RYDE-WORK/ballistica
1
0
Fork 0
mirror of https://github.com/RYDE-WORK/ballistica.git synced 2026-01-26 00:47:10 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #603 from Dliwk/secfix-1

Browse Source 
Fix possible DoS vulnerability
This commit is contained in:
Eric Froemling 2023-07-12 11:15:57 -07:00 committed by GitHub
commit 319320a3b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -1,4 +1,5 @@
### 1.7.23 (build 21164, api 8, 2023-07-11)
- Network security improvements.
### 1.7.22 (build 21162, api 8, 2023-07-11)

5
src/ballistica/scene_v1/connection/connection.cc
View File

@ -439,6 +439,11 @@ void Connection::HandleMessagePacket(const std::vector<uint8_t>& buffer) {
Log(LogLevel::kError, "got invalid BA_MESSAGE_MULTIPART");
}
if (buffer[0] == BA_MESSAGE_MULTIPART_END) {
if (multipart_buffer_[0] == BA_MESSAGE_MULTIPART) {
BA_LOG_ONCE(LogLevel::kError,
"nested multipart message detected; kicking");
Error("");
}
HandleMessagePacket(multipart_buffer_);
multipart_buffer_.clear();
}