From 04eaca2af85bd8261c426e4c1049a73b4badf072 Mon Sep 17 00:00:00 2001 From: Melanie Date: Wed, 27 Jul 2011 08:35:19 +0200 Subject: Ensure that packet headers get parsed correctly --- .../Region/ClientStack/Linden/UDP/LLUDPServer.cs | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'OpenSim/Region/ClientStack') diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs index ab6674d..fead4d9 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs @@ -160,6 +160,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP public Socket Server { get { return null; } } + private int m_malformedCount = 0; // Guard against a spamming attack + public LLUDPServer(IPAddress listenIP, ref uint port, int proxyPortOffsetParm, bool allow_alternate_port, IConfigSource configSource, AgentCircuitManager circuitManager) : base(listenIP, (int)port) { @@ -612,6 +614,21 @@ namespace OpenSim.Region.ClientStack.LindenUDP #region Decoding + if (buffer.DataLength < 7) + return; // Drop undersizd packet + + int headerLen = 7; + if (buffer.Data[6] == 0xFF) + { + if (buffer.Data[7] == 0xFF) + headerLen = 10; + else + headerLen = 8; + } + + if (buffer.DataLength < headerLen) + return; // Malformed header + try { packet = Packet.BuildPacket(buffer.Data, ref packetEnd, @@ -621,6 +638,18 @@ namespace OpenSim.Region.ClientStack.LindenUDP catch (MalformedDataException) { } + catch (IndexOutOfRangeException) + { + return; // Drop short packet + } + catch(Exception e) + { + if (m_malformedCount < 100) + m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString()); + m_malformedCount++; + if ((m_malformedCount % 100000) == 0) + m_log.DebugFormat("[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack.", m_malformedCount); + } // Fail-safe check if (packet == null) -- cgit v1.1