解决Antrix Ascent被人攻击出现RunTimeError的bug
Index: src/game/AddonMgr.cpp
===================================================================
--- src/game/AddonMgr.cpp (revision 988)
+++ src/game/AddonMgr.cpp (working copy)
@@ -108,15 +108,18 @@
uint32 realsize;
uLongf rsize;
- try
+ if (source->size() < 4)
{
- *source >> realsize;
+ sLog.outDebug("Warning: Incomplete auth session sent.");
+ return;
}
- catch (*yte*uffer::error &)
+ *source >> realsize;
+ if (realsize > 5000)// i'm not sure what is the max size!! ,just set it 5000
{
- sLog.outDebug("Warning: Incomplete auth session sent.");
+ sLog.outError("Warning: Incorrect realsize = %d", realsize);
return;
- }
+ }
+
rsize = realsize;
uint32 position = source->rpos();
@@ -130,6 +133,7 @@
return;
}
int32 result;
+ sLog.outDebug("AddonMgr::SendAddonInfoPacket: realsize = %d, source.size = %d, needsize(position + 5) = %d.",realsize,source->size(),(position + 5));
result = uncompress((uint8*)unpacked.contents(), &rsize, (uint8*)(*source).contents() + position, (*source).size() - position);
if(result != Z_OK)
Index: src/game/MiscHandler.cpp
===================================================================
--- src/game/MiscHandler.cpp (revision 988)
+++ src/game/MiscHandler.cpp (working copy)
@@ -942,6 +942,8 @@
sLog.outDetail("WORLD: Received CMSG_REQUEST_ACCOUNT_DATA");
uint32 id;
+ if (recv_data.size() < 4)
+ return;
recv_data >> id;
if(id > 8)
Index: src/game/WorldSocket.cpp
===================================================================
--- src/game/WorldSocket.cpp (revision 988)
+++ src/game/WorldSocket.cpp (working copy)
@@ -115,17 +115,19 @@
std::string account;
uint32 unk2;
_latency = getMSTime() - _latency;
+ if (recvPacket->size() < 4+4+1+4+20)
+ {
+ sLog.outDebug("Incomplete copy of AUTH_SESSION recieved, recvPacket.size=%d(need>=33).", recvPacket->size());
+ return;
+ }
- try
- {
*recvPacket >> mClient*uild;
*recvPacket >> unk2;
*recvPacket >> account;
*recvPacket >> mClientSeed;
- }
- catch(*yte*uffer::error &)
+ if (recvPacket->size() < 4+4+(account.size()+1)+4+20)
{
- sLog.outDetail("Incomplete copy of AUTH_SESSION recieved.");
+ sLog.outDebug("Recheck size incorrect,incomplete copy of AUTH_SESSION recieved, recvPacket.size=%d(need>=%d).", recvPacket->size(),(4+4+(account.size()+1)+4+20) );
return;
}
@@ -162,8 +164,19 @@
uint32 AccountID;
string GMFlags;
uint32 AccountFlags;
-
+ if (recvData.size() < 4+4+1+1+40)
+ {
+ sLog.outDebug("WorldSocket::InformationRetreiveCallback - Incorrect size of recvData recieved, recvData.size=%d(need>=50).", recvData.size());
+ return;
+ }
+
recvData >> AccountID >> AccountName >> GMFlags >> AccountFlags;
+ if (recvData.size() < 4+4+(AccountName.size()+1)+(GMFlags.size()+1)+40)
+ {
+ sLog.outDebug("WorldSocket::InformationRetreiveCallback - Recheck size incorrect, recvData.size=%d(need>=%d).", recvData.size(),(4+4+(AccountName.size()+1)+(GMFlags.size()+1)+40) );
+ return;
+ }
+
sLog.outDebug( " >> got information packet from logon: `%s` ID %u (request %u)", AccountName.c_str(), AccountID, mRequestID);
// sLog.outColor(TNORMAL, "\n");
Index: src/logonserver/LogonCommServer.cpp
===================================================================
--- src/logonserver/LogonCommServer.cpp (revision 988)
+++ src/logonserver/LogonCommServer.cpp (working copy)
@@ -275,7 +275,11 @@
{
/* this packet is gzipped, whee!  */
uint32 real_size;
+ if (recvData.size() < 4)
+ return;
recvData >> real_size;
+ if (real_size > 5000) // i'm not sure what is the max size!! ,just set it 5000
+ return;
uLongf rsize = real_size;
*yte*uffer buf(real_size);
|
