added checking for invalid/malicious packet size in network protocol
authorHolger Schemel <info@artsoft.org>
Fri, 31 Aug 2018 06:46:03 +0000 (08:46 +0200)
committerHolger Schemel <info@artsoft.org>
Fri, 31 Aug 2018 06:46:03 +0000 (08:46 +0200)
src/netserv.c
src/netserv.h

index eef7aa111e43466b56be71b44afa311e259b3c7f..73d35fb32de81a044726b4c0d008a274172cddee 100644 (file)
@@ -187,6 +187,14 @@ static void increaseNetworkBuffer(struct NetworkBuffer *nb, int additional_size)
 int receiveNetworkBufferBytes(struct NetworkBuffer *nb, TCPsocket socket,
                             int num_bytes)
 {
+  if (num_bytes > MAX_PACKET_SIZE)
+  {
+    Error(ERR_NETWORK_SERVER, "protocol error: invalid packet size %d",
+         num_bytes);
+
+    return -1;
+  }
+
   if (nb->pos + num_bytes > nb->max_size)
     increaseNetworkBuffer(nb, num_bytes);
 
index baebb99c2298fb19ccc4ad8a281bfa4acf7c33db..ec24d34408403c56d9509ae12b76246d934d1d7c 100644 (file)
@@ -36,6 +36,7 @@
 #define OP_LEVEL_FILE          14
 
 #define MAX_BUFFER_SIZE                4096
+#define MAX_PACKET_SIZE                1048576
 
 
 struct NetworkBuffer