Add exception handling to prevent player hacking network string

Benau · Benau · commit 7ebd1fabd906 · 2018-07-19T14:23:35.000+08:00
diff --git a/src/modes/cutscene_world.cpp b/src/modes/cutscene_world.cpp
@@ -231,7 +231,6 @@ void CutsceneWorld::update(int ticks)
     {
         // this way of calculating time and dt is more in line with what
         // irrlicht does and provides better synchronisation
-        double prev_time = m_time;
         double now = StkTime::getRealTime();
         m_time = now - m_time_at_second_reset;
     }
diff --git a/src/network/network_string.hpp b/src/network/network_string.hpp
@@ -74,6 +74,10 @@ friend class Crypto;
     */
     std::string getString(int len) const
     {
+        if (m_current_offset > (int)m_buffer.size() ||
+            m_current_offset + len > (int)m_buffer.size())
+            throw std::out_of_range("getString out of range.");
+
         std::string a(m_buffer.begin() + (m_current_offset      ),
                       m_buffer.begin() + (m_current_offset + len));
         m_current_offset += len;
@@ -101,7 +105,7 @@ friend class Crypto;
         {
             result <<= 8; // offset one byte
                           // add the data to result
-            result += m_buffer[offset - a];
+            result += m_buffer.at(offset - a);
         }
         return result;
     }   // get(int pos)
@@ -110,7 +114,7 @@ friend class Crypto;
     template<typename T>
     T get() const
     {
-        return m_buffer[m_current_offset++];
+        return m_buffer.at(m_current_offset++);
     }   // get
 
 public:
@@ -424,8 +428,7 @@ class NetworkString : public BareNetworkString
     /** Returns the protocol type of this message. */
     ProtocolType getProtocolType() const
     {
-        assert(!m_buffer.empty());
-        return (ProtocolType)(m_buffer[0] & ~PROTOCOL_SYNCHRONOUS);
+        return (ProtocolType)(m_buffer.at(0) & ~PROTOCOL_SYNCHRONOUS);
     }   // getProtocolType
 
     // ------------------------------------------------------------------------
diff --git a/src/network/protocol_manager.cpp b/src/network/protocol_manager.cpp
@@ -378,14 +378,15 @@ bool ProtocolManager::sendEvent(Event* event)
     bool can_be_deleted = false;
     if (event->getType() == EVENT_TYPE_MESSAGE)
     {
-        OneProtocolType &opt = m_all_protocols[event->data().getProtocolType()];
+        OneProtocolType &opt =
+            m_all_protocols.at(event->data().getProtocolType());
         can_be_deleted = opt.notifyEvent(event);
     }
     else   // connect or disconnect event --> test all protocols
     {
         for (unsigned int i = 0; i < m_all_protocols.size(); i++)
         {
-            can_be_deleted |= m_all_protocols[i].notifyEvent(event);
+            can_be_deleted |= m_all_protocols.at(i).notifyEvent(event);
         }
     }
     return can_be_deleted || StkTime::getTimeSinceEpoch() - event->getArrivalTime()
@@ -432,7 +433,16 @@ void ProtocolManager::update(int ticks)
     while (i != m_sync_events_to_process.getData().end())
     {
         m_sync_events_to_process.unlock();
-        bool can_be_deleted = sendEvent(*i);
+        bool can_be_deleted = true;
+        try
+        {
+            can_be_deleted = sendEvent(*i);
+        }
+        catch (std::exception& e)
+        {
+            Log::error("ProtocolManager", "Synchronous event error: %s",
+                e.what());
+        }
         m_sync_events_to_process.lock();
         if (can_be_deleted)
         {
@@ -478,7 +488,16 @@ void ProtocolManager::asynchronousUpdate()
         m_async_events_to_process.unlock();
 
         m_all_protocols[(*i)->getType()].lock();
-        bool result = sendEvent(*i);
+        bool result = true;
+        try
+        {
+            result = sendEvent(*i);
+        }
+        catch (std::exception& e)
+        {
+            Log::error("ProtocolManager", "Asynchronous event error: %s",
+                e.what());
+        }
         m_all_protocols[(*i)->getType()].unlock();
 
         m_async_events_to_process.lock();
diff --git a/src/network/protocols/game_events_protocol.cpp b/src/network/protocols/game_events_protocol.cpp
@@ -54,14 +54,14 @@ bool GameEventsProtocol::notifyEvent(Event* event)
     case GE_RESET_BALL:
     {
         if (!sw)
-            throw("No soccer world");
+            throw std::invalid_argument("No soccer world");
         sw->handleResetBallFromServer(data);
         break;
     }
     case GE_PLAYER_GOAL:
     {
         if (!sw)
-            throw("No soccer world");
+            throw std::invalid_argument("No soccer world");
         sw->handlePlayerGoalFromServer(data);
         break;
     }
diff --git a/src/network/stk_host.cpp b/src/network/stk_host.cpp
@@ -720,7 +720,15 @@ void STKHost::mainLoop()
         auto sl = LobbyProtocol::get<ServerLobby>();
         if (direct_socket && sl && sl->waitingForPlayers())
         {
-            handleDirectSocketRequest(direct_socket, sl);
+            try
+            {
+                handleDirectSocketRequest(direct_socket, sl);
+            }
+            catch (std::exception& e)
+            {
+                Log::warn("STKHost", "Direct socket error: %s",
+                    e.what());
+            }
         }   // if discovery host
 
         if (is_server)
diff --git a/src/states_screens/race_gui_overworld.cpp b/src/states_screens/race_gui_overworld.cpp
@@ -189,10 +189,6 @@ void RaceGUIOverworld::renderGlobal(float dt)
     if (race_manager->getIfEmptyScreenSpaceExists() &&
         !GUIEngine::ModalDialog::isADialogActive())
     {
-        const float sqrt_num_players =
-            sqrtf((float)race_manager->getNumLocalPlayers());
-        const int rows = (int)ceil(sqrt_num_players);
-        const int cols = (int)round(sqrt_num_players);
         static video::SColor black = video::SColor(255,0,0,0);
         GL32_draw2DRectangle(black, irr_driver->getSplitscreenWindow(
             race_manager->getNumLocalPlayers()));

Original file line number	Diff line number	Diff line change
`@@ -231,7 +231,6 @@ void CutsceneWorld::update(int ticks)`
`231`	`231`	`{`
`232`	`232`	`// this way of calculating time and dt is more in line with what`
`233`	`233`	`// irrlicht does and provides better synchronisation`
`234`		`- double prev_time = m_time;`
`235`	`234`	`double now = StkTime::getRealTime();`
`236`	`235`	`m_time = now - m_time_at_second_reset;`
`237`	`236`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,14 +54,14 @@ bool GameEventsProtocol::notifyEvent(Event* event)`
`54`	`54`	`case GE_RESET_BALL:`
`55`	`55`	`{`
`56`	`56`	`if (!sw)`
`57`		`- throw("No soccer world");`
	`57`	`+ throw std::invalid_argument("No soccer world");`
`58`	`58`	`sw->handleResetBallFromServer(data);`
`59`	`59`	`break;`
`60`	`60`	`}`
`61`	`61`	`case GE_PLAYER_GOAL:`
`62`	`62`	`{`
`63`	`63`	`if (!sw)`
`64`		`- throw("No soccer world");`
	`64`	`+ throw std::invalid_argument("No soccer world");`
`65`	`65`	`sw->handlePlayerGoalFromServer(data);`
`66`	`66`	`break;`
`67`	`67`	`}`