vilyaem/Xrasher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

engine: common: net_ws: don't expect more than 5 splits for GoldSrc protocol

Browse source
This commit is contained in:
Alibek Omarov 2024-10-14 05:17:03 +03:00
parent 663f6eaf5c
commit 232a8c1148
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
engine/common/net_ws.c
View file

@ -43,6 +43,7 @@ static const struct in6_addr in6addr_any;
#define SPLITPACKET_MIN_SIZE 508 // RFC 791: 576(min ip packet) - 60 (ip header) - 8 (udp header) #define SPLITPACKET_MIN_SIZE 508 // RFC 791: 576(min ip packet) - 60 (ip header) - 8 (udp header)
#define SPLITPACKET_MAX_SIZE 64000 #define SPLITPACKET_MAX_SIZE 64000
#define NET_MAX_FRAGMENTS ( NET_MAX_FRAGMENT / (SPLITPACKET_MIN_SIZE - sizeof( SPLITPACKET ))) #define NET_MAX_FRAGMENTS ( NET_MAX_FRAGMENT / (SPLITPACKET_MIN_SIZE - sizeof( SPLITPACKET )))
#define NET_MAX_GOLDSRC_FRAGMENTS 5 // magic number
// ff02:1 // ff02:1
static const uint8_t k_ipv6Bytes_LinkLocalAllNodes[16] = static const uint8_t k_ipv6Bytes_LinkLocalAllNodes[16] =
@ -1365,6 +1366,7 @@ static qboolean NET_GetLong( byte *pData, int size, size_t *outSize, int splitsi
short packet_id; short packet_id;
size_t header_size = proto == PROTO_GOLDSRC ? sizeof( SPLITPACKETGS ) : sizeof( SPLITPACKET ); size_t header_size = proto == PROTO_GOLDSRC ? sizeof( SPLITPACKETGS ) : sizeof( SPLITPACKET );
int body_size = splitsize - header_size; int body_size = splitsize - header_size;
int max_splits;
if( body_size < 0 ) if( body_size < 0 )
return false; return false;
@ -1383,6 +1385,8 @@ static qboolean NET_GetLong( byte *pData, int size, size_t *outSize, int splitsi
packet_id = pHeader->packet_id; packet_id = pHeader->packet_id;
packet_count = ( packet_id & 0xF ); packet_count = ( packet_id & 0xF );
packet_number = ( packet_id >> 4 ); packet_number = ( packet_id >> 4 );
max_splits = NET_MAX_GOLDSRC_FRAGMENTS;
} }
else else
{ {
@ -1392,9 +1396,11 @@ static qboolean NET_GetLong( byte *pData, int size, size_t *outSize, int splitsi
packet_id = pHeader->packet_id; packet_id = pHeader->packet_id;
packet_count = ( packet_id & 0xFF ); packet_count = ( packet_id & 0xFF );
packet_number = ( packet_id >> 8 ); packet_number = ( packet_id >> 8 );
max_splits = ARRAYSIZE( net.split_flags );
} }
if( packet_number >= NET_MAX_FRAGMENTS || packet_count > NET_MAX_FRAGMENTS ) if( packet_number >= max_splits || packet_count > max_splits )
{ {
Con_Printf( S_ERROR "malformed packet number (%i/%i)\n", packet_number + 1, packet_count ); Con_Printf( S_ERROR "malformed packet number (%i/%i)\n", packet_number + 1, packet_count );
return false; return false;
@ -1407,7 +1413,7 @@ static qboolean NET_GetLong( byte *pData, int size, size_t *outSize, int splitsi
net.split.total_size = 0; net.split.total_size = 0;
// clear part's sequence // clear part's sequence
for( i = 0; i < NET_MAX_FRAGMENTS; i++ ) for( i = 0; i < ARRAYSIZE( net.split_flags ); i++ )
net.split_flags[i] = -1; net.split_flags[i] = -1;
if( net_showpackets.value == 4.0f ) if( net_showpackets.value == 4.0f )