added checking for invalid/malicious packet size in network protocol

[rocksndiamonds.git] / src / netserv.c

diff --git a/src/netserv.c b/src/netserv.c
index 0a3661e139a7b8d0692b7a144050751df48ae3c3..73d35fb32de81a044726b4c0d008a274172cddee 100644 (file)
--- a/src/netserv.c
+++ b/src/netserv.c
@@ -187,6 +187,14 @@ static void increaseNetworkBuffer(struct NetworkBuffer *nb, int additional_size)
 int receiveNetworkBufferBytes(struct NetworkBuffer *nb, TCPsocket socket,
                             int num_bytes)
 {
+  if (num_bytes > MAX_PACKET_SIZE)
+  {
+    Error(ERR_NETWORK_SERVER, "protocol error: invalid packet size %d",
+         num_bytes);
+
+    return -1;
+  }
+
   if (nb->pos + num_bytes > nb->max_size)
     increaseNetworkBuffer(nb, num_bytes);
 
@@ -809,6 +817,13 @@ static void Handle_OP_BROADCAST_MESSAGE(struct NetworkServerPlayerInfo *player)
   SendNetworkBufferToAllButOne(write_buffer, player);
 }
 
+static void Handle_OP_LEVEL_FILE(struct NetworkServerPlayerInfo *player)
+{
+  copyNetworkBufferForWriting(read_buffer, write_buffer, player->number);
+
+  SendNetworkBufferToAllButOne(write_buffer, player);
+}
+
 void ExitNetworkServer(int exit_value)
 {
   Error(ERR_NETWORK_SERVER, "exiting network server");
@@ -1007,6 +1022,10 @@ void NetworkServer(int port, int serveronly)
          Handle_OP_BROADCAST_MESSAGE(player);
          break;
 
+       case OP_LEVEL_FILE:
+         Handle_OP_LEVEL_FILE(player);
+         break;
+
        default:
          if (options.verbose)
            Error(ERR_NETWORK_SERVER,