Add a size limit to packets and a configurable maximum character limit for messages
- Limits packets to under 16KB - Adds a configurable option to config.ini for setting the maximum amount of characters in an IC/OOC message - Limits the size of OOC names to 30 chars - The client already limits this, but this is an added precaution. - Limits the length of shownames to 30 chars - Implements shownames_allowed for areas, for toggling whether shownames are allowed for messages in that area
This commit is contained in:
		
							parent
							
								
									f6a52f7378
								
							
						
					
					
						commit
						9c3cd12202
					
				| @ -18,6 +18,7 @@ logbuffer=500 | |||||||
| logging=modcall | logging=modcall | ||||||
| maximum_statements=10 | maximum_statements=10 | ||||||
| multiclient_limit=15 | multiclient_limit=15 | ||||||
|  | maximum_characters=256 | ||||||
| 
 | 
 | ||||||
| [Dice] | [Dice] | ||||||
| max_value=100 | max_value=100 | ||||||
|  | |||||||
| @ -286,6 +286,11 @@ class Server : public QObject { | |||||||
|      */ |      */ | ||||||
|     int multiclient_limit; |     int multiclient_limit; | ||||||
| 
 | 
 | ||||||
|  |     /**
 | ||||||
|  |      * @brief Integer representing the maximum amount of characters an IC or OOC message can contain. | ||||||
|  |      */ | ||||||
|  |     int max_chars; | ||||||
|  | 
 | ||||||
|   public slots: |   public slots: | ||||||
|     /**
 |     /**
 | ||||||
|      * @brief Handles a new connection. |      * @brief Handles a new connection. | ||||||
|  | |||||||
| @ -73,6 +73,10 @@ void AOClient::handlePacket(AOPacket packet) | |||||||
|     AreaData* area = server->areas[current_area]; |     AreaData* area = server->areas[current_area]; | ||||||
|     PacketInfo info = packets.value(packet.header, {false, 0, &AOClient::pktDefault}); |     PacketInfo info = packets.value(packet.header, {false, 0, &AOClient::pktDefault}); | ||||||
| 
 | 
 | ||||||
|  |     if (packet.contents.join("").size() > 16384) { | ||||||
|  |         return; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     if (!checkAuth(info.acl_mask)) { |     if (!checkAuth(info.acl_mask)) { | ||||||
|         return; |         return; | ||||||
|     } |     } | ||||||
|  | |||||||
| @ -41,6 +41,7 @@ AreaData::AreaData(QString p_name, int p_index) : | |||||||
|     blankposting_allowed = areas_ini.value("blankposting_allowed","true").toBool(); |     blankposting_allowed = areas_ini.value("blankposting_allowed","true").toBool(); | ||||||
|     force_immediate = areas_ini.value("force_immediate", "false").toBool(); |     force_immediate = areas_ini.value("force_immediate", "false").toBool(); | ||||||
|     toggle_music = areas_ini.value("toggle_music", "true").toBool(); |     toggle_music = areas_ini.value("toggle_music", "true").toBool(); | ||||||
|  |     showname_allowed = areas_ini.value("shownames_allowed", "true").toBool(); | ||||||
|     areas_ini.endGroup(); |     areas_ini.endGroup(); | ||||||
|     QSettings config_ini("config/config.ini", QSettings::IniFormat); |     QSettings config_ini("config/config.ini", QSettings::IniFormat); | ||||||
|     config_ini.beginGroup("Options"); |     config_ini.beginGroup("Options"); | ||||||
|  | |||||||
| @ -180,9 +180,14 @@ void AOClient::pktOocChat(AreaData* area, int argc, QStringList argv, AOPacket p | |||||||
|     ooc_name = dezalgo(argv[0]).replace(QRegExp("\\[|\\]|\\{|\\}|\\#|\\$|\\%|\\&"), ""); // no fucky wucky shit here
 |     ooc_name = dezalgo(argv[0]).replace(QRegExp("\\[|\\]|\\{|\\}|\\#|\\$|\\%|\\&"), ""); // no fucky wucky shit here
 | ||||||
|     if (ooc_name.isEmpty() || ooc_name == server->server_name) // impersonation & empty name protection
 |     if (ooc_name.isEmpty() || ooc_name == server->server_name) // impersonation & empty name protection
 | ||||||
|         return; |         return; | ||||||
|  | 
 | ||||||
|  |     if (ooc_name.length() > 30) { | ||||||
|  |         sendServerMessage("Your name is too long! Please limit it to under 30 characters."); | ||||||
|  |         return; | ||||||
|  |     } | ||||||
|      |      | ||||||
|     QString message = dezalgo(argv[1]); |     QString message = dezalgo(argv[1]); | ||||||
|     if (message.length() == 0) |     if (message.length() == 0 || message.length() > server->max_chars) | ||||||
|         return; |         return; | ||||||
|     AOPacket final_packet("CT", {ooc_name, message, "0"}); |     AOPacket final_packet("CT", {ooc_name, message, "0"}); | ||||||
|     if(message.at(0) == '/') { |     if(message.at(0) == '/') { | ||||||
| @ -456,7 +461,6 @@ AOPacket AOClient::validateIcPacket(AOPacket packet) | |||||||
|     // and outgoing packets are different. Just RTFM.
 |     // and outgoing packets are different. Just RTFM.
 | ||||||
| 
 | 
 | ||||||
|     AOPacket invalid("INVALID", {}); |     AOPacket invalid("INVALID", {}); | ||||||
| 
 |  | ||||||
|     QStringList args; |     QStringList args; | ||||||
|     if (current_char == "" || !joined) |     if (current_char == "" || !joined) | ||||||
|         // Spectators cannot use IC
 |         // Spectators cannot use IC
 | ||||||
| @ -501,6 +505,9 @@ AOPacket AOClient::validateIcPacket(AOPacket packet) | |||||||
|     args.append(emote); |     args.append(emote); | ||||||
| 
 | 
 | ||||||
|     // message text
 |     // message text
 | ||||||
|  |     if (incoming_args[4].toString().size() > server->max_chars) | ||||||
|  |         return invalid; | ||||||
|  | 
 | ||||||
|     QString incoming_msg = dezalgo(incoming_args[4].toString().trimmed()); |     QString incoming_msg = dezalgo(incoming_args[4].toString().trimmed()); | ||||||
|     if (!area->last_ic_message.isEmpty() |     if (!area->last_ic_message.isEmpty() | ||||||
|             && incoming_msg == area->last_ic_message[4] |             && incoming_msg == area->last_ic_message[4] | ||||||
| @ -607,6 +614,15 @@ AOPacket AOClient::validateIcPacket(AOPacket packet) | |||||||
|     if (incoming_args.length() > 15) { |     if (incoming_args.length() > 15) { | ||||||
|         // showname
 |         // showname
 | ||||||
|         QString incoming_showname = dezalgo(incoming_args[15].toString().trimmed()); |         QString incoming_showname = dezalgo(incoming_args[15].toString().trimmed()); | ||||||
|  |         if (!(incoming_showname == current_char || incoming_showname.isEmpty()) && !area->showname_allowed) { | ||||||
|  |             sendServerMessage("Shownames are not allowed in this area!"); | ||||||
|  |             return invalid; | ||||||
|  |         } | ||||||
|  |         if (incoming_showname.length() > 30) { | ||||||
|  |             sendServerMessage("Your showname is too long! Please limit it to under 30 characters"); | ||||||
|  |             return invalid; | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|         // if the raw input is not empty but the trimmed input is, use a single space
 |         // if the raw input is not empty but the trimmed input is, use a single space
 | ||||||
|         if (incoming_showname.isEmpty() && !incoming_args[15].toString().isEmpty()) |         if (incoming_showname.isEmpty() && !incoming_args[15].toString().isEmpty()) | ||||||
|             incoming_showname = " "; |             incoming_showname = " "; | ||||||
|  | |||||||
| @ -283,6 +283,10 @@ void Server::loadServerConfig() | |||||||
|     multiclient_limit = config.value("multiclient_limit", "15").toInt(&multiclient_limit_conversion_success); |     multiclient_limit = config.value("multiclient_limit", "15").toInt(&multiclient_limit_conversion_success); | ||||||
|     if (!multiclient_limit_conversion_success) |     if (!multiclient_limit_conversion_success) | ||||||
|         multiclient_limit = 15; |         multiclient_limit = 15; | ||||||
|  |     bool max_char_conversion_success; | ||||||
|  |     max_chars = config.value("maximum_characters", "256").toInt(&max_char_conversion_success); | ||||||
|  |     if (!max_char_conversion_success) | ||||||
|  |         max_chars = 256; | ||||||
|     config.endGroup(); |     config.endGroup(); | ||||||
| 
 | 
 | ||||||
|     //Load dice values
 |     //Load dice values
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 MangosArentLiterature
						MangosArentLiterature