From 5f71fde202bcc86dd8fd14defb0876c3484e5b38 Mon Sep 17 00:00:00 2001 From: s1lent Date: Thu, 17 Oct 2019 03:06:51 +0700 Subject: [PATCH] fixed vulnerable client-side attack via invalid voice packet --- revoice/src/VoiceEncoder_Opus.cpp | 11 +++++++++++ revoice/src/revoice_main.cpp | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/revoice/src/VoiceEncoder_Opus.cpp b/revoice/src/VoiceEncoder_Opus.cpp index 0687844..e2c3423 100644 --- a/revoice/src/VoiceEncoder_Opus.cpp +++ b/revoice/src/VoiceEncoder_Opus.cpp @@ -197,6 +197,12 @@ int VoiceEncoder_Opus::Decompress(const char *pCompressed, int compressedBytes, break; int nBytes = opus_decode(m_pDecoder, 0, 0, (opus_int16 *)pWritePos, FRAME_SIZE, 0); + if (nBytes <= 0) + { + // raw corrupted + return 0; + } + pWritePos += nBytes * 2; } } @@ -223,6 +229,11 @@ int VoiceEncoder_Opus::Decompress(const char *pCompressed, int compressedBytes, } int nBytes = opus_decode(m_pDecoder, (const unsigned char *)pReadPos, nPayloadSize, (opus_int16 *)pWritePos, FRAME_SIZE, 0); + if (nBytes <= 0) + { + // raw corrupted + return 0; + } pReadPos += nPayloadSize; pWritePos += nBytes * 2; diff --git a/revoice/src/revoice_main.cpp b/revoice/src/revoice_main.cpp index c1530ba..672f2a4 100644 --- a/revoice/src/revoice_main.cpp +++ b/revoice/src/revoice_main.cpp @@ -105,7 +105,12 @@ void SV_ParseVoiceData_emu(IGameClient *cl) silkData = chReceived; silkDataLen = nDataLength; speexData = transcodedBuf; - speexDataLen = TranscodeVoice(srcPlayer, silkData, silkDataLen, srcPlayer->GetOpusCodec(), srcPlayer->GetSpeexCodec(), transcodedBuf, sizeof(transcodedBuf)); + + int numDecodedSamples = TranscodeVoice(srcPlayer, silkData, silkDataLen, srcPlayer->GetOpusCodec(), srcPlayer->GetSpeexCodec(), transcodedBuf, sizeof(transcodedBuf)); + if (numDecodedSamples <= 0) + return; + + speexDataLen = numDecodedSamples; break; } case vct_speex: