Complete.Org: Mailing Lists: Archives: freeciv-dev: June 1999:
[Freeciv-Dev] more careful packet processing
Home

[Freeciv-Dev] more careful packet processing

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] more careful packet processing
From: David Pfitzner <dwp@xxxxxxxxxxxxxx>
Date: Sat, 19 Jun 1999 23:54:23 +1000 (EST)

Currently freeciv is not very careful processing packets,
and doesn't do much checking of packet sizes, or whether
strings in packets are short enough to fit in their buffers, 
etc, which I think is the main reason it is easy to crash
the server by sending it random data. (Eg
http://www.complete.org/mailinglists/archives/freeciv-dev-199905/msg00075.html

The attached patch improves this in some respects.  (The 
patch is quite long, but much of it is systematic changes 
to receive_packet functions.)  There may still be some ways 
to crash the server though, depending how data is handled 
outside packets.c

The patch basically revises the receive/get functions, 
since that is where the data could be anything.  The
send/put functions are less important, and not modified 
by this patch, though in principle they could also be 
worth changing to ensure we don't accidently overwrite 
internal buffers etc.  Eg if we accidently try to write 
a message string which is too long.

I'm not sure whether this patch should go into 1.8.1 or not.
In that it should improve stability it would be nice, but
OTOH it may decrease stability since I've probably introduced
some new bugs, and we may not get in enough testing to find 
them before 1.8.1.

Incidently, does anyone know where to get a program to send 
random data to a port, to do some fuzz testing of this?
I had a quick look on the web, but couldn't find anything.
Or shouldn't be too hard to write something...

Regards,
-- David

Attachment: pack_iter.diff.gz
Description: GNU Zip compressed data


[Prev in Thread] Current Thread [Next in Thread]