From 6c1ea557b5d8093ed26f962178d51c683983d568 Mon Sep 17 00:00:00 2001 From: Latif Khalifa Date: Thu, 26 Sep 2013 04:09:01 +0200 Subject: [PATCH] Harden agains network packet overruns Patch by NickyD from Firestorm --- indra/llmessage/lldatapacker.h | 14 +++++++++++--- indra/llmessage/llmessagetemplate.h | 15 +++++++++++++++ indra/llmessage/lltemplatemessagereader.cpp | 16 ++++++++++++---- 3 files changed, 38 insertions(+), 7 deletions(-) diff --git a/indra/llmessage/lldatapacker.h b/indra/llmessage/lldatapacker.h index 2b6e57484..459d66e17 100644 --- a/indra/llmessage/lldatapacker.h +++ b/indra/llmessage/lldatapacker.h @@ -201,9 +201,17 @@ inline BOOL LLDataPackerBinaryBuffer::verifyLength(const S32 data_size, const ch { if (mWriteEnabled && (mCurBufferp - mBufferp) > mBufferSize - data_size) { - llwarns << "Buffer overflow in BinaryBuffer length verify, field name " << name << "!" << llendl; - llwarns << "Current pos: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << " Data size: " << data_size << llendl; - return FALSE; + // Handle invalid packets by throwing an exception and a graceful continue + // llwarns << "Buffer overflow in BinaryBuffer length verify, field name " << name << "!" << llendl; + // llwarns << "Current pos: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << " Data size: " << data_size << llendl; + // return FALSE; + + std::stringstream strm; + strm << "Buffer overflow in BinaryBuffer length verify, field name " << name << "!" << std::endl; + strm << "Current pos: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << " Data size: " << data_size << std::endl; + throw std::string( strm.str() ); + + // } return TRUE; diff --git a/indra/llmessage/llmessagetemplate.h b/indra/llmessage/llmessagetemplate.h index a91a8f775..84637885c 100644 --- a/indra/llmessage/llmessagetemplate.h +++ b/indra/llmessage/llmessagetemplate.h @@ -364,7 +364,22 @@ public: { if (mHandlerFunc) { + + // Handle invalid packets by throwing an exception and a graceful continue + + // mHandlerFunc(msgsystem, mUserData); + + try + { mHandlerFunc(msgsystem, mUserData); + } + catch( std::string &why ) + { + llwarns << why << llendl; + } + + // + return TRUE; } return FALSE; diff --git a/indra/llmessage/lltemplatemessagereader.cpp b/indra/llmessage/lltemplatemessagereader.cpp index bfce2ea29..2710d989e 100644 --- a/indra/llmessage/lltemplatemessagereader.cpp +++ b/indra/llmessage/lltemplatemessagereader.cpp @@ -511,21 +511,29 @@ BOOL LLTemplateMessageReader::decodeTemplate( void LLTemplateMessageReader::logRanOffEndOfPacket( const LLHost& host, const S32 where, const S32 wanted ) { + // Handle invalid packets by throwing an exception and a graceful continue + // we've run off the end of the packet! - llwarns << "Ran off end of packet " << mCurrentRMessageTemplate->mName + std::stringstream strm; +// llwarns << "Ran off end of packet " << mCurrentRMessageTemplate->mName + strm << "Ran off end of packet " << mCurrentRMessageTemplate->mName // << " with id " << mCurrentRecvPacketID << " from " << host << " trying to read " << wanted << " bytes at position " << where << " going past packet end at " << mReceiveSize - << llendl; +// << llendl; + << std::endl; if(gMessageSystem->mVerboseLog) { - llinfos << "MSG: -> " << host << "\tREAD PAST END:\t" +// llinfos << "MSG: -> " << host << "\tREAD PAST END:\t" + strm << "MSG: -> " << host << "\tREAD PAST END:\t" // << mCurrentRecvPacketID << " " - << getMessageName() << llendl; +// << getMessageName() << llendl; + << getMessageName() << std::endl; } gMessageSystem->callExceptionFunc(MX_RAN_OFF_END_OF_PACKET); + throw std::string( strm.str() ); } static LLFastTimer::DeclareTimer FTM_PROCESS_MESSAGES("Process Messages");