maxmustermann/godot
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
godot/core/io
History
Fabio Alessandrelli 497bc7d5fd Fix marshalls size checks. 
Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector.  For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.

This patch is a backport of the one initially written for the master
branch.
2018-07-28 17:17:36 +02:00
..
compression.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
compression.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
config_file.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
config_file.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
export_data.cpp Bring that Whole New World to the Old Continent too 2017-03-19 00:36:26 +01:00
export_data.h Bring that Whole New World to the Old Continent too 2017-03-19 00:36:26 +01:00
file_access_buffered.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_buffered.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_buffered_fa.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_compressed.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_compressed.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_encrypted.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_encrypted.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_memory.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_memory.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_network.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_network.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_pack.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_pack.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_zip.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
file_access_zip.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
http_client.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
http_client.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
image_loader.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
image_loader.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
ip.cpp resolve_hostname_addresses: retrieve every addresses associated with a hostname 2018-01-02 11:28:48 +01:00
ip.h resolve_hostname_addresses: retrieve every addresses associated with a hostname 2018-01-02 11:28:48 +01:00
ip_address.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
ip_address.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
json.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
json.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
marshalls.cpp Fix marshalls size checks. 2018-07-28 17:17:36 +02:00
marshalls.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
packet_peer.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
packet_peer.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
packet_peer_udp.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
packet_peer_udp.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
pck_packer.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
pck_packer.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_format_binary.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_format_binary.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_format_xml.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_format_xml.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_loader.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_loader.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_saver.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
resource_saver.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
SCsub Move core thirdparty files to thirdparty/{minizip,misc} 2017-05-26 23:29:26 +02:00
stream_peer.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
stream_peer.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
stream_peer_ssl.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
stream_peer_ssl.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
stream_peer_tcp.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
stream_peer_tcp.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
tcp_server.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
tcp_server.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
translation_loader_po.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
translation_loader_po.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
xml_parser.cpp Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
xml_parser.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00
zip_io.h Update copyright statements to 2018 2018-01-02 11:27:24 +01:00