Don't decompress packets from unknown IPs

This commit is contained in:
Dennis Felsing 2018-12-13 16:24:37 +01:00
parent 42d7f58d08
commit 9089c2b35a
4 changed files with 29 additions and 20 deletions

View file

@ -175,7 +175,7 @@ void CNetBase::SendPacket(NETSOCKET Socket, NETADDR *pAddr, CNetPacketConstruct
} }
// TODO: rename this function // TODO: rename this function
int CNetBase::UnpackPacket(unsigned char *pBuffer, int Size, CNetPacketConstruct *pPacket) int CNetBase::UnpackPacket(unsigned char *pBuffer, int Size, CNetPacketConstruct *pPacket, bool Decompress)
{ {
// check the size // check the size
if(Size < NET_PACKETHEADERSIZE || Size > NET_MAX_PACKETSIZE) if(Size < NET_PACKETHEADERSIZE || Size > NET_MAX_PACKETSIZE)
@ -225,6 +225,10 @@ int CNetBase::UnpackPacket(unsigned char *pBuffer, int Size, CNetPacketConstruct
{ {
if(pPacket->m_Flags&NET_PACKETFLAG_COMPRESSION) if(pPacket->m_Flags&NET_PACKETFLAG_COMPRESSION)
{ {
if(!Decompress)
{
return -1;
}
// Don't allow compressed control packets. // Don't allow compressed control packets.
if(pPacket->m_Flags&NET_PACKETFLAG_CONTROL) if(pPacket->m_Flags&NET_PACKETFLAG_CONTROL)
{ {

View file

@ -469,7 +469,7 @@ public:
static void SendPacketConnless(NETSOCKET Socket, NETADDR *pAddr, const void *pData, int DataSize, bool Extended, unsigned char aExtra[4]); static void SendPacketConnless(NETSOCKET Socket, NETADDR *pAddr, const void *pData, int DataSize, bool Extended, unsigned char aExtra[4]);
static void SendPacket(NETSOCKET Socket, NETADDR *pAddr, CNetPacketConstruct *pPacket, SECURITY_TOKEN SecurityToken); static void SendPacket(NETSOCKET Socket, NETADDR *pAddr, CNetPacketConstruct *pPacket, SECURITY_TOKEN SecurityToken);
static int UnpackPacket(unsigned char *pBuffer, int Size, CNetPacketConstruct *pPacket); static int UnpackPacket(unsigned char *pBuffer, int Size, CNetPacketConstruct *pPacket, bool Decompress);
// The backroom is ack-NET_MAX_SEQUENCE/2. Used for knowing if we acked a packet or not // The backroom is ack-NET_MAX_SEQUENCE/2. Used for knowing if we acked a packet or not
static int IsSeqInBackroom(int Seq, int Ack); static int IsSeqInBackroom(int Seq, int Ack);

View file

@ -70,7 +70,7 @@ int CNetClient::Recv(CNetChunk *pChunk)
if(Bytes <= 0) if(Bytes <= 0)
break; break;
if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data) == 0) if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data, /* decompress = */ true) == 0)
{ {
if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONNLESS) if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONNLESS)
{ {

View file

@ -615,9 +615,9 @@ int CNetServer::Recv(CNetChunk *pChunk)
continue; continue;
} }
if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data) == 0) if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONNLESS)
{ {
if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONNLESS) if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data, /* decompress = */ false) == 0)
{ {
pChunk->m_Flags = NETSENDFLAG_CONNLESS; pChunk->m_Flags = NETSENDFLAG_CONNLESS;
pChunk->m_ClientID = -1; pChunk->m_ClientID = -1;
@ -631,21 +631,24 @@ int CNetServer::Recv(CNetChunk *pChunk)
} }
return 1; return 1;
} }
else }
else
{
// drop invalid ctrl packets
if (m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONTROL &&
m_RecvUnpacker.m_Data.m_DataSize == 0)
continue;
// normal packet, find matching slot
int Slot = GetClientSlot(Addr);
if (Slot != -1)
{ {
// drop invalid ctrl packets // found
if (m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONTROL &&
m_RecvUnpacker.m_Data.m_DataSize == 0)
continue;
// normal packet, find matching slot // control
int Slot = GetClientSlot(Addr); if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data, /* decompress = */ true) == 0)
if (Slot != -1)
{ {
// found
// control
if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONTROL) if(m_RecvUnpacker.m_Data.m_Flags&NET_PACKETFLAG_CONTROL)
OnConnCtrlMsg(Addr, Slot, m_RecvUnpacker.m_Data.m_aChunkData[0], m_RecvUnpacker.m_Data); OnConnCtrlMsg(Addr, Slot, m_RecvUnpacker.m_Data.m_aChunkData[0], m_RecvUnpacker.m_Data);
@ -655,10 +658,12 @@ int CNetServer::Recv(CNetChunk *pChunk)
m_RecvUnpacker.Start(&Addr, &m_aSlots[Slot].m_Connection, Slot); m_RecvUnpacker.Start(&Addr, &m_aSlots[Slot].m_Connection, Slot);
} }
} }
else }
else
{
// not found, client that wants to connect
if(CNetBase::UnpackPacket(m_RecvUnpacker.m_aBuffer, Bytes, &m_RecvUnpacker.m_Data, /* decompress = */ false) == 0)
{ {
// not found, client that wants to connect
if(IsDDNetControlMsg(&m_RecvUnpacker.m_Data)) if(IsDDNetControlMsg(&m_RecvUnpacker.m_Data))
// got ddnet control msg // got ddnet control msg
OnTokenCtrlMsg(Addr, m_RecvUnpacker.m_Data.m_aChunkData[0], m_RecvUnpacker.m_Data); OnTokenCtrlMsg(Addr, m_RecvUnpacker.m_Data.m_aChunkData[0], m_RecvUnpacker.m_Data);