Merge pull request #8089 from heinrich5991/pr_ddnet_check_http_size

Disconnect when we get map change with invalid parameters
This commit is contained in:
heinrich5991 2024-03-11 19:57:59 +00:00 committed by GitHub
commit 65c2ad7ee0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1372,15 +1372,21 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket, int Conn, bool Dummy)
const char *pMap = Unpacker.GetString(CUnpacker::SANITIZE_CC | CUnpacker::SKIP_START_WHITESPACES); const char *pMap = Unpacker.GetString(CUnpacker::SANITIZE_CC | CUnpacker::SKIP_START_WHITESPACES);
int MapCrc = Unpacker.GetInt(); int MapCrc = Unpacker.GetInt();
int MapSize = Unpacker.GetInt(); int MapSize = Unpacker.GetInt();
if(Unpacker.Error() || MapSize < 0) if(Unpacker.Error())
{ {
return; return;
} }
if(MapSize < 0 || MapSize > 1024 * 1024 * 1024) // 1 GiB
{
DisconnectWithReason("invalid map size");
return;
}
for(int i = 0; pMap[i]; i++) // protect the player from nasty map names for(int i = 0; pMap[i]; i++) // protect the player from nasty map names
{ {
if(pMap[i] == '/' || pMap[i] == '\\') if(pMap[i] == '/' || pMap[i] == '\\')
{ {
DisconnectWithReason("strange character in map name");
return; return;
} }
} }
@ -1441,7 +1447,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket, int Conn, bool Dummy)
m_pMapdownloadTask = HttpGetFile(pMapUrl ? pMapUrl : aUrl, Storage(), m_aMapdownloadFilenameTemp, IStorage::TYPE_SAVE); m_pMapdownloadTask = HttpGetFile(pMapUrl ? pMapUrl : aUrl, Storage(), m_aMapdownloadFilenameTemp, IStorage::TYPE_SAVE);
m_pMapdownloadTask->Timeout(CTimeout{g_Config.m_ClMapDownloadConnectTimeoutMs, 0, g_Config.m_ClMapDownloadLowSpeedLimit, g_Config.m_ClMapDownloadLowSpeedTime}); m_pMapdownloadTask->Timeout(CTimeout{g_Config.m_ClMapDownloadConnectTimeoutMs, 0, g_Config.m_ClMapDownloadLowSpeedLimit, g_Config.m_ClMapDownloadLowSpeedTime});
m_pMapdownloadTask->MaxResponseSize(1024 * 1024 * 1024); // 1 GiB m_pMapdownloadTask->MaxResponseSize(MapSize);
m_pMapdownloadTask->ExpectSha256(*pMapSha256); m_pMapdownloadTask->ExpectSha256(*pMapSha256);
Http()->Run(m_pMapdownloadTask); Http()->Run(m_pMapdownloadTask);
} }