From 972530f3a74a4297263f23783a13dde7a8e176a2 Mon Sep 17 00:00:00 2001 From: Exynox Date: Sun, 27 Nov 2022 10:46:56 +0200 Subject: [PATCH] Fixed serious issue where oversized packets would be split apart by libevent without proper handling by the db core. Removed Google Sanitizers --- db/CMakeLists.txt | 3 --- db/src/Peer.cpp | 20 +++++++++++++++++++- game/CMakeLists.txt | 1 - 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt index b41f783..f9307a2 100644 --- a/db/CMakeLists.txt +++ b/db/CMakeLists.txt @@ -26,6 +26,3 @@ find_package(Libevent CONFIG REQUIRED) target_link_libraries(${PROJECT_NAME} PRIVATE libevent::core libevent::extra libevent::pthreads) target_link_libraries(${PROJECT_NAME} PRIVATE libpoly libsql libthecore) - -# Memory debugging -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -g") diff --git a/db/src/Peer.cpp b/db/src/Peer.cpp index 8b2292e..1801102 100644 --- a/db/src/Peer.cpp +++ b/db/src/Peer.cpp @@ -63,12 +63,19 @@ void CPeer::SetUserCount(DWORD dwCount) bool CPeer::PeekPacket(int & iBytesProceed, BYTE & header, DWORD & dwHandle, DWORD & dwLength, const char ** data) { + // Return if not enough data was received to read the header if (GetRecvLength() < iBytesProceed + 9) return false; const char * buf = (const char *) GetRecvBuffer(iBytesProceed + 9); + if (!buf) { + sys_err("PeekPacket: Failed to get network buffer!"); + return false; + } + buf += iBytesProceed; + // Read the header data header = *(buf++); dwHandle = *((DWORD *) buf); @@ -77,7 +84,7 @@ bool CPeer::PeekPacket(int & iBytesProceed, BYTE & header, DWORD & dwHandle, DWO dwLength = *((DWORD *) buf); buf += sizeof(DWORD); - //sys_log(0, "%d header %d handle %u length %u", GetRecvLength(), header, dwHandle, dwLength); + // Ensure that all the data was fully received if (iBytesProceed + dwLength + 9 > (DWORD) GetRecvLength()) { sys_log(0, "PeekPacket: not enough buffer size: len %u, recv %d", @@ -85,6 +92,17 @@ bool CPeer::PeekPacket(int & iBytesProceed, BYTE & header, DWORD & dwHandle, DWO return false; } + // Ensure that all the required data is available in a contiguous area + buf = (const char *) GetRecvBuffer(iBytesProceed + dwLength + 9); + if (!buf) { + sys_err("PeekPacket: Failed to get network buffer!"); + return false; + } + + // Skip the header + buf += iBytesProceed + 9; + + // Set the data pointer *data = buf; iBytesProceed += dwLength + 9; return true; diff --git a/game/CMakeLists.txt b/game/CMakeLists.txt index 25d8b4f..c33277e 100644 --- a/game/CMakeLists.txt +++ b/game/CMakeLists.txt @@ -49,4 +49,3 @@ find_package (Threads REQUIRED) target_link_libraries (${PROJECT_NAME} Threads::Threads) target_link_libraries(${PROJECT_NAME} libgame libpoly libsql libthecore liblua) -