Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

restrict packet size to 4K in server

- Sending a negative length no longer crashes the server
- Sending very large lengths can't force us to buffer stupid amounts of data

The offending client just gets kicked if they do this.
  • Loading branch information...
commit edb08d6feca72dec719ea7d292b08676539a9b9a 1 parent fc6a381
Chris Forbes authored
Showing with 9 additions and 1 deletion.
  1. +9 −1 OpenRA.Game/Server/Connection.cs
10 OpenRA.Game/Server/Connection.cs
View
@@ -25,6 +25,7 @@ public class Connection
public int ExpectLength = 8;
public int Frame = 0;
public int MostRecentFrame = 0;
+ public const int MaxOrderLength = 4096;
/* client data */
public int PlayerIndex;
@@ -65,7 +66,7 @@ bool ReadDataInner(Server server)
if (e.SocketErrorCode == SocketError.WouldBlock) break;
server.DropClient(this);
- Log.Write("server", "Dropping client {0} because reading the data failed: {1}", this.PlayerIndex.ToString(), e);
+ Log.Write("server", "Dropping client {0} because reading the data failed: {1}", PlayerIndex, e);
return false;
}
}
@@ -86,6 +87,13 @@ public void ReadData(Server server)
ExpectLength = BitConverter.ToInt32(bytes, 0) - 4;
Frame = BitConverter.ToInt32(bytes, 4);
State = ReceiveState.Data;
+
+ if (ExpectLength < 0 || ExpectLength > MaxOrderLength)
+ {
+ server.DropClient(this);
+ Log.Write("server", "Dropping client {0} for excessive order length = {1}", PlayerIndex, ExpectLength);
+ return;
+ }
} break;
case ReceiveState.Data:
Please sign in to comment.
Something went wrong with that request. Please try again.