Skip to content

Commit

Permalink
fix slow code, add bounds checks (#1606)
Browse files Browse the repository at this point in the history
Tested that players with valid names up to the usual 33 character max are still added to the player container
Tested that you can still team with <= 4 players on a team
Tested that chat server no longer crashes with a bad memberSize variable
asserted that InsertPlayer is indeed much faster now and is no longer a slow point of ChatServer
  • Loading branch information
EmosewaMC authored Oct 27, 2024
1 parent 8d54db7 commit 33a8efd
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions dChatServer/PlayerContainer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,19 @@ void PlayerContainer::InsertPlayer(Packet* packet) {
data.playerID = playerId;

uint32_t len;
inStream.Read<uint32_t>(len);
if (!inStream.Read<uint32_t>(len)) return;

for (int i = 0; i < len; i++) {
char character; inStream.Read<char>(character);
data.playerName += character;
if (len > 33) {
LOG("Received a really long player name, probably a fake packet %i.", len);
return;
}

inStream.Read(data.zoneID);
inStream.Read(data.muteExpire);
inStream.Read(data.gmLevel);
data.playerName.resize(len);
inStream.ReadAlignedBytes(reinterpret_cast<unsigned char*>(data.playerName.data()), len);

if (!inStream.Read(data.zoneID)) return;
if (!inStream.Read(data.muteExpire)) return;
if (!inStream.Read(data.gmLevel)) return;
data.sysAddr = packet->systemAddress;

m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName);
Expand Down Expand Up @@ -122,6 +125,11 @@ void PlayerContainer::CreateTeamServer(Packet* packet) {
size_t membersSize = 0;
inStream.Read(membersSize);

if (membersSize >= 4) {
LOG("Tried to create a team with more than 4 players");
return;
}

std::vector<LWOOBJID> members;

members.reserve(membersSize);
Expand Down

0 comments on commit 33a8efd

Please sign in to comment.