From d809d958427c0e8ad0d04483a891b1b5754867bf Mon Sep 17 00:00:00 2001 From: David Markowitz Date: Thu, 30 May 2024 23:07:32 -0700 Subject: [PATCH] fix slow code, add bounds checks Tested that players with valid names up to the usual 33 character max are still added to the player container Tested that you can still team with <= 4 players on a team Tested that chat server no longer crashes with a bad memberSize variable asserted that InsertPlayer is indeed much faster now and is no longer a slow point of ChatServer --- dChatServer/PlayerContainer.cpp | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/dChatServer/PlayerContainer.cpp b/dChatServer/PlayerContainer.cpp index 17e2cd1a8..f279195ea 100644 --- a/dChatServer/PlayerContainer.cpp +++ b/dChatServer/PlayerContainer.cpp @@ -36,16 +36,19 @@ void PlayerContainer::InsertPlayer(Packet* packet) { data.playerID = playerId; uint32_t len; - inStream.Read(len); + if (!inStream.Read(len)) return; - for (int i = 0; i < len; i++) { - char character; inStream.Read(character); - data.playerName += character; + if (len > 33) { + LOG("Received a really long player name, probably a fake packet %i.", len); + return; } - inStream.Read(data.zoneID); - inStream.Read(data.muteExpire); - inStream.Read(data.gmLevel); + data.playerName.resize(len); + inStream.ReadAlignedBytes(reinterpret_cast(data.playerName.data()), len); + + if (!inStream.Read(data.zoneID)) return; + if (!inStream.Read(data.muteExpire)) return; + if (!inStream.Read(data.gmLevel)) return; data.sysAddr = packet->systemAddress; m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName); @@ -122,6 +125,11 @@ void PlayerContainer::CreateTeamServer(Packet* packet) { size_t membersSize = 0; inStream.Read(membersSize); + if (membersSize >= 4) { + LOG("Tried to create a team with more than 4 players"); + return; + } + std::vector members; members.reserve(membersSize);