edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-13 11:38:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
15973 commits 1 branch 429 tags 412 MiB
Commit graph

32 commits

Author SHA1 Message Date
Robert Müller 0e77be2166 Fix client crash when unpacking a sixup packet 
The client crashes when trying to unpack a packet that has the sixup flag set, as `CNetClient` does not pass pointers for the output parameters `pSecurityToken` and `pResponseToken` to `CNetBase::UnpackPacket`.
Since the client does not handle sixup packets, checks are added to return an error and ignore the packet instead of crashing due to a null pointer access.

This was found by fuzzing the data returned by `net_udp_recv` with radamsa.

```
==6200==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8d0fb8ba56 bp 0x7ffcbf67c7f0 sp 0x7ffcbf67c7a8 T0)
==6200==The signal is caused by a WRITE memory access.
==6200==Hint: address points to the zero page.
    0 0x7f8d0fb8ba56  (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
    1 0x563a7e250fbe in mem_copy src/base/system.cpp:208
    2 0x563a7e1bc6b6 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:263
    3 0x563a7e1bf57e in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:100
    4 0x563a7cfa76a2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
    5 0x563a7cfb7cf6 in CClient::Update() src/engine/client/client.cpp:2838
    6 0x563a7cfcfe47 in CClient::Run() src/engine/client/client.cpp:3214
    7 0x563a7d04c631 in main src/engine/client/client.cpp:4702
    8 0x7f8d0faf0d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    9 0x7f8d0faf0e3f in __libc_start_main_impl ../csu/libc-start.c:392
    10 0x563a7cb28754 in _start (build-asan/DDNet+0x2472754)

==8315==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4accfe5a56 bp 0x7ffcf1318530 sp 0x7ffcf13184e8 T0)
==8315==The signal is caused by a WRITE memory access.
==8315==Hint: address points to the zero page.
    0 0x7f4accfe5a56  (/lib/x86_64-linux-gnu/libc.so.6+0xc4a56)
    1 0x560413603200 in mem_copy src/base/system.cpp:208
    2 0x56041356d9c7 in CNetBase::UnpackPacket(unsigned char*, int, CNetPacketConstruct*, bool&, int*, int*) src/engine/shared/network.cpp:224
    3 0x5604135717c0 in CNetClient::Recv(CNetChunk*) src/engine/shared/network_client.cpp:104
    4 0x5604123597e2 in CClient::PumpNetwork() src/engine/client/client.cpp:2546
    5 0x560412369e36 in CClient::Update() src/engine/client/client.cpp:2838
    6 0x560412381f87 in CClient::Run() src/engine/client/client.cpp:3214
    7 0x5604123fe771 in main src/engine/client/client.cpp:4702
    8 0x7f4accf4ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    9 0x7f4accf4ae3f in __libc_start_main_impl ../csu/libc-start.c:392
    10 0x560411eda894 in _start (build-asan/DDNet+0x2472894)
```
 2022-11-24 21:12:40 +01:00
Robert Müller b594a323a6 Change return type of CNetBase::IsSeqInBackroom from int to bool 2022-07-17 20:51:48 +02:00
Robert Müller 5f7d19d2e0 Use sizeof instead of hardcoded value 2022-07-17 20:51:11 +02:00
Robert Müller 4970a615d8 Remove dead code 
The condition `Size < 1` is never true because the previous condition `Size < NET_PACKETHEADERSIZE` (`Size < 3`) already covers it.
 2022-07-17 20:34:29 +02:00
Chairn 21e64cbdcb Added external linkage instead of static const 2022-04-03 01:12:27 +02:00
Robert Müller 8020934a26 Make frequency table a static member of CHuffman, use constant 2022-04-02 13:35:24 +02:00
Dennis Felsing 68e4eb21d5 Add modernize-use-bool-literals 2022-02-15 00:12:52 +01:00
heinrich5991 7663641ed2 Fix some variable name's style 2020-11-08 17:15:48 +01:00
def e6b0283722 No null pointer to mem_copy in SendControlMsg 
src/base/system.c:261:15: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
    #0 0x565165b348dc in mem_copy /media/ddnet/src/base/system.c:261:2
    #1 0x565165aeb27d in CNetBase::SendControlMsg(NETSOCKET, NETADDR*, int, int, void const*, int, int, bool) /media/ddnet/src/engine/shared/network.cpp:313:2
    #2 0x565165aeeb4e in CNetConnection::SendControl(int, void const*, int) /media/ddnet/src/engine/shared/network_conn.cpp:169:2
    #3 0x565165af08c5 in CNetConnection::Feed(CNetPacketConstruct*, NETADDR*, int) /media/ddnet/src/engine/shared/network_conn.cpp:367:6
    #4 0x565165aec7d2 in CNetClient::Recv(CNetChunk*) /media/ddnet/src/engine/shared/network_client.cpp:94:174
    #5 0x565165c5d5ea in CClient::PumpNetwork() /media/ddnet/src/engine/client/client.cpp:2571:24
    #6 0x565165c67a71 in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2856:2
    #7 0x565165c72f4e in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4
    #8 0x565165c94b7e in main /media/ddnet/src/engine/client/client.cpp:4341:11
    #9 0x7fba5af2c151 in __libc_start_main (/usr/lib/libc.so.6+0x28151)
    #10 0x5651659e1e0d in _start (/media/ddnet/DDNet+0x705e0d)
 2020-10-11 16:37:03 +02:00
def 3be8a592e5 Run clang-format 
Purely automatic change. In case of conflict with this change, apply the
other change and rerun the formatting to restore it:

$ python scripts/fix_style.py
 2020-09-26 21:50:15 +02:00
def b7da058b76 Remove the rudimentary fuzzing since no one uses it anyway 2020-09-05 23:50:31 +02:00
Learath 88ca573682 Serverinfo and Register support for 0.7 
Co-authored-by: Tim Schumacher <tim@timakro.de>
 2020-06-19 20:28:55 +03:00
Tim Schumacher 442148a194 Begin work on 0.7 support 2020-06-19 20:27:15 +03:00
Learath e9ba23b53a Migrate to 0.6.5 flags 2020-06-19 20:27:15 +03:00
def a116ed3dbe Revert "New try at not decompressing unknown packets" 
Causes connection problems with old clients
This reverts commit a3b07dbf9c.
 2018-12-30 12:22:05 +01:00
def a3b07dbf9c New try at not decompressing unknown packets 2018-12-16 22:15:45 +01:00
def d884465710 Revert "Don't decompress packets from unknown IPs" 
This reverts commit 9089c2b35a.
 2018-12-14 17:12:49 +01:00
Dennis Felsing 9089c2b35a Don't decompress packets from unknown IPs 2018-12-13 16:24:37 +01:00
heinrich5991 1d81d56850 Introduce new, vanilla-compatible server info protocol 
This means that we have a reliable and fast way to query for extended info,
while also not wasting network bandwidth.

The protocol is designed to be extensible, there's four bytes space for
encoding more request types (currently zeroed), and there's one string in each
response packet and one string for each player available (currently the empty
string).

The protocol itself has no problems with more than 64 players, although the
current client implementation will drop the player info after the 64th player,
because it uses a static array for storage.

Also fixes #130, the player list is just sorted each time new player info
arrives.
 2017-03-29 12:56:13 +02:00
heinrich5991 884ad25204 Disallow compressed control messages 2016-08-12 18:41:03 +02:00
oy e91d26b8ac force vital check on essential cl/srv messages and added additional sequence checking 2015-09-01 13:50:45 +02:00
east 051ec30832 vanilla handshake: ignore unknown sequence 2015-08-14 18:36:13 +02:00
eeeee 85acfd9d77 added security token to protocol 
to prevent packet injection from spoofed source ips
 2015-03-05 11:07:03 -08:00
def f32b09206a Fuzzing optimization 2014-12-06 19:29:20 +01:00
def 366f0281ed Fuzzing options 2014-12-06 16:17:04 +01:00
def e4c4ba2d44 Remove another bad log 2014-11-26 21:33:57 +01:00
def 9d3cb79db5 Remove log that happens too often 2014-11-26 21:10:22 +01:00
oy 06115dd49d added "Whitespace and line Endings cleanup" by GreYFoX 2011-04-13 20:37:12 +02:00
oy 50b266086b made dbg_dumpmem and dbg_lognetwork work again 2011-03-05 11:46:24 +01:00
oy d9ce720387 made engine an interface 2011-02-27 15:03:57 +01:00
Sworddragon fc9211c777 Updated copyrights 2010-11-20 21:26:06 +01:00
Magnus Auvinen 72c06a2589 copied refactor to trunk 2010-05-29 07:25:38 +00:00
Renamed from src/engine/e_network.cpp (Browse further)