From 411ecb739455a3464cc24976c8f8ec0df7422bec Mon Sep 17 00:00:00 2001 From: killerwife Date: Thu, 8 Feb 2024 10:04:18 +0100 Subject: [PATCH] Add couple safeguards to ProcessIncomingData against crashes https://github.com/cmangos/issues/issues/3672 --- src/game/Server/WorldSocket.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/game/Server/WorldSocket.cpp b/src/game/Server/WorldSocket.cpp index c0de0f3610..0f05c47746 100644 --- a/src/game/Server/WorldSocket.cpp +++ b/src/game/Server/WorldSocket.cpp @@ -183,15 +183,21 @@ bool WorldSocket::ProcessIncomingData() size_t packetSize = header->size - 4; std::shared_ptr> packetBuffer = std::make_shared>(packetSize); - self->Read(reinterpret_cast(packetBuffer->data()), packetBuffer->size(), [self, packetBuffer, opcode, packetSize](const boost::system::error_code& error, std::size_t read) -> void + self->Read(reinterpret_cast(packetBuffer->data()), packetBuffer->size(), [self, packetBuffer, opcode = opcode](const boost::system::error_code& error, std::size_t read) -> void { - std::unique_ptr pct = std::make_unique(opcode, packetSize); + std::unique_ptr pct = std::make_unique(opcode, packetBuffer->size()); pct->append(*packetBuffer.get()); if (sPacketLog->CanLogPacket() && self->IsLoggingPackets()) sPacketLog->LogPacket(*pct, CLIENT_TO_SERVER, self->GetRemoteIpAddress(), self->GetRemotePort()); sLog.outWorldPacketDump(self->GetRemoteEndpoint().c_str(), pct->GetOpcode(), pct->GetOpcodeName(), *pct, true); + if (WorldSocket::m_packetCooldowns.size() <= size_t(opcode)) + { + sLog.outError("WorldSocket::ProcessIncomingData: Received opcode beyond range of opcodes: %u", opcode); + return; + } + if (WorldSocket::m_packetCooldowns[opcode]) { auto now = std::chrono::time_point_cast(Clock::now()); @@ -224,6 +230,7 @@ bool WorldSocket::ProcessIncomingData() break; case CMSG_TIME_SYNC_RESP: pct->SetReceivedTime(std::chrono::steady_clock::now()); + [[fallthrough]]; default: { self->m_opcodeHistoryInc.push_front(uint32(pct->GetOpcode()));