OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* [SECURITY] Implements a large number of new security checks into Scene/Avatar packet processing within ProcessInPacket. 

* Notes: this requires heavy testing, it may cause new issues where LL have recycled agent block data for non-security purposes. It can be disabled on Line 4421 of LLClientView.cs by changing m_checkPackets to false.
* This represents approx 1/8th of the packets being checked.
0.6.5-rc1
Adam Frisby 2009-04-08 06:31:19 +00:00
parent d5727c8c1a
commit 2bd6a915a0
1 changed files with 269 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs
View File

@ -4419,6 +4419,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP
return; return;
} }
const bool m_checkPackets = true;
// Main packet processing conditional // Main packet processing conditional
switch (Pack.Type) switch (Pack.Type)
{ {
@ -4427,6 +4429,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AvatarPropertiesRequest: case PacketType.AvatarPropertiesRequest:
AvatarPropertiesRequestPacket avatarProperties = (AvatarPropertiesRequestPacket)Pack; AvatarPropertiesRequestPacket avatarProperties = (AvatarPropertiesRequestPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (avatarProperties.AgentData.SessionID != SessionId ||
avatarProperties.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerRequestAvatarProperties = OnRequestAvatarProperties; handlerRequestAvatarProperties = OnRequestAvatarProperties;
if (handlerRequestAvatarProperties != null) if (handlerRequestAvatarProperties != null)
{ {
@ -4438,6 +4449,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ChatFromViewer: case PacketType.ChatFromViewer:
ChatFromViewerPacket inchatpack = (ChatFromViewerPacket)Pack; ChatFromViewerPacket inchatpack = (ChatFromViewerPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (inchatpack.AgentData.SessionID != SessionId ||
inchatpack.AgentData.AgentID != AgentId)
break;
}
#endregion
string fromName = String.Empty; //ClientAvatar.firstname + " " + ClientAvatar.lastname; string fromName = String.Empty; //ClientAvatar.firstname + " " + ClientAvatar.lastname;
byte[] message = inchatpack.ChatData.Message; byte[] message = inchatpack.ChatData.Message;
byte type = inchatpack.ChatData.Type; byte type = inchatpack.ChatData.Type;
@ -4468,6 +4488,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AvatarPropertiesUpdate: case PacketType.AvatarPropertiesUpdate:
AvatarPropertiesUpdatePacket Packet = (AvatarPropertiesUpdatePacket)Pack; AvatarPropertiesUpdatePacket Packet = (AvatarPropertiesUpdatePacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (Packet.AgentData.SessionID != SessionId ||
Packet.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerUpdateAvatarProperties = OnUpdateAvatarProperties; handlerUpdateAvatarProperties = OnUpdateAvatarProperties;
if (handlerUpdateAvatarProperties != null) if (handlerUpdateAvatarProperties != null)
{ {
@ -4485,6 +4514,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ScriptDialogReply: case PacketType.ScriptDialogReply:
ScriptDialogReplyPacket rdialog = (ScriptDialogReplyPacket)Pack; ScriptDialogReplyPacket rdialog = (ScriptDialogReplyPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (rdialog.AgentData.SessionID != SessionId ||
rdialog.AgentData.AgentID != AgentId)
break;
}
#endregion
int ch = rdialog.Data.ChatChannel; int ch = rdialog.Data.ChatChannel;
byte[] msg = rdialog.Data.ButtonLabel; byte[] msg = rdialog.Data.ButtonLabel;
if (OnChatFromClient != null) if (OnChatFromClient != null)
@ -4506,6 +4545,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ImprovedInstantMessage: case PacketType.ImprovedInstantMessage:
ImprovedInstantMessagePacket msgpack = (ImprovedInstantMessagePacket)Pack; ImprovedInstantMessagePacket msgpack = (ImprovedInstantMessagePacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (msgpack.AgentData.SessionID != SessionId ||
msgpack.AgentData.AgentID != AgentId)
break;
}
#endregion
string IMfromName = Util.FieldToString(msgpack.MessageBlock.FromAgentName); string IMfromName = Util.FieldToString(msgpack.MessageBlock.FromAgentName);
string IMmessage = Utils.BytesToString(msgpack.MessageBlock.Message); string IMmessage = Utils.BytesToString(msgpack.MessageBlock.Message);
handlerInstantMessage = OnInstantMessage; handlerInstantMessage = OnInstantMessage;
@ -4531,6 +4580,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AcceptFriendship: case PacketType.AcceptFriendship:
AcceptFriendshipPacket afriendpack = (AcceptFriendshipPacket)Pack; AcceptFriendshipPacket afriendpack = (AcceptFriendshipPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (afriendpack.AgentData.SessionID != SessionId ||
afriendpack.AgentData.AgentID != AgentId)
break;
}
#endregion
// My guess is this is the folder to stick the calling card into // My guess is this is the folder to stick the calling card into
List<UUID> callingCardFolders = new List<UUID>(); List<UUID> callingCardFolders = new List<UUID>();
@ -4552,6 +4610,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.DeclineFriendship: case PacketType.DeclineFriendship:
DeclineFriendshipPacket dfriendpack = (DeclineFriendshipPacket)Pack; DeclineFriendshipPacket dfriendpack = (DeclineFriendshipPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (dfriendpack.AgentData.SessionID != SessionId ||
dfriendpack.AgentData.AgentID != AgentId)
break;
}
#endregion
if (OnDenyFriendRequest != null) if (OnDenyFriendRequest != null)
{ {
OnDenyFriendRequest(this, OnDenyFriendRequest(this,
@ -4563,6 +4630,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.TerminateFriendship: case PacketType.TerminateFriendship:
TerminateFriendshipPacket tfriendpack = (TerminateFriendshipPacket)Pack; TerminateFriendshipPacket tfriendpack = (TerminateFriendshipPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (tfriendpack.AgentData.SessionID != SessionId ||
tfriendpack.AgentData.AgentID != AgentId)
break;
}
#endregion
UUID listOwnerAgentID = tfriendpack.AgentData.AgentID; UUID listOwnerAgentID = tfriendpack.AgentData.AgentID;
UUID exFriendID = tfriendpack.ExBlock.OtherID; UUID exFriendID = tfriendpack.ExBlock.OtherID;
@ -4576,6 +4653,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.RezObject: case PacketType.RezObject:
RezObjectPacket rezPacket = (RezObjectPacket)Pack; RezObjectPacket rezPacket = (RezObjectPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (rezPacket.AgentData.SessionID != SessionId ||
rezPacket.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerRezObject = OnRezObject; handlerRezObject = OnRezObject;
if (handlerRezObject != null) if (handlerRezObject != null)
{ {
@ -4589,6 +4675,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.DeRezObject: case PacketType.DeRezObject:
DeRezObjectPacket DeRezPacket = (DeRezObjectPacket) Pack; DeRezObjectPacket DeRezPacket = (DeRezObjectPacket) Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (DeRezPacket.AgentData.SessionID != SessionId ||
DeRezPacket.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerDeRezObject = OnDeRezObject; handlerDeRezObject = OnDeRezObject;
if (handlerDeRezObject != null) if (handlerDeRezObject != null)
{ {
@ -4607,6 +4703,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ModifyLand: case PacketType.ModifyLand:
ModifyLandPacket modify = (ModifyLandPacket)Pack; ModifyLandPacket modify = (ModifyLandPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (modify.AgentData.SessionID != SessionId ||
modify.AgentData.AgentID != AgentId)
break;
}
#endregion
//m_log.Info("[LAND]: LAND:" + modify.ToString()); //m_log.Info("[LAND]: LAND:" + modify.ToString());
if (modify.ParcelData.Length > 0) if (modify.ParcelData.Length > 0)
{ {
@ -4660,6 +4766,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AgentSetAppearance: case PacketType.AgentSetAppearance:
AgentSetAppearancePacket appear = (AgentSetAppearancePacket)Pack; AgentSetAppearancePacket appear = (AgentSetAppearancePacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (appear.AgentData.SessionID != SessionId ||
appear.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerSetAppearance = OnSetAppearance; handlerSetAppearance = OnSetAppearance;
if (handlerSetAppearance != null) if (handlerSetAppearance != null)
{ {
@ -4690,6 +4805,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
if (OnAvatarNowWearing != null) if (OnAvatarNowWearing != null)
{ {
AgentIsNowWearingPacket nowWearing = (AgentIsNowWearingPacket)Pack; AgentIsNowWearingPacket nowWearing = (AgentIsNowWearingPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (nowWearing.AgentData.SessionID != SessionId ||
nowWearing.AgentData.AgentID != AgentId)
break;
}
#endregion
AvatarWearingArgs wearingArgs = new AvatarWearingArgs(); AvatarWearingArgs wearingArgs = new AvatarWearingArgs();
for (int i = 0; i < nowWearing.WearableData.Length; i++) for (int i = 0; i < nowWearing.WearableData.Length; i++)
{ {
@ -4712,6 +4837,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
if (handlerRezSingleAttachment != null) if (handlerRezSingleAttachment != null)
{ {
RezSingleAttachmentFromInvPacket rez = (RezSingleAttachmentFromInvPacket)Pack; RezSingleAttachmentFromInvPacket rez = (RezSingleAttachmentFromInvPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (rez.AgentData.SessionID != SessionId ||
rez.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerRezSingleAttachment(this, rez.ObjectData.ItemID, handlerRezSingleAttachment(this, rez.ObjectData.ItemID,
rez.ObjectData.AttachmentPt); rez.ObjectData.AttachmentPt);
} }
@ -4735,6 +4870,10 @@ namespace OpenSim.Region.ClientStack.LindenUDP
{ {
DetachAttachmentIntoInvPacket detachtoInv = (DetachAttachmentIntoInvPacket)Pack; DetachAttachmentIntoInvPacket detachtoInv = (DetachAttachmentIntoInvPacket)Pack;
#region Packet Session and User Check
// UNSUPPORTED ON THIS PACKET
#endregion
UUID itemID = detachtoInv.ObjectData.ItemID; UUID itemID = detachtoInv.ObjectData.ItemID;
// UUID ATTACH_agentID = detachtoInv.ObjectData.AgentID; // UUID ATTACH_agentID = detachtoInv.ObjectData.AgentID;
@ -4747,6 +4886,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
{ {
ObjectAttachPacket att = (ObjectAttachPacket)Pack; ObjectAttachPacket att = (ObjectAttachPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (att.AgentData.SessionID != SessionId ||
att.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerObjectAttach = OnObjectAttach; handlerObjectAttach = OnObjectAttach;
if (handlerObjectAttach != null) if (handlerObjectAttach != null)
@ -4761,6 +4909,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ObjectDetach: case PacketType.ObjectDetach:
ObjectDetachPacket dett = (ObjectDetachPacket)Pack; ObjectDetachPacket dett = (ObjectDetachPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (dett.AgentData.SessionID != SessionId ||
dett.AgentData.AgentID != AgentId)
break;
}
#endregion
for (int j = 0; j < dett.ObjectData.Length; j++) for (int j = 0; j < dett.ObjectData.Length; j++)
{ {
uint obj = dett.ObjectData[j].ObjectLocalID; uint obj = dett.ObjectData[j].ObjectLocalID;
@ -4775,6 +4933,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.ObjectDrop: case PacketType.ObjectDrop:
ObjectDropPacket dropp = (ObjectDropPacket)Pack; ObjectDropPacket dropp = (ObjectDropPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (dropp.AgentData.SessionID != SessionId ||
dropp.AgentData.AgentID != AgentId)
break;
}
#endregion
for (int j = 0; j < dropp.ObjectData.Length; j++) for (int j = 0; j < dropp.ObjectData.Length; j++)
{ {
uint obj = dropp.ObjectData[j].ObjectLocalID; uint obj = dropp.ObjectData[j].ObjectLocalID;
@ -4789,6 +4957,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.SetAlwaysRun: case PacketType.SetAlwaysRun:
SetAlwaysRunPacket run = (SetAlwaysRunPacket)Pack; SetAlwaysRunPacket run = (SetAlwaysRunPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (run.AgentData.SessionID != SessionId ||
run.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerSetAlwaysRun = OnSetAlwaysRun; handlerSetAlwaysRun = OnSetAlwaysRun;
if (handlerSetAlwaysRun != null) if (handlerSetAlwaysRun != null)
handlerSetAlwaysRun(this, run.AgentData.AlwaysRun); handlerSetAlwaysRun(this, run.AgentData.AlwaysRun);
@ -4810,6 +4987,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
{ {
AgentUpdatePacket agenUpdate = (AgentUpdatePacket)Pack; AgentUpdatePacket agenUpdate = (AgentUpdatePacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (agenUpdate.AgentData.SessionID != SessionId ||
agenUpdate.AgentData.AgentID != AgentId)
break;
}
#endregion
AgentUpdatePacket.AgentDataBlock x = agenUpdate.AgentData; AgentUpdatePacket.AgentDataBlock x = agenUpdate.AgentData;
AgentUpdateArgs arg = new AgentUpdateArgs(); AgentUpdateArgs arg = new AgentUpdateArgs();
arg.AgentID = x.AgentID; arg.AgentID = x.AgentID;
@ -4837,6 +5023,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AgentAnimation: case PacketType.AgentAnimation:
AgentAnimationPacket AgentAni = (AgentAnimationPacket)Pack; AgentAnimationPacket AgentAni = (AgentAnimationPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (AgentAni.AgentData.SessionID != SessionId ||
AgentAni.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerStartAnim = null; handlerStartAnim = null;
handlerStopAnim = null; handlerStopAnim = null;
@ -4866,6 +5061,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
{ {
AgentRequestSitPacket agentRequestSit = (AgentRequestSitPacket)Pack; AgentRequestSitPacket agentRequestSit = (AgentRequestSitPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (agentRequestSit.AgentData.SessionID != SessionId ||
agentRequestSit.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerAgentRequestSit = OnAgentRequestSit; handlerAgentRequestSit = OnAgentRequestSit;
if (handlerAgentRequestSit != null) if (handlerAgentRequestSit != null)
handlerAgentRequestSit(this, agentRequestSit.AgentData.AgentID, handlerAgentRequestSit(this, agentRequestSit.AgentData.AgentID,
@ -4878,6 +5082,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
{ {
AgentSitPacket agentSit = (AgentSitPacket)Pack; AgentSitPacket agentSit = (AgentSitPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (agentSit.AgentData.SessionID != SessionId ||
agentSit.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerAgentSit = OnAgentSit; handlerAgentSit = OnAgentSit;
if (handlerAgentSit != null) if (handlerAgentSit != null)
{ {
@ -4888,6 +5101,14 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.SoundTrigger: case PacketType.SoundTrigger:
SoundTriggerPacket soundTriggerPacket = (SoundTriggerPacket)Pack; SoundTriggerPacket soundTriggerPacket = (SoundTriggerPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
// UNSUPPORTED ON THIS PACKET
}
#endregion
handlerSoundTrigger = OnSoundTrigger; handlerSoundTrigger = OnSoundTrigger;
if (handlerSoundTrigger != null) if (handlerSoundTrigger != null)
{ {
@ -4901,6 +5122,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AvatarPickerRequest: case PacketType.AvatarPickerRequest:
AvatarPickerRequestPacket avRequestQuery = (AvatarPickerRequestPacket)Pack; AvatarPickerRequestPacket avRequestQuery = (AvatarPickerRequestPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (avRequestQuery.AgentData.SessionID != SessionId ||
avRequestQuery.AgentData.AgentID != AgentId)
break;
}
#endregion
AvatarPickerRequestPacket.AgentDataBlock Requestdata = avRequestQuery.AgentData; AvatarPickerRequestPacket.AgentDataBlock Requestdata = avRequestQuery.AgentData;
AvatarPickerRequestPacket.DataBlock querydata = avRequestQuery.Data; AvatarPickerRequestPacket.DataBlock querydata = avRequestQuery.Data;
//m_log.Debug("Agent Sends:" + Utils.BytesToString(querydata.Name)); //m_log.Debug("Agent Sends:" + Utils.BytesToString(querydata.Name));
@ -4916,6 +5147,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AgentDataUpdateRequest: case PacketType.AgentDataUpdateRequest:
AgentDataUpdateRequestPacket avRequestDataUpdatePacket = (AgentDataUpdateRequestPacket)Pack; AgentDataUpdateRequestPacket avRequestDataUpdatePacket = (AgentDataUpdateRequestPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (avRequestDataUpdatePacket.AgentData.SessionID != SessionId ||
avRequestDataUpdatePacket.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerAgentDataUpdateRequest = OnAgentDataUpdateRequest; handlerAgentDataUpdateRequest = OnAgentDataUpdateRequest;
if (handlerAgentDataUpdateRequest != null) if (handlerAgentDataUpdateRequest != null)
@ -4939,6 +5179,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.UpdateUserInfo: case PacketType.UpdateUserInfo:
UpdateUserInfoPacket updateUserInfo = (UpdateUserInfoPacket)Pack; UpdateUserInfoPacket updateUserInfo = (UpdateUserInfoPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (updateUserInfo.AgentData.SessionID != SessionId ||
updateUserInfo.AgentData.AgentID != AgentId)
break;
}
#endregion
handlerUpdateUserInfo = OnUpdateUserInfo; handlerUpdateUserInfo = OnUpdateUserInfo;
if (handlerUpdateUserInfo != null) if (handlerUpdateUserInfo != null)
{ {
@ -4957,6 +5207,15 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.SetStartLocationRequest: case PacketType.SetStartLocationRequest:
SetStartLocationRequestPacket avSetStartLocationRequestPacket = (SetStartLocationRequestPacket)Pack; SetStartLocationRequestPacket avSetStartLocationRequestPacket = (SetStartLocationRequestPacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (avSetStartLocationRequestPacket.AgentData.SessionID != SessionId ||
avSetStartLocationRequestPacket.AgentData.AgentID != AgentId)
break;
}
#endregion
if (avSetStartLocationRequestPacket.AgentData.AgentID == AgentId && avSetStartLocationRequestPacket.AgentData.SessionID == SessionId) if (avSetStartLocationRequestPacket.AgentData.AgentID == AgentId && avSetStartLocationRequestPacket.AgentData.SessionID == SessionId)
{ {
handlerSetStartLocationRequest = OnSetStartLocationRequest; handlerSetStartLocationRequest = OnSetStartLocationRequest;
@ -4971,6 +5230,16 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.AgentThrottle: case PacketType.AgentThrottle:
AgentThrottlePacket atpack = (AgentThrottlePacket)Pack; AgentThrottlePacket atpack = (AgentThrottlePacket)Pack;
#region Packet Session and User Check
if (m_checkPackets)
{
if (atpack.AgentData.SessionID != SessionId ||
atpack.AgentData.AgentID != AgentId)
break;
}
#endregion
m_PacketHandler.PacketQueue.SetThrottleFromClient(atpack.Throttle.Throttles); m_PacketHandler.PacketQueue.SetThrottleFromClient(atpack.Throttle.Throttles);
break; break;