fix: Potential DOS attack on server by sending packed ulongs when pac…

…ked uints are expected. (#730) * fix: Potential DOS attack on server by sending packed ulongs when packed uints are expected. * Update NetworkReader.cs
MirageNet · Apr 5, 2019 · 015d0d5 · 015d0d5
1 parent 3cee3ab
commit 015d0d5
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/Assets/Mirror/Runtime/NetworkReader.cs b/Assets/Mirror/Runtime/NetworkReader.cs
@@ -82,7 +82,10 @@ public uint ReadPackedUInt32()
             ulong value = ReadPackedUInt64();
             if (value > uint.MaxValue)
             {
-                throw new IndexOutOfRangeException("ReadPackedUInt32() failure, value too large");
+                // show warning, but don't throw an exception to avoid DOS attack where
+                // an attacker might send a packed UInt64 where a packed UInt32 was
+                // expected (https://github.com/vis2k/Mirror/pull/730/)
+                Debug.LogWarning("ReadPackedUInt32() failure, value too large: " + value);
             }
             return (uint)value;
         }

diff --git a/Assets/Mirror/Tests/NetworkWriterTest.cs b/Assets/Mirror/Tests/NetworkWriterTest.cs
@@ -144,6 +144,22 @@ public void TestPackedUInt32()
             Assert.That(reader.ReadPackedUInt32(), Is.EqualTo(uint.MaxValue));
         }
 
+        [Test]
+        public void TestPackedUInt32Failure()
+        {
+            Assert.DoesNotThrow(() => {
+                NetworkWriter writer = new NetworkWriter();
+                writer.WritePackedUInt64(1099511627775);
+                writer.WritePackedUInt64(281474976710655);
+                writer.WritePackedUInt64(72057594037927935);
+
+                NetworkReader reader = new NetworkReader(writer.ToArray());
+                reader.ReadPackedUInt32();
+                reader.ReadPackedUInt32();
+                reader.ReadPackedUInt32();
+            });
+        }
+
         [Test]
         public void TestPackedInt32()
         {
@@ -180,6 +196,22 @@ public void TestPackedInt32()
             Assert.That(reader.ReadPackedInt32(), Is.EqualTo(int.MinValue));
         }
 
+        [Test]
+        public void TestPackedInt32Failure()
+        {
+            Assert.DoesNotThrow(() => {
+                NetworkWriter writer = new NetworkWriter();
+                writer.WritePackedInt64(1099511627775);
+                writer.WritePackedInt64(281474976710655);
+                writer.WritePackedInt64(72057594037927935);
+
+                NetworkReader reader = new NetworkReader(writer.ToArray());
+                reader.ReadPackedInt32();
+                reader.ReadPackedInt32();
+                reader.ReadPackedInt32();
+            });
+        }
+
         [Test]
         public void TestPackedUInt64()
         {