From 82ae7dc7a9c5cd38a0def395d7375d8bffc0bbb0 Mon Sep 17 00:00:00 2001 From: Dorving Date: Mon, 11 Apr 2022 04:41:03 +0200 Subject: [PATCH] Validate headerId first in NetworkExtensionsProducer (#125) --- .../network/NetworkExtensionsProducer.java | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/G-Earth/src/main/java/gearth/services/extension_handler/extensions/implementations/network/NetworkExtensionsProducer.java b/G-Earth/src/main/java/gearth/services/extension_handler/extensions/implementations/network/NetworkExtensionsProducer.java index 945d542..9143e60 100644 --- a/G-Earth/src/main/java/gearth/services/extension_handler/extensions/implementations/network/NetworkExtensionsProducer.java +++ b/G-Earth/src/main/java/gearth/services/extension_handler/extensions/implementations/network/NetworkExtensionsProducer.java @@ -37,6 +37,11 @@ public final class NetworkExtensionsProducer implements ExtensionProducer { */ private static final int MAX_STRING_SIZE = Character.BYTES * 100; + /** + * Length is encoded as an {@link Integer} and header id as an {@link Short}. + */ + private static final int LENGTH_AND_ID_SIZE = Integer.BYTES + Short.BYTES; + /** * Represents the maximum number of bytes in the body of an incoming packet. *

@@ -95,14 +100,18 @@ public final class NetworkExtensionsProducer implements ExtensionProducer { // listen to incoming data from client while (!extensionSocket.isClosed()) { + if (dIn.available() < LENGTH_AND_ID_SIZE) + continue; + final int length = dIn.readInt(); + final short headerId = dIn.readShort(); - if (length > MAX_PACKET_BODY_SIZE) - break; + if (headerId == NetworkExtensionInfo.INCOMING_MESSAGES_IDS.EXTENSIONINFO) { - final HPacket packet = readPacket(dIn, length); + if (length > MAX_PACKET_BODY_SIZE) + break; - if (packet.headerId() == NetworkExtensionInfo.INCOMING_MESSAGES_IDS.EXTENSIONINFO) { + final HPacket packet = readPacket(dIn, length, headerId); final NetworkExtension gEarthExtension = new NetworkExtension(packet, extensionSocket); @@ -134,15 +143,17 @@ public final class NetworkExtensionsProducer implements ExtensionProducer { } } - private HPacket readPacket(DataInputStream dIn, int length) throws IOException { - final byte[] headerAndBody = new byte[length + 4]; + private HPacket readPacket(DataInputStream dIn, int length, short id) throws IOException { + final byte[] headerAndBody = new byte[length + LENGTH_AND_ID_SIZE]; int amountRead = 0; while (amountRead < length) - amountRead += dIn.read(headerAndBody, 4 + amountRead, Math.min(dIn.available(), length - amountRead)); + amountRead += dIn.read(headerAndBody, amountRead + LENGTH_AND_ID_SIZE, Math.min(dIn.available(), length - amountRead)); final HPacket packet = new HPacket(headerAndBody); packet.fixLength(); + packet.replaceShort(4, id); // add header id + return packet; }