Merge branch '0-packetvuln' into 'dev'

fix(ChannelReadHandler): patch vuln

See merge request morningstar/Arcturus-Community!120
This commit is contained in:
skeletor 2020-04-29 05:18:11 -04:00
commit fc031d3b0b

View File

@ -11,6 +11,7 @@ import io.netty.channel.ChannelHandlerContext;
public class ChannelReadHandler implements Runnable {
private final ChannelHandlerContext ctx;
private final Object msg;
//private int _header;
public ChannelReadHandler(ChannelHandlerContext ctx, Object msg) {
this.ctx = ctx;
@ -18,29 +19,52 @@ public class ChannelReadHandler implements Runnable {
}
public void run() {
ByteBuf m = (ByteBuf) this.msg;
int length = m.readInt();
short header = m.readShort();
GameClient client = this.ctx.channel().attr(GameClientManager.CLIENT).get();
try {
ByteBuf m = (ByteBuf) this.msg;
int length = m.readInt();
short header = m.readShort();
//_header = header;
GameClient client = this.ctx.channel().attr(GameClientManager.CLIENT).get();
if (client != null) {
int count = 0;
int timestamp = Emulator.getIntUnixTimestamp();
if (timestamp - client.lastPacketCounterCleared > 1) {
client.incomingPacketCounter.clear();
client.lastPacketCounterCleared = timestamp;
} else {
count = client.incomingPacketCounter.getOrDefault(header, 0);
if (m.readableBytes() + 2 < length) {
return;
}
if (count <= 10) {
count++;
client.incomingPacketCounter.put((int) header, count);
ByteBuf body = Unpooled.wrappedBuffer(m.readBytes(m.readableBytes()));
Emulator.getGameServer().getPacketManager().handlePacket(client, new ClientMessage(header, body));
body.release();
if (client != null) {
int count = 0;
int timestamp = Emulator.getIntUnixTimestamp();
if (timestamp - client.lastPacketCounterCleared > 1) {
client.incomingPacketCounter.clear();
client.lastPacketCounterCleared = timestamp;
} else {
if (m.readableBytes() + 2 < length) {
m.resetReaderIndex();
client.incomingPacketCounter.put((int) header, 0);
count = 0;
return;
} else {
count = client.incomingPacketCounter.getOrDefault(header, 0);
}
}
if (count <= 10) {
count++;
if (m.readableBytes() + 2 < length) {
m.resetReaderIndex();
client.incomingPacketCounter.put((int) header, 0);
count = 0;
return;
}
client.incomingPacketCounter.put((int) header, count);
ByteBuf body = Unpooled.wrappedBuffer(m.readBytes(m.readableBytes()));
Emulator.getGameServer().getPacketManager().handlePacket(client, new ClientMessage(header, body));
body.release();
}
}
m.release();
} catch (Exception e) {
//System.out.println("Potential packet overflow occurring, careful! header: " + _header + e.getMessage());
}
m.release();
}
}
}