fix(ChannelReadHandler): patch vuln

This commit is contained in:
David Silva 2020-04-29 05:18:11 -04:00 committed by skeletor
parent 3aa4a32a67
commit 8f5b55c9d7

View File

@ -11,6 +11,7 @@ import io.netty.channel.ChannelHandlerContext;
public class ChannelReadHandler implements Runnable { public class ChannelReadHandler implements Runnable {
private final ChannelHandlerContext ctx; private final ChannelHandlerContext ctx;
private final Object msg; private final Object msg;
//private int _header;
public ChannelReadHandler(ChannelHandlerContext ctx, Object msg) { public ChannelReadHandler(ChannelHandlerContext ctx, Object msg) {
this.ctx = ctx; this.ctx = ctx;
@ -18,29 +19,52 @@ public class ChannelReadHandler implements Runnable {
} }
public void run() { public void run() {
try {
ByteBuf m = (ByteBuf) this.msg; ByteBuf m = (ByteBuf) this.msg;
int length = m.readInt(); int length = m.readInt();
short header = m.readShort(); short header = m.readShort();
//_header = header;
GameClient client = this.ctx.channel().attr(GameClientManager.CLIENT).get(); GameClient client = this.ctx.channel().attr(GameClientManager.CLIENT).get();
if (m.readableBytes() + 2 < length) {
return;
}
if (client != null) { if (client != null) {
int count = 0; int count = 0;
int timestamp = Emulator.getIntUnixTimestamp(); int timestamp = Emulator.getIntUnixTimestamp();
if (timestamp - client.lastPacketCounterCleared > 1) { if (timestamp - client.lastPacketCounterCleared > 1) {
client.incomingPacketCounter.clear(); client.incomingPacketCounter.clear();
client.lastPacketCounterCleared = timestamp; client.lastPacketCounterCleared = timestamp;
} else {
if (m.readableBytes() + 2 < length) {
m.resetReaderIndex();
client.incomingPacketCounter.put((int) header, 0);
count = 0;
return;
} else { } else {
count = client.incomingPacketCounter.getOrDefault(header, 0); count = client.incomingPacketCounter.getOrDefault(header, 0);
} }
}
if (count <= 10) { if (count <= 10) {
count++; count++;
if (m.readableBytes() + 2 < length) {
m.resetReaderIndex();
client.incomingPacketCounter.put((int) header, 0);
count = 0;
return;
}
client.incomingPacketCounter.put((int) header, count); client.incomingPacketCounter.put((int) header, count);
ByteBuf body = Unpooled.wrappedBuffer(m.readBytes(m.readableBytes())); ByteBuf body = Unpooled.wrappedBuffer(m.readBytes(m.readableBytes()));
Emulator.getGameServer().getPacketManager().handlePacket(client, new ClientMessage(header, body)); Emulator.getGameServer().getPacketManager().handlePacket(client, new ClientMessage(header, body));
body.release(); body.release();
} }
} }
m.release(); m.release();
} catch (Exception e) {
//System.out.println("Potential packet overflow occurring, careful! header: " + _header + e.getMessage());
}
} }
} }