mirror of
https://github.com/rehlds/rehlds.git
synced 2025-01-01 09:35:37 +03:00
SV_ParseMove, SV_ParseConsistencyResponse: check length
This commit is contained in:
parent
05c7601f1e
commit
801be3ee5b
@ -1164,6 +1164,22 @@ void SZ_Clear(sizebuf_t *buf)
|
|||||||
buf->cursize = 0;
|
buf->cursize = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qboolean SZ_HasSpaceToRead(const sizebuf_t *buf, int length)
|
||||||
|
{
|
||||||
|
if ((msg_readcount + length) > buf->maxsize)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
qboolean SZ_HasSomethingToRead(const sizebuf_t *buf, int length)
|
||||||
|
{
|
||||||
|
if ((msg_readcount + length) > buf->cursize)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
void *EXT_FUNC SZ_GetSpace(sizebuf_t *buf, int length)
|
void *EXT_FUNC SZ_GetSpace(sizebuf_t *buf, int length)
|
||||||
{
|
{
|
||||||
void *data;
|
void *data;
|
||||||
|
@ -159,6 +159,8 @@ void MSG_ReadUsercmd(usercmd_t *to, usercmd_t *from);
|
|||||||
|
|
||||||
void SZ_Alloc(const char *name, sizebuf_t *buf, int startsize);
|
void SZ_Alloc(const char *name, sizebuf_t *buf, int startsize);
|
||||||
void SZ_Clear(sizebuf_t *buf);
|
void SZ_Clear(sizebuf_t *buf);
|
||||||
|
qboolean SZ_HasSpaceToRead(const sizebuf_t *buf, int length);
|
||||||
|
qboolean SZ_HasSomethingToRead(const sizebuf_t *buf, int length);
|
||||||
void *SZ_GetSpace(sizebuf_t *buf, int length);
|
void *SZ_GetSpace(sizebuf_t *buf, int length);
|
||||||
void SZ_Write(sizebuf_t *buf, const void *data, int length);
|
void SZ_Write(sizebuf_t *buf, const void *data, int length);
|
||||||
void SZ_Print(sizebuf_t *buf, const char *data);
|
void SZ_Print(sizebuf_t *buf, const char *data);
|
||||||
|
@ -93,6 +93,15 @@ void SV_ParseConsistencyResponse(client_t *pSenderClient)
|
|||||||
int c = 0;
|
int c = 0;
|
||||||
Q_memset(nullbuffer, 0, sizeof(nullbuffer));
|
Q_memset(nullbuffer, 0, sizeof(nullbuffer));
|
||||||
int value = MSG_ReadShort();
|
int value = MSG_ReadShort();
|
||||||
|
|
||||||
|
if (value <= 0 || !SZ_HasSomethingToRead(&net_message, value))
|
||||||
|
{
|
||||||
|
msg_badread = TRUE;
|
||||||
|
Con_DPrintf("%s: %s:%s invalid length: %d\n", __func__, host_client->name, NET_AdrToString(host_client->netchan.remote_address), value);
|
||||||
|
SV_DropClient(host_client, FALSE, "Invalid length");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
COM_UnMunge(&net_message.data[msg_readcount], value, g_psvs.spawncount);
|
COM_UnMunge(&net_message.data[msg_readcount], value, g_psvs.spawncount);
|
||||||
MSG_StartBitReading(&net_message);
|
MSG_StartBitReading(&net_message);
|
||||||
|
|
||||||
@ -1540,6 +1549,15 @@ void SV_ParseMove(client_t *pSenderClient)
|
|||||||
|
|
||||||
placeholder = msg_readcount + 1;
|
placeholder = msg_readcount + 1;
|
||||||
mlen = MSG_ReadByte();
|
mlen = MSG_ReadByte();
|
||||||
|
|
||||||
|
if (mlen <= 0 || !SZ_HasSpaceToRead(&net_message, mlen + 2))
|
||||||
|
{
|
||||||
|
msg_badread = TRUE;
|
||||||
|
Con_DPrintf("%s: %s:%s invalid length: %d\n", __func__, host_client->name, NET_AdrToString(host_client->netchan.remote_address), mlen);
|
||||||
|
SV_DropClient(host_client, FALSE, "Invalid length");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
cbchecksum = MSG_ReadByte();
|
cbchecksum = MSG_ReadByte();
|
||||||
COM_UnMunge(&net_message.data[placeholder + 1], mlen, host_client->netchan.incoming_sequence);
|
COM_UnMunge(&net_message.data[placeholder + 1], mlen, host_client->netchan.incoming_sequence);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user