From 33a8efdd22a531e8d0c41212822e40775b6521cf Mon Sep 17 00:00:00 2001 From: David Markowitz <39972741+EmosewaMC@users.noreply.github.com> Date: Sat, 26 Oct 2024 20:09:32 -0700 Subject: [PATCH] fix slow code, add bounds checks (#1606) Tested that players with valid names up to the usual 33 character max are still added to the player container Tested that you can still team with <= 4 players on a team Tested that chat server no longer crashes with a bad memberSize variable asserted that InsertPlayer is indeed much faster now and is no longer a slow point of ChatServer --- dChatServer/PlayerContainer.cpp | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/dChatServer/PlayerContainer.cpp b/dChatServer/PlayerContainer.cpp index 17e2cd1a8..f279195ea 100644 --- a/dChatServer/PlayerContainer.cpp +++ b/dChatServer/PlayerContainer.cpp @@ -36,16 +36,19 @@ void PlayerContainer::InsertPlayer(Packet* packet) { data.playerID = playerId; uint32_t len; - inStream.Read(len); + if (!inStream.Read(len)) return; - for (int i = 0; i < len; i++) { - char character; inStream.Read(character); - data.playerName += character; + if (len > 33) { + LOG("Received a really long player name, probably a fake packet %i.", len); + return; } - inStream.Read(data.zoneID); - inStream.Read(data.muteExpire); - inStream.Read(data.gmLevel); + data.playerName.resize(len); + inStream.ReadAlignedBytes(reinterpret_cast(data.playerName.data()), len); + + if (!inStream.Read(data.zoneID)) return; + if (!inStream.Read(data.muteExpire)) return; + if (!inStream.Read(data.gmLevel)) return; data.sysAddr = packet->systemAddress; m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName); @@ -122,6 +125,11 @@ void PlayerContainer::CreateTeamServer(Packet* packet) { size_t membersSize = 0; inStream.Read(membersSize); + if (membersSize >= 4) { + LOG("Tried to create a team with more than 4 players"); + return; + } + std::vector members; members.reserve(membersSize);