added checking for invalid/malicious packet size in network protocol

diff --git a/src/netserv.c b/src/netserv.c
index eef7aa111e43466b56be71b44afa311e259b3c7f..73d35fb32de81a044726b4c0d008a274172cddee 100644 (file)
--- a/src/netserv.c
+++ b/src/netserv.c
@@ -187,6 +187,14 @@ static void increaseNetworkBuffer(struct NetworkBuffer *nb, int additional_size)
 int receiveNetworkBufferBytes(struct NetworkBuffer *nb, TCPsocket socket,
                             int num_bytes)
 {
 int receiveNetworkBufferBytes(struct NetworkBuffer *nb, TCPsocket socket,
                             int num_bytes)
 {

+  if (num_bytes > MAX_PACKET_SIZE)
+  {
+    Error(ERR_NETWORK_SERVER, "protocol error: invalid packet size %d",
+         num_bytes);
+
+    return -1;
+  }
+

   if (nb->pos + num_bytes > nb->max_size)
     increaseNetworkBuffer(nb, num_bytes);
 
   if (nb->pos + num_bytes > nb->max_size)
     increaseNetworkBuffer(nb, num_bytes);
 

diff --git a/src/netserv.h b/src/netserv.h
index baebb99c2298fb19ccc4ad8a281bfa4acf7c33db..ec24d34408403c56d9509ae12b76246d934d1d7c 100644 (file)
--- a/src/netserv.h
+++ b/src/netserv.h
@@ -36,6 +36,7 @@
 #define OP_LEVEL_FILE          14
 
 #define MAX_BUFFER_SIZE                4096
 #define OP_LEVEL_FILE          14
 
 #define MAX_BUFFER_SIZE                4096

+#define MAX_PACKET_SIZE                1048576

 
 
 struct NetworkBuffer
 
 
 struct NetworkBuffer