From 967378ae9812052078ceae7059be3c6ba6ff4dbe Mon Sep 17 00:00:00 2001 From: rna88 Date: Thu, 15 Mar 2018 20:12:33 -0700 Subject: [PATCH] SInPacket now tracks decryption/decompression failure. Previously there was no way to tell if an incoming packet was incorrectly formatted. The new function SInPacket.isValid() can be called after decryption/decompression to determine if the packet wasn't decrypted and/or decompressed properly. * Added "valid" attribute to SInPacket. * Decryption routine unsets "valid" if buffer is not divisible by 16. * Decompression routine unsets "valid" on receiving zlib error code. --- include/SPacket.h | 4 ++++ source/SPacket.cpp | 30 +++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/include/SPacket.h b/include/SPacket.h index 6d9d1e9..b6a2548 100644 --- a/include/SPacket.h +++ b/include/SPacket.h @@ -154,10 +154,14 @@ class SInPacket /// Returns the size in bytes of the packet. u32 getSize(); + /// Returns true if the packet decompresses/decrypts successfully. + bool isValid(); + private: u32 pos; core::array buff; u16 playerid; + bool valid; }; } // Close Net Namespace diff --git a/source/SPacket.cpp b/source/SPacket.cpp index 55bd1c0..9d46a5a 100644 --- a/source/SPacket.cpp +++ b/source/SPacket.cpp @@ -225,7 +225,7 @@ void SOutPacket::decryptPacket(const c8 key[16]) buff = tmpbuff; } -SInPacket::SInPacket(const c8* buff, const u32 size) : pos(0), playerid(0) +SInPacket::SInPacket(const c8* buff, const u32 size) : pos(0), playerid(0), valid(true) { SInPacket::buff.set_used(size); memcpy(SInPacket::buff.pointer(), buff, size); @@ -435,10 +435,19 @@ void SInPacket::deCompressPacket() newBuff.set_used(newSize); uLongf destLen = newSize; - uncompress((Bytef*)newBuff.pointer(), &destLen, (Bytef*)buff.pointer() + 4, buff.size() - 4); - newBuff.set_used(destLen); - - buff = newBuff; + int ret = uncompress((Bytef*)newBuff.pointer(), &destLen, (Bytef*)buff.pointer() + 4, buff.size() - 4); + + if (ret != Z_OK) + { + valid = false; + newBuff.set_used(0); + newBuff.clear(); + } + else + { + newBuff.set_used(destLen); + buff = newBuff; + } } void SInPacket::encryptPacket(const c8 key[16]) @@ -457,6 +466,12 @@ void SInPacket::encryptPacket(const c8 key[16]) void SInPacket::decryptPacket(const c8 key[16]) { + if (buff.size() % 16 != 0) + { + valid = false; + return; + } + CEncryption::SetEncryptionKey((u8*)&key[0]); const u32 newSize = buff.size(); core::array tmpbuff; @@ -473,5 +488,10 @@ u32 SInPacket::getSize() return buff.size(); } +bool SInPacket::isValid() +{ + return valid; +} + } // Close Net Namespace } // Close Irr namespace