From c4ffcd4b7d978ad3a675da0f8ae3f97f027beae8 Mon Sep 17 00:00:00 2001
From: Melanie <melanie@t-data.com>
Date: Wed, 27 Jul 2011 08:35:19 +0200
Subject: [PATCH] Ensure that packet headers get parsed correctly

---
 .../ClientStack/Linden/UDP/LLUDPServer.cs     | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
index aff90c5259..f2388cdf54 100644
--- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
+++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs
@@ -160,6 +160,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP
 
         public Socket Server { get { return null; } }
 
+        private int m_malformedCount = 0; // Guard against a spamming attack
+
         public LLUDPServer(IPAddress listenIP, ref uint port, int proxyPortOffsetParm, bool allow_alternate_port, IConfigSource configSource, AgentCircuitManager circuitManager)
             : base(listenIP, (int)port)
         {
@@ -612,6 +614,21 @@ namespace OpenSim.Region.ClientStack.LindenUDP
 
             #region Decoding
 
+            if (buffer.DataLength < 7)
+                return; // Drop undersizd packet
+
+            int headerLen = 7;
+            if (buffer.Data[6] == 0xFF)
+            {
+                if (buffer.Data[7] == 0xFF)
+                    headerLen = 10;
+                else
+                    headerLen = 8;
+            }
+
+            if (buffer.DataLength < headerLen)
+                return; // Malformed header
+
             try
             {
                 packet = Packet.BuildPacket(buffer.Data, ref packetEnd,
@@ -621,6 +638,18 @@ namespace OpenSim.Region.ClientStack.LindenUDP
             catch (MalformedDataException)
             {
             }
+            catch (IndexOutOfRangeException)
+            {
+                return; // Drop short packet
+            }
+            catch(Exception e)
+            {
+                if (m_malformedCount < 100)
+                    m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString());
+                m_malformedCount++;
+                if ((m_malformedCount % 100000) == 0)
+                    m_log.DebugFormat("[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack.", m_malformedCount);
+            }
 
             // Fail-safe check
             if (packet == null)