[General] Add basic integrity check to reading of Container packets

2017-05-14 20:24:06 +03:00 · 2017-05-14 20:24:06 +03:00 · 05564bd123
commit 05564bd123
parent 46501909ff
4 changed files with 23 additions and 4 deletions
--- a/apps/openmw-mp/WorldProcessor.cpp
+++ b/apps/openmw-mp/WorldProcessor.cpp
@ -40,11 +40,16 @@ bool WorldProcessor::Process(RakNet::Packet &packet, BaseEvent &event) noexcept
            WorldPacket *myPacket = Networking::get().getWorldPacketController()->GetPacket(packet.data[0]);

            myPacket->setEvent(&event);
+            event.isValid = true;

            if (!processor.second->avoidReading)
                myPacket->Read();

-            processor.second->Do(*myPacket, *player, event);
+            if (event.isValid)
+                processor.second->Do(*myPacket, *player, event);
+            else
+                LOG_MESSAGE_SIMPLE(Log::LOG_ERROR, "Received %s that failed integrity check and was ignored!", processor.second->strPacketID.c_str());
+            
            return true;
        }
    }
--- a/apps/openmw/mwmp/WorldProcessor.cpp
+++ b/apps/openmw/mwmp/WorldProcessor.cpp
@ -28,12 +28,17 @@ bool WorldProcessor::Process(RakNet::Packet &packet, WorldEvent &event)
            myGuid = Main::get().getLocalPlayer()->guid;
            request = packet.length == myPacket->headerSize();

+            event.isValid = true;
+
            if (!request && !processor.second->avoidReading)
            {
                myPacket->Read();
            }

-            processor.second->Do(*myPacket, event);
+            if (event.isValid)
+                processor.second->Do(*myPacket, event);
+            else
+                LOG_MESSAGE_SIMPLE(Log::LOG_ERROR, "Received %s that failed integrity check and was ignored!", processor.second->strPacketID.c_str());

            return true;
        }
--- a/components/openmw-mp/Base/BaseEvent.hpp
+++ b/components/openmw-mp/Base/BaseEvent.hpp
@ -83,6 +83,8 @@ namespace mwmp
        ESM::Cell cell;

        unsigned char action; // 0 - Clear and set in entirety, 1 - Add item, 2 - Remove item, 3 - Request items
+
+        bool isValid;
    };
 }

--- a/components/openmw-mp/Packets/World/PacketContainer.cpp
+++ b/components/openmw-mp/Packets/World/PacketContainer.cpp
@ -1,4 +1,5 @@
 #include <components/openmw-mp/NetworkMessages.hpp>
+#include <components/openmw-mp/Log.hpp>
 #include "PacketContainer.hpp"

 using namespace mwmp;
@ -49,13 +50,19 @@ void PacketContainer::Packet(RakNet::BitStream *bs, bool send)
        RW(worldObject.mpNum, send);
        RW(worldObject.containerItemCount, send);

+        if (worldObject.containerItemCount > 2000 || worldObject.refId.empty() || (worldObject.refNumIndex != 0 && worldObject.mpNum != 0))
+        {
+            event->isValid = false;
+            return;
+        }
+
        ContainerItem containerItem;

-        for (unsigned int i = 0; i < worldObject.containerItemCount; i++)
+        for (unsigned int j = 0; j < worldObject.containerItemCount; j++)
        {
            if (send)
            {
-                containerItem = worldObject.containerItems.at(i);
+                containerItem = worldObject.containerItems.at(j);
            }

            RW(containerItem.refId, send);