mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-16 04:37:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[8378] Use exceptions instead of explicit size checking for each packet

Browse source 
CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd
could crash due to the asserts in ByteBuffer.h. That was exploitable by
malicious players.
Furthermore, there were duplicate checks: Additionally to
CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye
on not exceeding the packet boundaries - just to crash the server for
sure in such a case.
To prevent memory leaks or other undesirable states, please read in
every handler all variables _before_ doing any concrete handling.
This commit is contained in:
arrai 2009-08-15 22:06:35 +02:00
parent c26c7395a1
commit a24f39a36f
32 changed files with 129 additions and 741 deletions
Download patch file Download diff file Expand all files Collapse all files

101
src/game/WorldSocket.cpp
View file

@ -694,45 +694,55 @@ int WorldSocket::ProcessIncoming (WorldPacket* new_pct)
sWorldLog.Log ("\n\n");
}
// like one switch ;)
if (opcode == CMSG_PING)
{
return HandlePing (*new_pct);
}
else if (opcode == CMSG_AUTH_SESSION)
{
if (m_Session)
try {
switch(opcode)
{
sLog.outError ("WorldSocket::ProcessIncoming: Player send CMSG_AUTH_SESSION again");
return -1;
case CMSG_PING:
return HandlePing (*new_pct);
case CMSG_AUTH_SESSION:
if (m_Session)
{
sLog.outError ("WorldSocket::ProcessIncoming: Player send CMSG_AUTH_SESSION again");
return -1;
}
return HandleAuthSession (*new_pct);
case CMSG_KEEP_ALIVE:
DEBUG_LOG ("CMSG_KEEP_ALIVE ,size: %d", new_pct->size ());
return 0;
default:
{
ACE_GUARD_RETURN (LockType, Guard, m_SessionLock, -1);
if (m_Session != NULL)
{
// OK ,give the packet to WorldSession
aptr.release ();
// WARNINIG here we call it with locks held.
// Its possible to cause deadlock if QueuePacket calls back
m_Session->QueuePacket (new_pct);
return 0;
}
else
{
sLog.outError ("WorldSocket::ProcessIncoming: Client not authed opcode = %u", uint32(opcode));
return -1;
}
}
}
}
catch(ByteBufferException &exception)
{
sLog.outError("WorldSocket::ProcessIncoming ByteBufferException occured while parsing an instant handled packet (opcode: %u) from client %s, accountid=%i. Disconnected client.",
opcode, GetRemoteAddress().c_str(), m_Session?m_Session->GetAccountId():-1);
if(sLog.IsOutDebug())
{
sLog.outDebug("Dumping error causing packet:");
new_pct->hexlike();
}
return HandleAuthSession (*new_pct);
}
else if (opcode == CMSG_KEEP_ALIVE)
{
DEBUG_LOG ("CMSG_KEEP_ALIVE ,size: %d", new_pct->size ());
return 0;
}
else
{
ACE_GUARD_RETURN (LockType, Guard, m_SessionLock, -1);
if (m_Session != NULL)
{
// OK ,give the packet to WorldSession
aptr.release ();
// WARNINIG here we call it with locks held.
// Its possible to cause deadlock if QueuePacket calls back
m_Session->QueuePacket (new_pct);
return 0;
}
else
{
sLog.outError ("WorldSocket::ProcessIncoming: Client not authed opcode = %u", uint32(opcode));
return -1;
}
return -1;
}
ACE_NOTREACHED (return 0);
@ -755,24 +765,11 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
BigNumber K;
if (recvPacket.size () < (4 + 4 + 1 + 4 + 4 + 20))
{
sLog.outError ("WorldSocket::HandleAuthSession: wrong packet size");
return -1;
}
// Read the content of the packet
recvPacket >> BuiltNumberClient; // for now no use
recvPacket >> unk2;
recvPacket >> account;
recvPacket >> unk3;
if (recvPacket.size () < (4 + 4 + (account.size () + 1) + 4 + 4 + 20))
{
sLog.outError ("WorldSocket::HandleAuthSession: wrong packet size second check");
return -1;
}
recvPacket >> clientSeed;
recvPacket.read (digest, 20);
@ -1001,12 +998,6 @@ int WorldSocket::HandlePing (WorldPacket& recvPacket)
uint32 ping;
uint32 latency;
if (recvPacket.size () < 8)
{
sLog.outError ("WorldSocket::_HandlePing wrong packet size");
return -1;
}
// Get the ping packet content
recvPacket >> ping;
recvPacket >> latency;