aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJohan Berntsson2008-01-02 16:35:50 +0000
committerJohan Berntsson2008-01-02 16:35:50 +0000
commitd893c91249cbdd27d80d54cac397eac21a997ce3 (patch)
tree86f919b7b74a1380af90a2752d5d456c4fd180b1
parentFull .dll-name in config option for ScriptEngine. Loading only scriptengine s... (diff)
downloadopensim-SC-d893c91249cbdd27d80d54cac397eac21a997ce3.zip
opensim-SC-d893c91249cbdd27d80d54cac397eac21a997ce3.tar.gz
opensim-SC-d893c91249cbdd27d80d54cac397eac21a997ce3.tar.bz2
opensim-SC-d893c91249cbdd27d80d54cac397eac21a997ce3.tar.xz
Fixed buffer overrun bug in ZeroDecodeCommand
-rw-r--r--OpenSim/Framework/PacketPool.cs25
1 files changed, 23 insertions, 2 deletions
diff --git a/OpenSim/Framework/PacketPool.cs b/OpenSim/Framework/PacketPool.cs
index c65037f..744ae51 100644
--- a/OpenSim/Framework/PacketPool.cs
+++ b/OpenSim/Framework/PacketPool.cs
@@ -68,9 +68,30 @@ namespace OpenSim.Framework
68 return packet; 68 return packet;
69 } 69 }
70 70
71 // Copied from LibSL, and added a check to avoid overwriting the
72 // buffer
73 private void ZeroDecodeCommand(byte[] src, byte[] dest)
74 {
75 for (int srcPos = 6, destPos = 6; destPos < 10; ++srcPos)
76 {
77 if (src[srcPos] == 0x00)
78 {
79 for (byte j = 0; j < src[srcPos + 1] && destPos < 10; ++j)
80 {
81 dest[destPos++] = 0x00;
82 }
83 ++srcPos;
84 }
85 else
86 {
87 dest[destPos++] = src[srcPos];
88 }
89 }
90 }
91
71 private PacketType GetType(byte[] bytes) 92 private PacketType GetType(byte[] bytes)
72 { 93 {
73 byte[] decoded_header = new byte[10+8]; 94 byte[] decoded_header = new byte[10];
74 95
75 ushort id; 96 ushort id;
76 libsecondlife.PacketFrequency freq; 97 libsecondlife.PacketFrequency freq;
@@ -79,7 +100,7 @@ namespace OpenSim.Framework
79 100
80 if((bytes[0] & libsecondlife.Helpers.MSG_ZEROCODED)!=0) 101 if((bytes[0] & libsecondlife.Helpers.MSG_ZEROCODED)!=0)
81 { 102 {
82 libsecondlife.Helpers.ZeroDecodeCommand(bytes, decoded_header); 103 ZeroDecodeCommand(bytes, decoded_header);
83 } 104 }
84 105
85 if (decoded_header[6] == 0xFF) 106 if (decoded_header[6] == 0xFF)