Validate headerId first in NetworkExtensionsProducer (#125)

This commit is contained in:
Dorving 2022-04-11 04:41:03 +02:00
parent 99b349e9b0
commit 82ae7dc7a9

View File

@ -37,6 +37,11 @@ public final class NetworkExtensionsProducer implements ExtensionProducer {
*/ */
private static final int MAX_STRING_SIZE = Character.BYTES * 100; private static final int MAX_STRING_SIZE = Character.BYTES * 100;
/**
* Length is encoded as an {@link Integer} and header id as an {@link Short}.
*/
private static final int LENGTH_AND_ID_SIZE = Integer.BYTES + Short.BYTES;
/** /**
* Represents the maximum number of bytes in the body of an incoming packet. * Represents the maximum number of bytes in the body of an incoming packet.
* <p> * <p>
@ -95,14 +100,18 @@ public final class NetworkExtensionsProducer implements ExtensionProducer {
// listen to incoming data from client // listen to incoming data from client
while (!extensionSocket.isClosed()) { while (!extensionSocket.isClosed()) {
if (dIn.available() < LENGTH_AND_ID_SIZE)
continue;
final int length = dIn.readInt(); final int length = dIn.readInt();
final short headerId = dIn.readShort();
if (length > MAX_PACKET_BODY_SIZE) if (headerId == NetworkExtensionInfo.INCOMING_MESSAGES_IDS.EXTENSIONINFO) {
break;
final HPacket packet = readPacket(dIn, length); if (length > MAX_PACKET_BODY_SIZE)
break;
if (packet.headerId() == NetworkExtensionInfo.INCOMING_MESSAGES_IDS.EXTENSIONINFO) { final HPacket packet = readPacket(dIn, length, headerId);
final NetworkExtension gEarthExtension = new NetworkExtension(packet, extensionSocket); final NetworkExtension gEarthExtension = new NetworkExtension(packet, extensionSocket);
@ -134,15 +143,17 @@ public final class NetworkExtensionsProducer implements ExtensionProducer {
} }
} }
private HPacket readPacket(DataInputStream dIn, int length) throws IOException { private HPacket readPacket(DataInputStream dIn, int length, short id) throws IOException {
final byte[] headerAndBody = new byte[length + 4]; final byte[] headerAndBody = new byte[length + LENGTH_AND_ID_SIZE];
int amountRead = 0; int amountRead = 0;
while (amountRead < length) while (amountRead < length)
amountRead += dIn.read(headerAndBody, 4 + amountRead, Math.min(dIn.available(), length - amountRead)); amountRead += dIn.read(headerAndBody, amountRead + LENGTH_AND_ID_SIZE, Math.min(dIn.available(), length - amountRead));
final HPacket packet = new HPacket(headerAndBody); final HPacket packet = new HPacket(headerAndBody);
packet.fixLength(); packet.fixLength();
packet.replaceShort(4, id); // add header id
return packet; return packet;
} }