mirror of
https://git.krews.org/morningstar/Arcturus-Community.git
synced 2024-11-30 01:50:50 +01:00
Merge branch '0-packetvuln' into 'dev'
fix(ChannelReadHandler): patch vuln See merge request morningstar/Arcturus-Community!120
This commit is contained in:
commit
fc031d3b0b
@ -11,6 +11,7 @@ import io.netty.channel.ChannelHandlerContext;
|
||||
public class ChannelReadHandler implements Runnable {
|
||||
private final ChannelHandlerContext ctx;
|
||||
private final Object msg;
|
||||
//private int _header;
|
||||
|
||||
public ChannelReadHandler(ChannelHandlerContext ctx, Object msg) {
|
||||
this.ctx = ctx;
|
||||
@ -18,29 +19,52 @@ public class ChannelReadHandler implements Runnable {
|
||||
}
|
||||
|
||||
public void run() {
|
||||
try {
|
||||
ByteBuf m = (ByteBuf) this.msg;
|
||||
int length = m.readInt();
|
||||
short header = m.readShort();
|
||||
//_header = header;
|
||||
GameClient client = this.ctx.channel().attr(GameClientManager.CLIENT).get();
|
||||
|
||||
if (m.readableBytes() + 2 < length) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (client != null) {
|
||||
int count = 0;
|
||||
int timestamp = Emulator.getIntUnixTimestamp();
|
||||
if (timestamp - client.lastPacketCounterCleared > 1) {
|
||||
client.incomingPacketCounter.clear();
|
||||
client.lastPacketCounterCleared = timestamp;
|
||||
} else {
|
||||
if (m.readableBytes() + 2 < length) {
|
||||
m.resetReaderIndex();
|
||||
client.incomingPacketCounter.put((int) header, 0);
|
||||
count = 0;
|
||||
return;
|
||||
} else {
|
||||
count = client.incomingPacketCounter.getOrDefault(header, 0);
|
||||
}
|
||||
}
|
||||
|
||||
if (count <= 10) {
|
||||
count++;
|
||||
if (m.readableBytes() + 2 < length) {
|
||||
m.resetReaderIndex();
|
||||
client.incomingPacketCounter.put((int) header, 0);
|
||||
count = 0;
|
||||
return;
|
||||
}
|
||||
client.incomingPacketCounter.put((int) header, count);
|
||||
ByteBuf body = Unpooled.wrappedBuffer(m.readBytes(m.readableBytes()));
|
||||
Emulator.getGameServer().getPacketManager().handlePacket(client, new ClientMessage(header, body));
|
||||
body.release();
|
||||
}
|
||||
}
|
||||
|
||||
m.release();
|
||||
} catch (Exception e) {
|
||||
//System.out.println("Potential packet overflow occurring, careful! header: " + _header + e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user