:58:04 +1200
Subject: [PATCH] restrict packet size to 4K in server

- Sending a negative length no longer crashes the server
- Sending very large lengths can't force us to buffer stupid amounts of data

The offending client just gets kicked if they do this.
---
 OpenRA.Game/Server/Connection.cs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/OpenRA.Game/Server/Connection.cs b/OpenRA.Game/Server/Connection.cs
index 76799ee660..e82077d501 100644
--- a/OpenRA.Game/Server/Connection.cs
+++ b/OpenRA.Game/Server/Connection.cs
@@ -25,6 +25,7 @@ namespace OpenRA.Server
 		public int ExpectLength = 8;
 		public int Frame = 0;
 		public int MostRecentFrame = 0;
+		public const int MaxOrderLength = 4096;
 
 		/* client data */
 		public int PlayerIndex;
@@ -65,7 +66,7 @@ namespace OpenRA.Server
 					if (e.SocketErrorCode == SocketError.WouldBlock) break;
 
 					server.DropClient(this);
-					Log.Write("server", "Dropping client {0} because reading the data failed: {1}", this.PlayerIndex.ToString(), e);
+					Log.Write("server", "Dropping client {0} because reading the data failed: {1}", PlayerIndex, e);
 					return false;
 				}
 			}
@@ -86,6 +87,13 @@ namespace OpenRA.Server
 								ExpectLength = BitConverter.ToInt32(bytes, 0) - 4;
 								Frame = BitConverter.ToInt32(bytes, 4);
 								State = ReceiveState.Data;
+
+								if (ExpectLength < 0 || ExpectLength > MaxOrderLength)
+								{
+									server.DropClient(this);
+									Log.Write("server", "Dropping client {0} for excessive order length = {1}", PlayerIndex, ExpectLength);
+									return;
+								}
 							} break;
 
 						case ReceiveState.Data: