diff options
| -rw-r--r-- | Changelog-Trunk.txt | 1 | ||||
| -rw-r--r-- | conf/packet_athena.conf | 7 | ||||
| -rw-r--r-- | src/common/socket.c | 12 |
3 files changed, 20 insertions, 0 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index f1f4ac91b..2e95eb10f 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -1,6 +1,7 @@ Date Added 2010/11/25 + * Too large client packets, which would otherwise cause the client to crash, are now dropped and reported (bugreport:4391). [Ai4rei] * Fixed a crash when an unknown map is encountered during parsing a 'script' npc and the script has mismatched curly braces (bugreport:4423, since r11502). [Ai4rei] * Fixed script commands attachrid and detachrid not updating the attached character's information about currently running script, causing errors with dialog-based scripts or preventing characters from walking (bugreport:4571). [Ai4rei] 2010/11/24 diff --git a/conf/packet_athena.conf b/conf/packet_athena.conf index 76203bedb..84711139a 100644 --- a/conf/packet_athena.conf +++ b/conf/packet_athena.conf @@ -8,6 +8,13 @@ debug: no // How long can a socket stall before closing the connection (in seconds) stall_time: 60 +// Maximum allowed size for clients packets in bytes (default: 20480). +// NOTE: To reduce the size of reported packets, lower the values of defines, which +// have been customized, such as MAX_STORAGE, MAX_GUILD_STORAGE or MAX_CART. +// NOTE: Do not modify this setting, unless the client has been modified to support +// larger packets. The client will crash, when it receives larger packets. +socket_max_client_packet: 20480 + //----- IP Rules Settings ----- // If IP's are checked when connecting. diff --git a/src/common/socket.c b/src/common/socket.c index deba0e97b..a76ae6e81 100644 --- a/src/common/socket.c +++ b/src/common/socket.c @@ -199,6 +199,10 @@ time_t stall_time = 60; uint32 addr_[16]; // ip addresses of local host (host byte order) int naddr_ = 0; // # of ip addresses +// Maximum packet size in bytes, which the client is able to handle. +// Larger packets cause a buffer overflow and stack corruption. +static size_t socket_max_client_packet = 20480; + // initial recv buffer size (this will also be the max. size) // biggest known packet: S 0153 <len>.w <emblem data>.?B -> 24x24 256 color .bmp (0153 + len.w + 1618/1654/1756 bytes) #define RFIFO_SIZE (2*1024) @@ -643,6 +647,12 @@ int WFIFOSET(int fd, size_t len) exit(EXIT_FAILURE); } + if( !s->flag.server && len > socket_max_client_packet ) + {// see declaration of socket_max_client_packet for details + ShowError("WFIFOSET: Dropped too large client packet 0x%04x (length=%u, max=%u).\n", WFIFOW(fd,0), len, socket_max_client_packet); + return 0; + } + if( !s->flag.server && s->wdata_size+len > WFIFO_MAX ) {// reached maximum write fifo size set_eof(fd); @@ -1064,6 +1074,8 @@ int socket_config_read(const char* cfgName) ddos_autoreset = atoi(w2); else if (!strcmpi(w1,"debug")) access_debug = config_switch(w2); + else if (!strcmpi(w1,"socket_max_client_packet")) + socket_max_client_packet = strtoul(w2, NULL, 0); #endif else if (!strcmpi(w1, "import")) socket_config_read(w2); |