-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] A malformed packet can be used to leak old packets #5
Comments
willardf
pushed a commit
that referenced
this issue
Oct 8, 2020
Thanks for bringing this up, do you have any interest in reviewing this or testing it with your example or should I just merge it? |
I just tested the changes using my example project and that project doesn't work anymore which is a good thing. I think it can be merged. |
willardf
added a commit
that referenced
this issue
Oct 8, 2020
Test and fix bug #5: A malformed packet can be used to leak old packets
Great, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MessageReader.GetSized()
will return a reader without cleaning the buffer if there is a reader in the reader pool with a buffer that is big enough.MessageReader.ReadString()
doesn't do any bound checks. You can supply it any packed integer and it will happily try to read up to0x7FFFFFFF
bytes from the reader buffer. Any value higher than0xFFFF
will cause an exception to be thrown on servers that do not manually specify a buffer size. This issue can also be used to leak old packets. If the server echoes what it reads from the packet back to the client, and if the reader was recycled usingMessageReader.GetSized()
, the server will send the data of an old packet (probably from a different client) to the client.Example client code that exploits this and example vulnerable server
The text was updated successfully, but these errors were encountered: