Mamanyonyo/akashi-esquizolandia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #99 from AttorneyOnline/packet-size-limit

Browse Source 
Add a size limit to packets and a configurable maximum character limit for messages.
This commit is contained in:
Marisa P 2021-04-21 05:51:11 -05:00 committed by GitHub
commit d344ebe63a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/config_sample/config.ini
View File

@ -18,6 +18,7 @@ logbuffer=500
logging=modcall logging=modcall
maximum_statements=10 maximum_statements=10
multiclient_limit=15 multiclient_limit=15
maximum_characters=256
[Dice] [Dice]
max_value=100 max_value=100

5
include/aoclient.h
View File

@ -2049,6 +2049,11 @@ class AOClient : public QObject {
* @param incoming_message QString to be decoded. * @param incoming_message QString to be decoded.
*/ */
QString decodeMessage(QString incoming_message); QString decodeMessage(QString incoming_message);
/**
* @brief The size, in bytes, of the last data the client sent to the server.
*/
int last_read;
}; };
#endif // AOCLIENT_H #endif // AOCLIENT_H

5
include/server.h
View File

@ -286,6 +286,11 @@ class Server : public QObject {
*/ */
int multiclient_limit; int multiclient_limit;
/**
* @brief Integer representing the maximum amount of characters an IC or OOC message can contain.
*/
int max_chars;
public slots: public slots:
/** /**
* @brief Handles a new connection. * @brief Handles a new connection.

9
src/aoclient.cpp
View File

@ -19,7 +19,12 @@
void AOClient::clientData() void AOClient::clientData()
{ {
if (last_read + socket->bytesAvailable() > 30720) { // Client can send a max of 30KB to the server over two sequential reads
socket->close();
}
QString data = QString::fromUtf8(socket->readAll()); QString data = QString::fromUtf8(socket->readAll());
last_read = data.size();
if (is_partial) { if (is_partial) {
data = partial_packet + data; data = partial_packet + data;
@ -73,6 +78,10 @@ void AOClient::handlePacket(AOPacket packet)
AreaData* area = server->areas[current_area]; AreaData* area = server->areas[current_area];
PacketInfo info = packets.value(packet.header, {false, 0, &AOClient::pktDefault}); PacketInfo info = packets.value(packet.header, {false, 0, &AOClient::pktDefault});
if (packet.contents.join("").size() > 16384) {
return;
}
if (!checkAuth(info.acl_mask)) { if (!checkAuth(info.acl_mask)) {
return; return;
} }

1
src/area_data.cpp
View File

@ -41,6 +41,7 @@ AreaData::AreaData(QString p_name, int p_index) :
blankposting_allowed = areas_ini.value("blankposting_allowed","true").toBool(); blankposting_allowed = areas_ini.value("blankposting_allowed","true").toBool();
force_immediate = areas_ini.value("force_immediate", "false").toBool(); force_immediate = areas_ini.value("force_immediate", "false").toBool();
toggle_music = areas_ini.value("toggle_music", "true").toBool(); toggle_music = areas_ini.value("toggle_music", "true").toBool();
showname_allowed = areas_ini.value("shownames_allowed", "true").toBool();
areas_ini.endGroup(); areas_ini.endGroup();
QSettings config_ini("config/config.ini", QSettings::IniFormat); QSettings config_ini("config/config.ini", QSettings::IniFormat);
config_ini.beginGroup("Options"); config_ini.beginGroup("Options");

20
src/packets.cpp
View File

@ -180,9 +180,14 @@ void AOClient::pktOocChat(AreaData* area, int argc, QStringList argv, AOPacket p
ooc_name = dezalgo(argv[0]).replace(QRegExp("\\[|\\]|\\{|\\}|\\#|\\$|\\%|\\&"), ""); // no fucky wucky shit here ooc_name = dezalgo(argv[0]).replace(QRegExp("\\[|\\]|\\{|\\}|\\#|\\$|\\%|\\&"), ""); // no fucky wucky shit here
if (ooc_name.isEmpty() || ooc_name == server->server_name) // impersonation & empty name protection if (ooc_name.isEmpty() || ooc_name == server->server_name) // impersonation & empty name protection
return; return;
if (ooc_name.length() > 30) {
sendServerMessage("Your name is too long! Please limit it to under 30 characters.");
return;
}
QString message = dezalgo(argv[1]); QString message = dezalgo(argv[1]);
if (message.length() == 0) if (message.length() == 0 || message.length() > server->max_chars)
return; return;
AOPacket final_packet("CT", {ooc_name, message, "0"}); AOPacket final_packet("CT", {ooc_name, message, "0"});
if(message.at(0) == '/') { if(message.at(0) == '/') {
@ -456,7 +461,6 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
// and outgoing packets are different. Just RTFM. // and outgoing packets are different. Just RTFM.
AOPacket invalid("INVALID", {}); AOPacket invalid("INVALID", {});
QStringList args; QStringList args;
if (current_char == "" || !joined) if (current_char == "" || !joined)
// Spectators cannot use IC // Spectators cannot use IC
@ -501,6 +505,9 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
args.append(emote); args.append(emote);
// message text // message text
if (incoming_args[4].toString().size() > server->max_chars)
return invalid;
QString incoming_msg = dezalgo(incoming_args[4].toString().trimmed()); QString incoming_msg = dezalgo(incoming_args[4].toString().trimmed());
if (!area->last_ic_message.isEmpty() if (!area->last_ic_message.isEmpty()
&& incoming_msg == area->last_ic_message[4] && incoming_msg == area->last_ic_message[4]
@ -607,6 +614,15 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
if (incoming_args.length() > 15) { if (incoming_args.length() > 15) {
// showname // showname
QString incoming_showname = dezalgo(incoming_args[15].toString().trimmed()); QString incoming_showname = dezalgo(incoming_args[15].toString().trimmed());
if (!(incoming_showname == current_char || incoming_showname.isEmpty()) && !area->showname_allowed) {
sendServerMessage("Shownames are not allowed in this area!");
return invalid;
}
if (incoming_showname.length() > 30) {
sendServerMessage("Your showname is too long! Please limit it to under 30 characters");
return invalid;
}
// if the raw input is not empty but the trimmed input is, use a single space // if the raw input is not empty but the trimmed input is, use a single space
if (incoming_showname.isEmpty() && !incoming_args[15].toString().isEmpty()) if (incoming_showname.isEmpty() && !incoming_args[15].toString().isEmpty())
incoming_showname = " "; incoming_showname = " ";

4
src/server.cpp
View File

@ -283,6 +283,10 @@ void Server::loadServerConfig()
multiclient_limit = config.value("multiclient_limit", "15").toInt(&multiclient_limit_conversion_success); multiclient_limit = config.value("multiclient_limit", "15").toInt(&multiclient_limit_conversion_success);
if (!multiclient_limit_conversion_success) if (!multiclient_limit_conversion_success)
multiclient_limit = 15; multiclient_limit = 15;
bool max_char_conversion_success;
max_chars = config.value("maximum_characters", "256").toInt(&max_char_conversion_success);
if (!max_char_conversion_success)
max_chars = 256;
config.endGroup(); config.endGroup();
//Load dice values //Load dice values