[Opensim-dev] Packet text field overflows
Jeff Ames
jeffames at gmail.com
Wed Mar 19 16:31:30 UTC 2008
Hello,
In libSL, there are a number of packets with string fields, with a
maximum length of either 255 or 1500 characters. If OpenSim sends a
string longer than this, then libSL will throw an exception.
One fix to this is to replace the existing bits of ClientView.cs,
generally something like this:
myPacket.text = Helpers.StringToField(text)
with something like this:
myPacket.text = Helpers.StringToField(text.Substring(0,
Math.Min(1499, text.Length)))
(The 1499 is because StringToField will add a null terminator.)
This approach, however, requires OpenSim to hard-code some of the
internal details of these packets. Another solution, which would
require libSL changes, would be to define something like a
libSL.BoundedString class with a MaxLength member OpenSim could query
and use to apply Substring() appropriately.
However, these methods only solve the problem of outgoing data.
Currently it seems we're trusting the client not to send overly long
strings for fields that should be bounded. This issue came up this
time because OpenSim was incorrectly converting a non-ASCII string
into a string of hex values, which quickly expanded past the max field
length. If a rogue client sent overly long strings, we could
conceivably have two crashes -- a MalformedDataException when libSL
tries to construct the incoming packet, and an OverflowException when
OpenSim sends that information back out.
One possible solution would be to call Substring in the property set()
methods in libSL instead of throwing exceptions, and maybe output some
warning message. Or we could wrap all the libSL interactions with
try/catch blocks and log failed packet creation.
Thoughts?
Jeff
More information about the Opensim-dev
mailing list