summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorai4rei <ai4rei@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-11-25 23:06:06 +0000
committerai4rei <ai4rei@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-11-25 23:06:06 +0000
commit017a81730336184d506b360e98641099be12c22a (patch)
tree86f1cd00c35411e637969c2bbe3e7cd091bb17e8 /src/common
parent89d56e6b10b96d775ff976744d40e54a99b1a539 (diff)
downloadhercules-017a81730336184d506b360e98641099be12c22a.tar.gz
hercules-017a81730336184d506b360e98641099be12c22a.tar.bz2
hercules-017a81730336184d506b360e98641099be12c22a.tar.xz
hercules-017a81730336184d506b360e98641099be12c22a.zip
* Too large client packets, which would otherwise cause the client to crash, are now dropped and reported (bugreport:4391).
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14503 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/common')
-rw-r--r--src/common/socket.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/common/socket.c b/src/common/socket.c
index deba0e97b..a76ae6e81 100644
--- a/src/common/socket.c
+++ b/src/common/socket.c
@@ -199,6 +199,10 @@ time_t stall_time = 60;
uint32 addr_[16]; // ip addresses of local host (host byte order)
int naddr_ = 0; // # of ip addresses
+// Maximum packet size in bytes, which the client is able to handle.
+// Larger packets cause a buffer overflow and stack corruption.
+static size_t socket_max_client_packet = 20480;
+
// initial recv buffer size (this will also be the max. size)
// biggest known packet: S 0153 <len>.w <emblem data>.?B -> 24x24 256 color .bmp (0153 + len.w + 1618/1654/1756 bytes)
#define RFIFO_SIZE (2*1024)
@@ -643,6 +647,12 @@ int WFIFOSET(int fd, size_t len)
exit(EXIT_FAILURE);
}
+ if( !s->flag.server && len > socket_max_client_packet )
+ {// see declaration of socket_max_client_packet for details
+ ShowError("WFIFOSET: Dropped too large client packet 0x%04x (length=%u, max=%u).\n", WFIFOW(fd,0), len, socket_max_client_packet);
+ return 0;
+ }
+
if( !s->flag.server && s->wdata_size+len > WFIFO_MAX )
{// reached maximum write fifo size
set_eof(fd);
@@ -1064,6 +1074,8 @@ int socket_config_read(const char* cfgName)
ddos_autoreset = atoi(w2);
else if (!strcmpi(w1,"debug"))
access_debug = config_switch(w2);
+ else if (!strcmpi(w1,"socket_max_client_packet"))
+ socket_max_client_packet = strtoul(w2, NULL, 0);
#endif
else if (!strcmpi(w1, "import"))
socket_config_read(w2);