From: <z-...@us...> - 2011-07-22 10:47:11
|
Revision: 9608 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=9608&view=rev Author: z-man Date: 2011-07-22 10:47:05 +0000 (Fri, 22 Jul 2011) Log Message: ----------- Merging one pure security fix: Manuel Moos 2011-03-29 Correctly ignoring fat packets and checking which clients to kick. Modified Paths: -------------- armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp Property Changed: ---------------- armagetronad/branches/0.2.8.3/ armagetronad/branches/0.2.8.3/build/ Property changes on: armagetronad/branches/0.2.8.3 ___________________________________________________________________ Modified: svn:mergeinfo - /armagetronad/branches/0.2.8:9309,9314-9316,9320-9322,9326,9332,9338,9348,9353,9365,9537-9538,9590 + /armagetronad/branches/0.2.8:9309,9314-9316,9320-9322,9326,9332,9338,9348,9353,9365,9537-9538,9590,9593 Modified: armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp =================================================================== --- armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp 2011-07-22 10:45:04 UTC (rev 9607) +++ armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp 2011-07-22 10:47:05 UTC (rev 9608) @@ -2248,7 +2248,9 @@ static nMessageFifo receivedMessages; // the growing buffer we read messages into +#ifndef DEDICATED const int serverMaxAcceptedSize=2000; +#endif static tArray< unsigned short > storage(2000); int maxrec = 0; maxrec = storage.Len(); unsigned short * buff = 0; buff = &storage[0]; @@ -2265,6 +2267,7 @@ if (len>0){ if ( len >= maxrec*2 ) { +#ifndef DEDICATED // the message was too long to receive. What to do? if ( sn_GetNetState() != nSERVER || len < serverMaxAcceptedSize ) { @@ -2276,16 +2279,55 @@ tERR_WARN( "Oversized network packet received. Read buffer has been enlargened to catch it the next time."); - // no use in processing the truncated packet. Some messages may get lost, - // but that's better than the inevitable network error and connection - // termination that expects us if we go on. - continue; } else +#endif { - // terminate the connection - sn_DisconnectUser( peer, "$network_kill_error" ); + // packet WAAAAY too large. + static float totalFatsoes = 10; // number of oversized packages checked + static float clientFatsoes = 10; // number of oversized pacakges that could be attributed to clients + static float bother = 5; // counter that determines whether we bother to check. + bother+=clientFatsoes; + + // what follows is work, so we only do it if it payed off in the past + // if this block is entered not at all by error, no biggie. The clients + // will time out eventually. + if(bother>totalFatsoes) + { + bother-=totalFatsoes; + + // increase total stat + totalFatsoes++; + + // If it's from a connected client, + // terminate the connection. If not, it's an attack and + // we should rather ignore it. + bool success = false; + for( int id=MAXCLIENTS; id > 0; --id ) + { + if (sn_Connections[id].socket && peers[id] == addrFrom) + { + sn_DisconnectUser( id, "$network_kill_error" ); + success=true; + } + } + + // count the successfully removed client + if( success ) + clientFatsoes++; + + // scale down the stats + const float factor=.99; + totalFatsoes*=factor; + clientFatsoes*=factor; + bother*=factor; + } } + + // no use in processing the truncated packet. Some messages may get lost, + // but that's better than the inevitable network error and connection + // termination that expects us if we go on. + continue; } unsigned short *b=buff; Property changes on: armagetronad/branches/0.2.8.3/build ___________________________________________________________________ Modified: svn:mergeinfo - /armagetronad/branches/0.2.8/build:9309-9354,9365,9537-9538,9590 + /armagetronad/branches/0.2.8/build:9309-9354,9365,9537-9538,9590,9593 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |