fix: #210 Stack for saving decoded buffer overflow
This commit is contained in:
yuanyuanxiang
@@ -448,7 +448,7 @@ VOID IOCPClient::OnServerReceiving(CBuffer* m_CompressedBuffer, char* szBuffer,
|
||||
const int bufSize = 512;
|
||||
BYTE buf1[bufSize], buf2[bufSize];
|
||||
PBYTE CompressedBuffer = ulCompressedLength > bufSize ? new BYTE[ulCompressedLength] : buf1;
|
||||
PBYTE DeCompressedBuffer = ulCompressedLength > bufSize ? new BYTE[ulOriginalLength] : buf2;
|
||||
PBYTE DeCompressedBuffer = ulOriginalLength > bufSize ? new BYTE[ulOriginalLength] : buf2;
|
||||
|
||||
m_CompressedBuffer->ReadBuffer(CompressedBuffer, ulCompressedLength);
|
||||
m_Encoder->Decode(CompressedBuffer, ulCompressedLength, (LPBYTE)szPacketFlag);
|
||||
|
||||
@@ -172,7 +172,7 @@ CManager::~CManager()
|
||||
}
|
||||
|
||||
|
||||
int CManager::Send(LPBYTE lpData, UINT nSize)
|
||||
BOOL CManager::Send(LPBYTE lpData, UINT nSize)
|
||||
{
|
||||
int nRet = 0;
|
||||
try {
|
||||
|
||||
@@ -53,8 +53,8 @@ public:
|
||||
return m_ClientObject ? m_ClientObject->Reconnect(this) : FALSE;
|
||||
}
|
||||
virtual void Notify() { }
|
||||
int Send(LPBYTE lpData, UINT nSize);
|
||||
int SendData(LPBYTE lpData, UINT nSize)
|
||||
BOOL Send(LPBYTE lpData, UINT nSize);
|
||||
BOOL SendData(LPBYTE lpData, UINT nSize)
|
||||
{
|
||||
return Send(lpData, nSize);
|
||||
}
|
||||
|
||||
@@ -155,12 +155,12 @@ void IOCPKCPServer::KCPUpdateLoop()
|
||||
}
|
||||
}
|
||||
|
||||
void IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||
BOOL IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||
{
|
||||
if (!ContextObject || !ContextObject->kcp) return;
|
||||
if (!ContextObject || !ContextObject->kcp) return FALSE;
|
||||
ContextObject->OutCompressedBuffer.ClearBuffer();
|
||||
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
||||
return;
|
||||
return FALSE;
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(m_contextsMutex);
|
||||
|
||||
@@ -169,6 +169,7 @@ void IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, U
|
||||
(int)ContextObject->OutCompressedBuffer.GetBufferLength());
|
||||
ikcp_flush(ContextObject->kcp);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
void IOCPKCPServer::Destroy()
|
||||
|
||||
@@ -50,7 +50,7 @@ public:
|
||||
return m_port;
|
||||
}
|
||||
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
||||
virtual void Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||
virtual BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||
virtual void Destroy() override;
|
||||
virtual void Disconnect(CONTEXT_OBJECT* ctx) override;
|
||||
|
||||
|
||||
@@ -574,7 +574,7 @@ BOOL WriteContextData(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOr
|
||||
}
|
||||
}
|
||||
|
||||
VOID IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength)
|
||||
BOOL IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength)
|
||||
{
|
||||
if (WriteContextData(ContextObject, szBuffer, ulOriginalLength)) {
|
||||
OVERLAPPEDPLUS* OverlappedPlus = new OVERLAPPEDPLUS(IOWrite);
|
||||
@@ -584,8 +584,11 @@ VOID IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffe
|
||||
Mprintf("!!! OnClientPreSending Ͷ<><CDB6><EFBFBD><EFBFBD>Ϣʧ<CFA2><CAA7>\n");
|
||||
RemoveStaleContext(ContextObject);
|
||||
SAFE_DELETE(OverlappedPlus);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL IOCPServer::OnClientPostSending(CONTEXT_OBJECT* ContextObject,ULONG ulCompletedLength)
|
||||
|
||||
@@ -69,7 +69,7 @@ private:
|
||||
BOOL HandleIO(IOType PacketFlags, PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
||||
BOOL OnClientInitializing(PCONTEXT_OBJECT ContextObject, DWORD dwTrans);
|
||||
BOOL OnClientReceiving(PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
||||
VOID OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength);
|
||||
BOOL OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength);
|
||||
BOOL OnClientPostSending(CONTEXT_OBJECT* ContextObject, ULONG ulCompressedLength);
|
||||
int AddWorkThread(int n)
|
||||
{
|
||||
@@ -90,9 +90,9 @@ public:
|
||||
|
||||
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort);
|
||||
|
||||
VOID Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||
BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override
|
||||
{
|
||||
OnClientPreSending(ContextObject, szBuffer, ulOriginalLength);
|
||||
return OnClientPreSending(ContextObject, szBuffer, ulOriginalLength);
|
||||
}
|
||||
|
||||
void UpdateMaxConnection(int maxConn);
|
||||
|
||||
@@ -122,11 +122,11 @@ void IOCPUDPServer::WorkerThread()
|
||||
m_hThread = NULL;
|
||||
}
|
||||
|
||||
VOID IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||
BOOL IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||
{
|
||||
ContextObject->OutCompressedBuffer.ClearBuffer();
|
||||
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
||||
return;
|
||||
return FALSE;
|
||||
WSABUF buf = {
|
||||
ContextObject->OutCompressedBuffer.GetBufferLength(),
|
||||
(CHAR*)ContextObject->OutCompressedBuffer.GetBuffer(),
|
||||
@@ -150,7 +150,9 @@ VOID IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, U
|
||||
if (err == SOCKET_ERROR) {
|
||||
DWORD err = WSAGetLastError();
|
||||
Mprintf("[IOCP] Send2Client error: %d\n", err);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
VOID IOCPUDPServer::Destroy()
|
||||
|
||||
@@ -27,7 +27,7 @@ public:
|
||||
return m_port;
|
||||
}
|
||||
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
||||
VOID Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||
BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||
VOID Destroy() override;
|
||||
virtual void UpdateMaxConnection(int maxConn) override
|
||||
{
|
||||
|
||||
@@ -303,7 +303,7 @@ public:
|
||||
|
||||
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) = 0;
|
||||
|
||||
virtual void Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||
virtual BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||
|
||||
virtual void UpdateMaxConnection(int maxConn) {}
|
||||
|
||||
@@ -317,7 +317,7 @@ class context
|
||||
public:
|
||||
// <20><><EFBFBD>麯<EFBFBD><E9BAAF>
|
||||
virtual VOID InitMember(SOCKET s, Server* svr)=0;
|
||||
virtual void Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||
virtual BOOL Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||
virtual CString GetClientData(int index)const = 0;
|
||||
virtual void GetAdditionalData(CString(&s)[RES_MAX]) const =0;
|
||||
virtual CString GetAdditionalData(int index) const = 0;
|
||||
@@ -409,10 +409,11 @@ public:
|
||||
{
|
||||
return server;
|
||||
}
|
||||
VOID Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) override
|
||||
BOOL Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) override
|
||||
{
|
||||
if (server)
|
||||
server->Send2Client(this, szBuffer, ulOriginalLength);
|
||||
return server->Send2Client(this, szBuffer, ulOriginalLength);
|
||||
return FALSE;
|
||||
}
|
||||
VOID SetClientInfo(const CString(&s)[ONLINELIST_MAX], const std::vector<std::string>& a = {})
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user