Ensure that packet headers get parsed correctly

author: Melanie 2011-07-27 08:35:19 +0200
committer: Melanie 2011-07-27 09:12:00 +0100
commit: c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8 (patch)
tree: 4a4f4ce1684d1332fb4b92bb89102f5a3a4f994c /OpenSim
parent: Fix LLTextBox to work with the updated libOMV (diff)
download: opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.zip
opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.gz
opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.bz2
opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.xz
1 files changed, 29 insertions, 0 deletions
diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
index aff90c5..f2388cd 100644
--- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
+++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
@@ -160,6 +160,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP
        public Socket Server { get { return null; } }
+        private int m_malformedCount = 0; // Guard against a spamming attack
        public LLUDPServer(IPAddress listenIP, ref uint port, int proxyPortOffsetParm, bool allow_alternate_port, IConfigSource configSource, AgentCircuitManager circuitManager)
            : base(listenIP, (int)port)
        {
@@ -612,6 +614,21 @@ namespace OpenSim.Region.ClientStack.LindenUDP
            #region Decoding
+            if (buffer.DataLength < 7)
+                return; // Drop undersizd packet
+            int headerLen = 7;
+            if (buffer.Data[6] == 0xFF)
+            {
+                if (buffer.Data[7] == 0xFF)
+                    headerLen = 10;
+                else
+                    headerLen = 8;
+            }
+            if (buffer.DataLength < headerLen)
+                return; // Malformed header
            try
            {
                packet = Packet.BuildPacket(buffer.Data, ref packetEnd,
@@ -621,6 +638,18 @@ namespace OpenSim.Region.ClientStack.LindenUDP
            catch (MalformedDataException)
            {
            }
+            catch (IndexOutOfRangeException)
+            {
+                return; // Drop short packet
+            }
+            catch(Exception e)
+            {
+                if (m_malformedCount < 100)
+                    m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString());
+                m_malformedCount++;
+                if ((m_malformedCount % 100000) == 0)
+                    m_log.DebugFormat("[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack.", m_malformedCount);
+            }
            // Fail-safe check
            if (packet == null)
author	Melanie	2011-07-27 08:35:19 +0200
committer	Melanie	2011-07-27 09:12:00 +0100
commit	c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8 (patch)
tree	4a4f4ce1684d1332fb4b92bb89102f5a3a4f994c /OpenSim
parent	Fix LLTextBox to work with the updated libOMV (diff)
download	opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.zip opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.gz opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.bz2 opensim-SC_OLD-c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8.tar.xz

diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs index aff90c5..f2388cd 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
@@ -160,6 +160,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP
160		160
161	public Socket Server { get { return null; } }	161	public Socket Server { get { return null; } }
162		162
		163	private int m_malformedCount = 0; // Guard against a spamming attack
		164
163	public LLUDPServer(IPAddress listenIP, ref uint port, int proxyPortOffsetParm, bool allow_alternate_port, IConfigSource configSource, AgentCircuitManager circuitManager)	165	public LLUDPServer(IPAddress listenIP, ref uint port, int proxyPortOffsetParm, bool allow_alternate_port, IConfigSource configSource, AgentCircuitManager circuitManager)
164	: base(listenIP, (int)port)	166	: base(listenIP, (int)port)
165	{	167	{
@@ -612,6 +614,21 @@ namespace OpenSim.Region.ClientStack.LindenUDP
612		614
613	#region Decoding	615	#region Decoding
614		616
		617	if (buffer.DataLength < 7)
		618	return; // Drop undersizd packet
		619
		620	int headerLen = 7;
		621	if (buffer.Data[6] == 0xFF)
		622	{
		623	if (buffer.Data[7] == 0xFF)
		624	headerLen = 10;
		625	else
		626	headerLen = 8;
		627	}
		628
		629	if (buffer.DataLength < headerLen)
		630	return; // Malformed header
		631
615	try	632	try
616	{	633	{
617	packet = Packet.BuildPacket(buffer.Data, ref packetEnd,	634	packet = Packet.BuildPacket(buffer.Data, ref packetEnd,
@@ -621,6 +638,18 @@ namespace OpenSim.Region.ClientStack.LindenUDP
621	catch (MalformedDataException)	638	catch (MalformedDataException)
622	{	639	{
623	}	640	}
		641	catch (IndexOutOfRangeException)
		642	{
		643	return; // Drop short packet
		644	}
		645	catch(Exception e)
		646	{
		647	if (m_malformedCount < 100)
		648	m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString());
		649	m_malformedCount++;
		650	if ((m_malformedCount % 100000) == 0)
		651	m_log.DebugFormat("[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack.", m_malformedCount);
		652	}
624		653
625	// Fail-safe check	654	// Fail-safe check
626	if (packet == null)	655	if (packet == null)