Added invalid message size checks

TwoTenPvP · TwoTenPvP · commit 13d6d02afaa6 · 2018-12-14T18:50:26.000+01:00
diff --git a/MLAPI/NetworkingManagerComponents/Core/MessageManager.cs b/MLAPI/NetworkingManagerComponents/Core/MessageManager.cs
@@ -29,6 +29,13 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou
             {
                 try
                 {
+                    if (inputStream.Length < 1)
+                    {
+                        if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogError("The incomming message was too small");
+                        messageType = MLAPIConstants.INVALID;
+                        return null;
+                    }
+
                     bool isEncrypted = inputHeaderReader.ReadBit();
                     bool isAuthenticated = inputHeaderReader.ReadBit();
 
@@ -89,7 +96,15 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou
 
                         if (isEncrypted)
                         {
-                            inputStream.Read(IV_BUFFER, 0, IV_BUFFER.Length);
+                            int ivRead = inputStream.Read(IV_BUFFER, 0, IV_BUFFER.Length);
+
+                            if (ivRead != IV_BUFFER.Length)
+                            {
+                                if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogError("Invalid IV size");
+                                messageType = MLAPIConstants.INVALID;
+                                return null;
+                            }
+
                             PooledBitStream outputStream = PooledBitStream.Get();
 
                             using (RijndaelManaged rijndael = new RijndaelManaged())
@@ -114,6 +129,14 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou
                                 }
 
                                 outputStream.Position = 0;
+
+                                if (outputStream.Length == 0)
+                                {
+                                    if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogError("The incomming message was too small");
+                                    messageType = MLAPIConstants.INVALID;
+                                    return null;
+                                }
+
                                 int msgType = outputStream.ReadByte();
                                 messageType = msgType == -1 ? MLAPIConstants.INVALID : (byte)msgType;
                             }
@@ -122,6 +145,13 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou
                         }
                         else
                         {
+                            if (inputStream.Length - inputStream.Position <= 0)
+                            {
+                                if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogError("The incomming message was too small");
+                                messageType = MLAPIConstants.INVALID;
+                                return null;
+                            }
+
                             int msgType = inputStream.ReadByte();
                             messageType = msgType == -1 ? MLAPIConstants.INVALID : (byte)msgType;
                             return inputStream;
