Jump to content

  • Log In with Google      Sign In   
  • Create Account

Interested in a FREE copy of HTML5 game maker Construct 2?

We'll be giving away three Personal Edition licences in next Tuesday's GDNet Direct email newsletter!

Sign up from the right-hand sidebar on our homepage and read Tuesday's newsletter for details!


We're also offering banner ads on our site from just $5! 1. Details HERE. 2. GDNet+ Subscriptions HERE. 3. Ad upload HERE.


#ActualDave Weinstein

Posted 05 June 2013 - 09:27 AM

void Dispatch( Message &message )
{ 
      if ( NULL != m_packetHandlers[ message.id ] )
            m_packetHandlers[ message.id ]->ProcessMessage( message );
}

This is extraordinarily dangerous. The message is coming over UDP, it is completely untrusted, and you are not validating the message ID as being within the range of valid message handlers. As an attacker, this makes compromise of the machine almost trivial.


#1Dave Weinstein

Posted 05 June 2013 - 09:26 AM

void Dispatch( Message &message )    {        if ( NULL != m_packetHandlers[ message.id ] )            m_packetHandlers[ message.id ]->ProcessMessage( message );    }

This is extraordinarily dangerous. The message is coming over UDP, it is completely untrusted, and you are not validating the message ID as being within the range of valid message handlers. As an attacker, this makes compromise of the machine almost trivial.

PARTNERS