epic/OpenRA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restrict packet size to 4K in server

Browse Source 
- Sending a negative length no longer crashes the server
- Sending very large lengths can't force us to buffer stupid amounts of data

The offending client just gets kicked if they do this.
This commit is contained in:
Chris Forbes
2013-07-08 14:58:04 +12:00
parent fc6a38182d
commit edb08d6fec
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
OpenRA.Game/Server/Connection.cs
View File

@@ -25,6 +25,7 @@ namespace OpenRA.Server
public int ExpectLength = 8; public int ExpectLength = 8;
public int Frame = 0; public int Frame = 0;
public int MostRecentFrame = 0; public int MostRecentFrame = 0;
public const int MaxOrderLength = 4096;
/* client data */ /* client data */
public int PlayerIndex; public int PlayerIndex;
@@ -65,7 +66,7 @@ namespace OpenRA.Server
if (e.SocketErrorCode == SocketError.WouldBlock) break; if (e.SocketErrorCode == SocketError.WouldBlock) break;
server.DropClient(this); server.DropClient(this);
Log.Write("server", "Dropping client {0} because reading the data failed: {1}", this.PlayerIndex.ToString(), e); Log.Write("server", "Dropping client {0} because reading the data failed: {1}", PlayerIndex, e);
return false; return false;
} }
} }
@@ -86,6 +87,13 @@ namespace OpenRA.Server
ExpectLength = BitConverter.ToInt32(bytes, 0) - 4; ExpectLength = BitConverter.ToInt32(bytes, 0) - 4;
Frame = BitConverter.ToInt32(bytes, 4); Frame = BitConverter.ToInt32(bytes, 4);
State = ReceiveState.Data; State = ReceiveState.Data;
if (ExpectLength < 0 || ExpectLength > MaxOrderLength)
{
server.DropClient(this);
Log.Write("server", "Dropping client {0} for excessive order length = {1}", PlayerIndex, ExpectLength);
return;
}
} break; } break;
case ReceiveState.Data: case ReceiveState.Data: