diff options
| author | oy <Tom_Adams@web.de> | 2017-09-17 18:31:55 +0200 |
|---|---|---|
| committer | oy <Tom_Adams@web.de> | 2017-09-17 18:33:25 +0200 |
| commit | 24957d70866c9d2d2b7d7c79ad85d4612e1dfb3a (patch) | |
| tree | 7c48ced71ea6ceb27fb28c85516d2cc999fd3aff | |
| parent | 43c510de5b048970c4a8c2ae71581a31daabfe12 (diff) | |
added „Made int packing functions safe“ by Redix. (#1502)
| -rw-r--r-- | src/engine/client/client.cpp | 2 | ||||
| -rw-r--r-- | src/engine/server/server.cpp | 4 | ||||
| -rw-r--r-- | src/engine/shared/compression.cpp | 18 | ||||
| -rw-r--r-- | src/engine/shared/compression.h | 4 | ||||
| -rw-r--r-- | src/engine/shared/demo.cpp | 15 |
5 files changed, 29 insertions, 14 deletions
diff --git a/src/engine/client/client.cpp b/src/engine/client/client.cpp index 0e619f28f..d8cd41557 100644 --- a/src/engine/client/client.cpp +++ b/src/engine/client/client.cpp @@ -1303,7 +1303,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket) if(CompleteSize) { - int IntSize = CVariableInt::Decompress(m_aSnapshotIncommingData, CompleteSize, aTmpBuffer2); + int IntSize = CVariableInt::Decompress(m_aSnapshotIncommingData, CompleteSize, aTmpBuffer2, sizeof(aTmpBuffer2)); if(IntSize < 0) // failure during decompression, bail return; diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp index 19745b3ae..6c459257f 100644 --- a/src/engine/server/server.cpp +++ b/src/engine/server/server.cpp @@ -640,10 +640,10 @@ void CServer::DoSnapshot() const int MaxSize = MAX_SNAPSHOT_PACKSIZE; int NumPackets; - SnapshotSize = CVariableInt::Compress(aDeltaData, DeltaSize, aCompData); + SnapshotSize = CVariableInt::Compress(aDeltaData, DeltaSize, aCompData, sizeof(aCompData)); NumPackets = (SnapshotSize+MaxSize-1)/MaxSize; - for(int n = 0, Left = SnapshotSize; Left; n++) + for(int n = 0, Left = SnapshotSize; Left > 0; n++) { int Chunk = Left < MaxSize ? Left : MaxSize; Left -= Chunk; diff --git a/src/engine/shared/compression.cpp b/src/engine/shared/compression.cpp index 40fe28c48..0ce1a247c 100644 --- a/src/engine/shared/compression.cpp +++ b/src/engine/shared/compression.cpp @@ -60,28 +60,34 @@ const unsigned char *CVariableInt::Unpack(const unsigned char *pSrc, int *pInOut } -long CVariableInt::Decompress(const void *pSrc_, int Size, void *pDst_) +long CVariableInt::Decompress(const void *pSrc_, int SrcSize, void *pDst_, int DstSize) { const unsigned char *pSrc = (unsigned char *)pSrc_; - const unsigned char *pEnd = pSrc + Size; + const unsigned char *pEnd = pSrc + SrcSize; int *pDst = (int *)pDst_; + int *pDstEnd = pDst + DstSize/4; while(pSrc < pEnd) { + if(pDst >= pDstEnd) + return -1; pSrc = CVariableInt::Unpack(pSrc, pDst); pDst++; } return (long)((unsigned char *)pDst-(unsigned char *)pDst_); } -long CVariableInt::Compress(const void *pSrc_, int Size, void *pDst_) +long CVariableInt::Compress(const void *pSrc_, int SrcSize, void *pDst_, int DstSize) { int *pSrc = (int *)pSrc_; unsigned char *pDst = (unsigned char *)pDst_; - Size /= 4; - while(Size) + unsigned char *pDstEnd = pDst + DstSize; + SrcSize /= 4; + while(SrcSize) { + if(pDstEnd - pDst < 6) + return -1; pDst = CVariableInt::Pack(pDst, *pSrc); - Size--; + SrcSize--; pSrc++; } return (long)(pDst-(unsigned char *)pDst_); diff --git a/src/engine/shared/compression.h b/src/engine/shared/compression.h index f11ab1be3..11290045d 100644 --- a/src/engine/shared/compression.h +++ b/src/engine/shared/compression.h @@ -8,7 +8,7 @@ class CVariableInt public: static unsigned char *Pack(unsigned char *pDst, int i); static const unsigned char *Unpack(const unsigned char *pSrc, int *pInOut); - static long Compress(const void *pSrc, int Size, void *pDst); - static long Decompress(const void *pSrc, int Size, void *pDst); + static long Compress(const void *pSrc, int SrcSize, void *pDst, int DstSize); + static long Decompress(const void *pSrc, int SrcSize, void *pDst, int DstSize); }; #endif diff --git a/src/engine/shared/demo.cpp b/src/engine/shared/demo.cpp index 953d8b56a..49b509fa6 100644 --- a/src/engine/shared/demo.cpp +++ b/src/engine/shared/demo.cpp @@ -189,9 +189,18 @@ void CDemoRecorder::Write(int Type, const void *pData, int Size) mem_copy(aBuffer2, pData, Size); while(Size&3) aBuffer2[Size++] = 0; - Size = CVariableInt::Compress(aBuffer2, Size, aBuffer); // buffer2 -> buffer + Size = CVariableInt::Compress(aBuffer2, Size, aBuffer, sizeof(aBuffer)); // buffer2 -> buffer + if(Size < 0) + { + m_pConsole->Print(IConsole::OUTPUT_LEVEL_ADDINFO, "demo_recorder", "error during intpack compression"); + return; + } Size = CNetBase::Compress(aBuffer, Size, aBuffer2, sizeof(aBuffer2)); // buffer -> buffer2 - + if(Size < 0) + { + m_pConsole->Print(IConsole::OUTPUT_LEVEL_ADDINFO, "demo_recorder", "error during network compression"); + return; + } aChunk[0] = ((Type&0x3)<<5); if(Size < 30) @@ -495,7 +504,7 @@ void CDemoPlayer::DoTick() break; } - DataSize = CVariableInt::Decompress(aDecompressed, DataSize, aData); + DataSize = CVariableInt::Decompress(aDecompressed, DataSize, aData, sizeof(aData)); if(DataSize < 0) { |