From 293d8ba826d888b3b2c474292d978b721b1e728b Mon Sep 17 00:00:00 2001 From: rubidium Date: Tue, 9 Jan 2007 14:48:21 +0000 Subject: (svn r8000) -Codechange: drop UDP packets when their internal size does not match the received size. If that is the case, the packet was not received in one piece (or got somehow mangled with another packet), which will cause us to drop the packet later on because we are (for example) trying to read beyond the end of the packet. --- src/network/core/udp.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/network/core/udp.c b/src/network/core/udp.c index 5e32ad8e4..6699b4b87 100644 --- a/src/network/core/udp.c +++ b/src/network/core/udp.c @@ -116,11 +116,19 @@ void NetworkUDPReceive(const SOCKET udp) /* Try to receive anything */ nbytes = recvfrom(udp, p.buffer, packet_len, 0, (struct sockaddr *)&client_addr, &client_len); - /* We got some bytes for the base header of the packet. - * Assume we received the whole packet. */ + /* We got some bytes for the base header of the packet. */ if (nbytes > 2) { NetworkRecv_ReadPacketSize(&p); + /* If the size does not match the packet must be corrupted. + * Otherwise it will be marked as corrupted later on. */ + if (nbytes != p.size) { + DEBUG(net, 1, "received a packet with mismatching size from %s:%d", + inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port)); + + return; + } + /* Put the position on the right place */ p.pos = 2; p.next = NULL; -- cgit v1.2.3-54-g00ecf