fix: #210 Stack for saving decoded buffer overflow
This commit is contained in:
yuanyuanxiang
@@ -448,7 +448,7 @@ VOID IOCPClient::OnServerReceiving(CBuffer* m_CompressedBuffer, char* szBuffer,
|
|||||||
const int bufSize = 512;
|
const int bufSize = 512;
|
||||||
BYTE buf1[bufSize], buf2[bufSize];
|
BYTE buf1[bufSize], buf2[bufSize];
|
||||||
PBYTE CompressedBuffer = ulCompressedLength > bufSize ? new BYTE[ulCompressedLength] : buf1;
|
PBYTE CompressedBuffer = ulCompressedLength > bufSize ? new BYTE[ulCompressedLength] : buf1;
|
||||||
PBYTE DeCompressedBuffer = ulCompressedLength > bufSize ? new BYTE[ulOriginalLength] : buf2;
|
PBYTE DeCompressedBuffer = ulOriginalLength > bufSize ? new BYTE[ulOriginalLength] : buf2;
|
||||||
|
|
||||||
m_CompressedBuffer->ReadBuffer(CompressedBuffer, ulCompressedLength);
|
m_CompressedBuffer->ReadBuffer(CompressedBuffer, ulCompressedLength);
|
||||||
m_Encoder->Decode(CompressedBuffer, ulCompressedLength, (LPBYTE)szPacketFlag);
|
m_Encoder->Decode(CompressedBuffer, ulCompressedLength, (LPBYTE)szPacketFlag);
|
||||||
|
|||||||
@@ -172,7 +172,7 @@ CManager::~CManager()
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int CManager::Send(LPBYTE lpData, UINT nSize)
|
BOOL CManager::Send(LPBYTE lpData, UINT nSize)
|
||||||
{
|
{
|
||||||
int nRet = 0;
|
int nRet = 0;
|
||||||
try {
|
try {
|
||||||
|
|||||||
@@ -53,8 +53,8 @@ public:
|
|||||||
return m_ClientObject ? m_ClientObject->Reconnect(this) : FALSE;
|
return m_ClientObject ? m_ClientObject->Reconnect(this) : FALSE;
|
||||||
}
|
}
|
||||||
virtual void Notify() { }
|
virtual void Notify() { }
|
||||||
int Send(LPBYTE lpData, UINT nSize);
|
BOOL Send(LPBYTE lpData, UINT nSize);
|
||||||
int SendData(LPBYTE lpData, UINT nSize)
|
BOOL SendData(LPBYTE lpData, UINT nSize)
|
||||||
{
|
{
|
||||||
return Send(lpData, nSize);
|
return Send(lpData, nSize);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -155,12 +155,12 @@ void IOCPKCPServer::KCPUpdateLoop()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
BOOL IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||||
{
|
{
|
||||||
if (!ContextObject || !ContextObject->kcp) return;
|
if (!ContextObject || !ContextObject->kcp) return FALSE;
|
||||||
ContextObject->OutCompressedBuffer.ClearBuffer();
|
ContextObject->OutCompressedBuffer.ClearBuffer();
|
||||||
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
||||||
return;
|
return FALSE;
|
||||||
{
|
{
|
||||||
std::lock_guard<std::mutex> lock(m_contextsMutex);
|
std::lock_guard<std::mutex> lock(m_contextsMutex);
|
||||||
|
|
||||||
@@ -169,6 +169,7 @@ void IOCPKCPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, U
|
|||||||
(int)ContextObject->OutCompressedBuffer.GetBufferLength());
|
(int)ContextObject->OutCompressedBuffer.GetBufferLength());
|
||||||
ikcp_flush(ContextObject->kcp);
|
ikcp_flush(ContextObject->kcp);
|
||||||
}
|
}
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
void IOCPKCPServer::Destroy()
|
void IOCPKCPServer::Destroy()
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ public:
|
|||||||
return m_port;
|
return m_port;
|
||||||
}
|
}
|
||||||
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
||||||
virtual void Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
virtual BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||||
virtual void Destroy() override;
|
virtual void Destroy() override;
|
||||||
virtual void Disconnect(CONTEXT_OBJECT* ctx) override;
|
virtual void Disconnect(CONTEXT_OBJECT* ctx) override;
|
||||||
|
|
||||||
|
|||||||
@@ -574,7 +574,7 @@ BOOL WriteContextData(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOr
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength)
|
BOOL IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength)
|
||||||
{
|
{
|
||||||
if (WriteContextData(ContextObject, szBuffer, ulOriginalLength)) {
|
if (WriteContextData(ContextObject, szBuffer, ulOriginalLength)) {
|
||||||
OVERLAPPEDPLUS* OverlappedPlus = new OVERLAPPEDPLUS(IOWrite);
|
OVERLAPPEDPLUS* OverlappedPlus = new OVERLAPPEDPLUS(IOWrite);
|
||||||
@@ -584,8 +584,11 @@ VOID IOCPServer::OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffe
|
|||||||
Mprintf("!!! OnClientPreSending Ͷ<><CDB6><EFBFBD><EFBFBD>Ϣʧ<CFA2><CAA7>\n");
|
Mprintf("!!! OnClientPreSending Ͷ<><CDB6><EFBFBD><EFBFBD>Ϣʧ<CFA2><CAA7>\n");
|
||||||
RemoveStaleContext(ContextObject);
|
RemoveStaleContext(ContextObject);
|
||||||
SAFE_DELETE(OverlappedPlus);
|
SAFE_DELETE(OverlappedPlus);
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL IOCPServer::OnClientPostSending(CONTEXT_OBJECT* ContextObject,ULONG ulCompletedLength)
|
BOOL IOCPServer::OnClientPostSending(CONTEXT_OBJECT* ContextObject,ULONG ulCompletedLength)
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ private:
|
|||||||
BOOL HandleIO(IOType PacketFlags, PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
BOOL HandleIO(IOType PacketFlags, PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
||||||
BOOL OnClientInitializing(PCONTEXT_OBJECT ContextObject, DWORD dwTrans);
|
BOOL OnClientInitializing(PCONTEXT_OBJECT ContextObject, DWORD dwTrans);
|
||||||
BOOL OnClientReceiving(PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
BOOL OnClientReceiving(PCONTEXT_OBJECT ContextObject, DWORD dwTrans, ZSTD_DCtx* ctx);
|
||||||
VOID OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength);
|
BOOL OnClientPreSending(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, size_t ulOriginalLength);
|
||||||
BOOL OnClientPostSending(CONTEXT_OBJECT* ContextObject, ULONG ulCompressedLength);
|
BOOL OnClientPostSending(CONTEXT_OBJECT* ContextObject, ULONG ulCompressedLength);
|
||||||
int AddWorkThread(int n)
|
int AddWorkThread(int n)
|
||||||
{
|
{
|
||||||
@@ -90,9 +90,9 @@ public:
|
|||||||
|
|
||||||
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort);
|
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort);
|
||||||
|
|
||||||
VOID Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override
|
||||||
{
|
{
|
||||||
OnClientPreSending(ContextObject, szBuffer, ulOriginalLength);
|
return OnClientPreSending(ContextObject, szBuffer, ulOriginalLength);
|
||||||
}
|
}
|
||||||
|
|
||||||
void UpdateMaxConnection(int maxConn);
|
void UpdateMaxConnection(int maxConn);
|
||||||
|
|||||||
@@ -122,11 +122,11 @@ void IOCPUDPServer::WorkerThread()
|
|||||||
m_hThread = NULL;
|
m_hThread = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
BOOL IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength)
|
||||||
{
|
{
|
||||||
ContextObject->OutCompressedBuffer.ClearBuffer();
|
ContextObject->OutCompressedBuffer.ClearBuffer();
|
||||||
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
if (!WriteContextData(ContextObject, szBuffer, ulOriginalLength))
|
||||||
return;
|
return FALSE;
|
||||||
WSABUF buf = {
|
WSABUF buf = {
|
||||||
ContextObject->OutCompressedBuffer.GetBufferLength(),
|
ContextObject->OutCompressedBuffer.GetBufferLength(),
|
||||||
(CHAR*)ContextObject->OutCompressedBuffer.GetBuffer(),
|
(CHAR*)ContextObject->OutCompressedBuffer.GetBuffer(),
|
||||||
@@ -150,7 +150,9 @@ VOID IOCPUDPServer::Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, U
|
|||||||
if (err == SOCKET_ERROR) {
|
if (err == SOCKET_ERROR) {
|
||||||
DWORD err = WSAGetLastError();
|
DWORD err = WSAGetLastError();
|
||||||
Mprintf("[IOCP] Send2Client error: %d\n", err);
|
Mprintf("[IOCP] Send2Client error: %d\n", err);
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID IOCPUDPServer::Destroy()
|
VOID IOCPUDPServer::Destroy()
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ public:
|
|||||||
return m_port;
|
return m_port;
|
||||||
}
|
}
|
||||||
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) override;
|
||||||
VOID Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) override;
|
||||||
VOID Destroy() override;
|
VOID Destroy() override;
|
||||||
virtual void UpdateMaxConnection(int maxConn) override
|
virtual void UpdateMaxConnection(int maxConn) override
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -303,7 +303,7 @@ public:
|
|||||||
|
|
||||||
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) = 0;
|
virtual UINT StartServer(pfnNotifyProc NotifyProc, pfnOfflineProc OffProc, USHORT uPort) = 0;
|
||||||
|
|
||||||
virtual void Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
virtual BOOL Send2Client(CONTEXT_OBJECT* ContextObject, PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||||
|
|
||||||
virtual void UpdateMaxConnection(int maxConn) {}
|
virtual void UpdateMaxConnection(int maxConn) {}
|
||||||
|
|
||||||
@@ -317,7 +317,7 @@ class context
|
|||||||
public:
|
public:
|
||||||
// <20><><EFBFBD>麯<EFBFBD><E9BAAF>
|
// <20><><EFBFBD>麯<EFBFBD><E9BAAF>
|
||||||
virtual VOID InitMember(SOCKET s, Server* svr)=0;
|
virtual VOID InitMember(SOCKET s, Server* svr)=0;
|
||||||
virtual void Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
virtual BOOL Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) = 0;
|
||||||
virtual CString GetClientData(int index)const = 0;
|
virtual CString GetClientData(int index)const = 0;
|
||||||
virtual void GetAdditionalData(CString(&s)[RES_MAX]) const =0;
|
virtual void GetAdditionalData(CString(&s)[RES_MAX]) const =0;
|
||||||
virtual CString GetAdditionalData(int index) const = 0;
|
virtual CString GetAdditionalData(int index) const = 0;
|
||||||
@@ -409,10 +409,11 @@ public:
|
|||||||
{
|
{
|
||||||
return server;
|
return server;
|
||||||
}
|
}
|
||||||
VOID Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) override
|
BOOL Send2Client(PBYTE szBuffer, ULONG ulOriginalLength) override
|
||||||
{
|
{
|
||||||
if (server)
|
if (server)
|
||||||
server->Send2Client(this, szBuffer, ulOriginalLength);
|
return server->Send2Client(this, szBuffer, ulOriginalLength);
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
VOID SetClientInfo(const CString(&s)[ONLINELIST_MAX], const std::vector<std::string>& a = {})
|
VOID SetClientInfo(const CString(&s)[ONLINELIST_MAX], const std::vector<std::string>& a = {})
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user