From 89fb672503d9dee4f18b11460f66d6c74ec190fd Mon Sep 17 00:00:00 2001 From: Andrey Kleshchev Date: Mon, 19 Oct 2020 21:45:36 +0300 Subject: SL-13599 Missing bounds checks in deserializer code Pulled in and updated Rider's changes --- indra/llmessage/lldatapacker.cpp | 164 +++++++++++++++++++++++++++++++++++++++ indra/llmessage/lldatapacker.h | 17 ++++ 2 files changed, 181 insertions(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/lldatapacker.cpp b/indra/llmessage/lldatapacker.cpp index 6cf6af6437..96c1297e0d 100644 --- a/indra/llmessage/lldatapacker.cpp +++ b/indra/llmessage/lldatapacker.cpp @@ -173,6 +173,71 @@ BOOL LLDataPacker::unpackFixed(F32 &value, const char *name, return ok; } +BOOL LLDataPacker::unpackU16s(U16 *values, S32 count, const char *name) +{ + for (S32 idx = 0; idx < count; ++idx) + { + if (!unpackU16(values[idx], name)) + { + LL_WARNS("DATAPACKER") << "Buffer overflow reading Unsigned 16s \"" << name << "\" at index " << idx << "!" << LL_ENDL; + return FALSE; + } + } + return TRUE; +} + +BOOL LLDataPacker::unpackS16s(S16 *values, S32 count, const char *name) +{ + for (S32 idx = 0; idx < count; ++idx) + { + if (!unpackS16(values[idx], name)) + { + LL_WARNS("DATAPACKER") << "Buffer overflow reading Signed 16s \"" << name << "\" at index " << idx << "!" << LL_ENDL; + return FALSE; + } + } + return TRUE; +} + +BOOL LLDataPacker::unpackF32s(F32 *values, S32 count, const char *name) +{ + for (S32 idx = 0; idx < count; ++idx) + { + if (!unpackF32(values[idx], name)) + { + LL_WARNS("DATAPACKER") << "Buffer overflow reading Float 32s \"" << name << "\" at index " << idx << "!" << LL_ENDL; + return FALSE; + } + } + return TRUE; +} + +BOOL LLDataPacker::unpackColor4Us(LLColor4U *values, S32 count, const char *name) +{ + for (S32 idx = 0; idx < count; ++idx) + { + if (!unpackColor4U(values[idx], name)) + { + LL_WARNS("DATAPACKER") << "Buffer overflow reading Float 32s \"" << name << "\" at index " << idx << "!" << LL_ENDL; + return FALSE; + } + } + return TRUE; +} + +BOOL LLDataPacker::unpackUUIDs(LLUUID *values, S32 count, const char *name) +{ + for (S32 idx = 0; idx < count; ++idx) + { + if (!unpackUUID(values[idx], name)) + { + LL_WARNS("DATAPACKER") << "Buffer overflow reading UUIDs \"" << name << "\" at index " << idx << "!" << LL_ENDL; + return FALSE; + } + } + return TRUE; +} + //--------------------------------------------------------------------------- // LLDataPackerBinaryBuffer implementation //--------------------------------------------------------------------------- @@ -319,6 +384,29 @@ BOOL LLDataPackerBinaryBuffer::unpackU16(U16 &value, const char *name) return success; } +BOOL LLDataPackerBinaryBuffer::packS16(const S16 value, const char *name) +{ + BOOL success = verifyLength(sizeof(S16), name); + + if (mWriteEnabled && success) + { + htolememcpy(mCurBufferp, &value, MVT_S16, 2); + } + mCurBufferp += 2; + return success; +} + +BOOL LLDataPackerBinaryBuffer::unpackS16(S16 &value, const char *name) +{ + BOOL success = verifyLength(sizeof(S16), name); + + if (success) + { + htolememcpy(&value, mCurBufferp, MVT_S16, 2); + } + mCurBufferp += 2; + return success; +} BOOL LLDataPackerBinaryBuffer::packU32(const U32 value, const char *name) { @@ -884,6 +972,52 @@ BOOL LLDataPackerAsciiBuffer::unpackU16(U16 &value, const char *name) return success; } +BOOL LLDataPackerAsciiBuffer::packS16(const S16 value, const char *name) +{ + BOOL success = TRUE; + writeIndentedName(name); + int numCopied = 0; + if (mWriteEnabled) + { + numCopied = snprintf(mCurBufferp, getBufferSize() - getCurrentSize(), "%d\n", value); /* Flawfinder: ignore */ + } + else + { + numCopied = snprintf(DUMMY_BUFFER, sizeof(DUMMY_BUFFER), "%d\n", value); /* Flawfinder: ignore */ + } + + // snprintf returns number of bytes that would have been written + // had the output not being truncated. In that case, it will + // return either -1 or value >= passed in size value . So a check needs to be added + // to detect truncation, and if there is any, only account for the + // actual number of bytes written..and not what could have been + // written. + if(numCopied < 0 || numCopied > getBufferSize() - getCurrentSize()) + { + numCopied = getBufferSize() - getCurrentSize(); + LL_WARNS() << "LLDataPackerAsciiBuffer::packS16: val truncated: " << LL_ENDL; + } + + mCurBufferp += numCopied; + + return success; +} + + +BOOL LLDataPackerAsciiBuffer::unpackS16(S16 &value, const char *name) +{ + BOOL success = TRUE; + char valuestr[DP_BUFSIZE]; /* Flawfinder: ignore */ + if (!getValueStr(name, valuestr, DP_BUFSIZE)) + { + return FALSE; + } + + S32 in_val; + sscanf(valuestr, "%d", &in_val); + value = in_val; + return success; +} BOOL LLDataPackerAsciiBuffer::packU32(const U32 value, const char *name) { @@ -1587,6 +1721,36 @@ BOOL LLDataPackerAsciiFile::unpackU16(U16 &value, const char *name) return success; } +BOOL LLDataPackerAsciiFile::packS16(const S16 value, const char *name) +{ + BOOL success = TRUE; + writeIndentedName(name); + if (mFP) + { + fprintf(mFP, "%d\n", value); + } + else if (mOutputStream) + { + *mOutputStream << "" << value << "\n"; + } + return success; +} + + +BOOL LLDataPackerAsciiFile::unpackS16(S16 &value, const char *name) +{ + BOOL success = TRUE; + char valuestr[DP_BUFSIZE]; /*Flawfinder: ignore */ + if (!getValueStr(name, valuestr, DP_BUFSIZE)) + { + return FALSE; + } + + S32 in_val; + sscanf(valuestr, "%d", &in_val); + value = in_val; + return success; +} BOOL LLDataPackerAsciiFile::packU32(const U32 value, const char *name) { diff --git a/indra/llmessage/lldatapacker.h b/indra/llmessage/lldatapacker.h index 5140f56c01..ac28cadbce 100644 --- a/indra/llmessage/lldatapacker.h +++ b/indra/llmessage/lldatapacker.h @@ -60,6 +60,11 @@ public: virtual BOOL packU16(const U16 value, const char *name) = 0; virtual BOOL unpackU16(U16 &value, const char *name) = 0; + BOOL unpackU16s(U16 *value, S32 count, const char *name); + + virtual BOOL packS16(const S16 value, const char *name) = 0; + virtual BOOL unpackS16(S16 &value, const char *name) = 0; + BOOL unpackS16s(S16 *value, S32 count, const char *name); virtual BOOL packU32(const U32 value, const char *name) = 0; virtual BOOL unpackU32(U32 &value, const char *name) = 0; @@ -69,6 +74,7 @@ public: virtual BOOL packF32(const F32 value, const char *name) = 0; virtual BOOL unpackF32(F32 &value, const char *name) = 0; + BOOL unpackF32s(F32 *values, S32 count, const char *name); // Packs a float into an integer, using the given size // and picks the right U* data type to pack into. @@ -82,6 +88,7 @@ public: virtual BOOL packColor4U(const LLColor4U &value, const char *name) = 0; virtual BOOL unpackColor4U(LLColor4U &value, const char *name) = 0; + BOOL unpackColor4Us(LLColor4U *values, S32 count, const char *name); virtual BOOL packVector2(const LLVector2 &value, const char *name) = 0; virtual BOOL unpackVector2(LLVector2 &value, const char *name) = 0; @@ -94,6 +101,7 @@ public: virtual BOOL packUUID(const LLUUID &value, const char *name) = 0; virtual BOOL unpackUUID(LLUUID &value, const char *name) = 0; + BOOL unpackUUIDs(LLUUID *values, S32 count, const char *name); U32 getPassFlags() const { return mPassFlags; } void setPassFlags(U32 flags) { mPassFlags = flags; } protected: @@ -139,6 +147,9 @@ public: /*virtual*/ BOOL packU16(const U16 value, const char *name); /*virtual*/ BOOL unpackU16(U16 &value, const char *name); + /*virtual*/ BOOL packS16(const S16 value, const char *name); + /*virtual*/ BOOL unpackS16(S16 &value, const char *name); + /*virtual*/ BOOL packU32(const U32 value, const char *name); /*virtual*/ BOOL unpackU32(U32 &value, const char *name); @@ -247,6 +258,9 @@ public: /*virtual*/ BOOL packU16(const U16 value, const char *name); /*virtual*/ BOOL unpackU16(U16 &value, const char *name); + /*virtual*/ BOOL packS16(const S16 value, const char *name); + /*virtual*/ BOOL unpackS16(S16 &value, const char *name); + /*virtual*/ BOOL packU32(const U32 value, const char *name); /*virtual*/ BOOL unpackU32(U32 &value, const char *name); @@ -375,6 +389,9 @@ public: /*virtual*/ BOOL packU16(const U16 value, const char *name); /*virtual*/ BOOL unpackU16(U16 &value, const char *name); + /*virtual*/ BOOL packS16(const S16 value, const char *name); + /*virtual*/ BOOL unpackS16(S16 &value, const char *name); + /*virtual*/ BOOL packU32(const U32 value, const char *name); /*virtual*/ BOOL unpackU32(U32 &value, const char *name); -- cgit v1.2.3 From 71ba69e82af5f8905e4199f9443c3766a5e4b482 Mon Sep 17 00:00:00 2001 From: Mnikolenko Productengine Date: Tue, 12 Jan 2021 16:22:17 +0200 Subject: SL-13313 Support RegionInfo5 block in RegionInfo message, and add log message --- indra/llmessage/message_prehash.cpp | 8 ++++++++ indra/llmessage/message_prehash.h | 8 ++++++++ 2 files changed, 16 insertions(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/message_prehash.cpp b/indra/llmessage/message_prehash.cpp index fba5b7453d..219b1855d2 100644 --- a/indra/llmessage/message_prehash.cpp +++ b/indra/llmessage/message_prehash.cpp @@ -281,6 +281,13 @@ char const* const _PREHASH_PricePerMeter = LLMessageStringTable::getInstance()-> char const* const _PREHASH_RegionFlags = LLMessageStringTable::getInstance()->getString("RegionFlags"); char const* const _PREHASH_RegionFlagsExtended = LLMessageStringTable::getInstance()->getString("RegionFlagsExtended"); char const* const _PREHASH_RegionProtocols = LLMessageStringTable::getInstance()->getString("RegionProtocols"); +char const* const _PREHASH_ChatWhisperRange = LLMessageStringTable::getInstance()->getString("ChatWhisperRange"); +char const* const _PREHASH_ChatNormalRange = LLMessageStringTable::getInstance()->getString("ChatNormalRange"); +char const* const _PREHASH_ChatShoutRange = LLMessageStringTable::getInstance()->getString("ChatShoutRange"); +char const* const _PREHASH_ChatWhisperOffset = LLMessageStringTable::getInstance()->getString("ChatWhisperOffset"); +char const* const _PREHASH_ChatNormalOffset = LLMessageStringTable::getInstance()->getString("ChatNormalOffset"); +char const* const _PREHASH_ChatShoutOffset = LLMessageStringTable::getInstance()->getString("ChatShoutOffset"); +char const* const _PREHASH_ChatFlags = LLMessageStringTable::getInstance()->getString("ChatFlags"); char const* const _PREHASH_VoteResult = LLMessageStringTable::getInstance()->getString("VoteResult"); char const* const _PREHASH_ParcelDirFeeEstimate = LLMessageStringTable::getInstance()->getString("ParcelDirFeeEstimate"); char const* const _PREHASH_ModifyBlock = LLMessageStringTable::getInstance()->getString("ModifyBlock"); @@ -309,6 +316,7 @@ char const* const _PREHASH_DuplicateFlags = LLMessageStringTable::getInstance()- char const* const _PREHASH_RegionInfo2 = LLMessageStringTable::getInstance()->getString("RegionInfo2"); char const* const _PREHASH_RegionInfo3 = LLMessageStringTable::getInstance()->getString("RegionInfo3"); char const* const _PREHASH_RegionInfo4 = LLMessageStringTable::getInstance()->getString("RegionInfo4"); +char const* const _PREHASH_RegionInfo5 = LLMessageStringTable::getInstance()->getString("RegionInfo5"); char const* const _PREHASH_TextColor = LLMessageStringTable::getInstance()->getString("TextColor"); char const* const _PREHASH_SlaveID = LLMessageStringTable::getInstance()->getString("SlaveID"); char const* const _PREHASH_Charter = LLMessageStringTable::getInstance()->getString("Charter"); diff --git a/indra/llmessage/message_prehash.h b/indra/llmessage/message_prehash.h index 4f72c01ddf..8f6ee5a327 100644 --- a/indra/llmessage/message_prehash.h +++ b/indra/llmessage/message_prehash.h @@ -281,6 +281,13 @@ extern char const* const _PREHASH_PricePerMeter; extern char const* const _PREHASH_RegionFlags; extern char const* const _PREHASH_RegionFlagsExtended; extern char const* const _PREHASH_RegionProtocols; +extern char const* const _PREHASH_ChatWhisperRange; +extern char const* const _PREHASH_ChatNormalRange; +extern char const* const _PREHASH_ChatShoutRange; +extern char const* const _PREHASH_ChatWhisperOffset; +extern char const* const _PREHASH_ChatNormalOffset; +extern char const* const _PREHASH_ChatShoutOffset; +extern char const* const _PREHASH_ChatFlags; extern char const* const _PREHASH_VoteResult; extern char const* const _PREHASH_ParcelDirFeeEstimate; extern char const* const _PREHASH_ModifyBlock; @@ -309,6 +316,7 @@ extern char const* const _PREHASH_DuplicateFlags; extern char const* const _PREHASH_RegionInfo2; extern char const* const _PREHASH_RegionInfo3; extern char const* const _PREHASH_RegionInfo4; +extern char const* const _PREHASH_RegionInfo5; extern char const* const _PREHASH_TextColor; extern char const* const _PREHASH_SlaveID; extern char const* const _PREHASH_Charter; -- cgit v1.2.3 From d3d8203be4aec8ad90c0044e3a0ade1d91df64ea Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Thu, 13 May 2021 22:10:43 -0400 Subject: SL-15258: Remove additional std library features dropped with C++17. --- indra/llmessage/llcircuit.cpp | 11 +++++------ indra/llmessage/lldispatcher.cpp | 2 +- indra/llmessage/llmessagethrottle.cpp | 22 ---------------------- 3 files changed, 6 insertions(+), 29 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcircuit.cpp b/indra/llmessage/llcircuit.cpp index 8baa2e328b..a39989515e 100644 --- a/indra/llmessage/llcircuit.cpp +++ b/indra/llmessage/llcircuit.cpp @@ -436,12 +436,11 @@ LLCircuit::LLCircuit(const F32Seconds circuit_heartbeat_interval, const F32Secon LLCircuit::~LLCircuit() { - // delete pointers in the map. - std::for_each(mCircuitData.begin(), - mCircuitData.end(), - llcompose1( - DeletePointerFunctor(), - llselect2nd())); + // delete pointers in the map. + for (auto circ_pair : mCircuitData) + { + delete circ_pair.second; + } } LLCircuitData *LLCircuit::addCircuitData(const LLHost &host, TPACKETID in_id) diff --git a/indra/llmessage/lldispatcher.cpp b/indra/llmessage/lldispatcher.cpp index 717ef10f70..8dfd924f31 100644 --- a/indra/llmessage/lldispatcher.cpp +++ b/indra/llmessage/lldispatcher.cpp @@ -62,7 +62,7 @@ void LLDispatcher::copyAllHandlerNames(keys_t& names) const mHandlers.begin(), mHandlers.end(), std::back_insert_iterator(names), - llselect1st()); + [](const dispatch_map_t::value_type& pair){ return pair.first; }); } bool LLDispatcher::dispatch( diff --git a/indra/llmessage/llmessagethrottle.cpp b/indra/llmessage/llmessagethrottle.cpp index 579d6d7187..c5ae8b4547 100644 --- a/indra/llmessage/llmessagethrottle.cpp +++ b/indra/llmessage/llmessagethrottle.cpp @@ -32,18 +32,8 @@ #include "llframetimer.h" // This is used for the stl search_n function. -#if _MSC_VER >= 1500 // VC9 has a bug in search_n -struct eq_message_throttle_entry : public std::binary_function< LLMessageThrottleEntry, LLMessageThrottleEntry, bool > -{ - bool operator()(const LLMessageThrottleEntry& a, const LLMessageThrottleEntry& b) const - { - return a.getHash() == b.getHash(); - } -}; -#else bool eq_message_throttle_entry(LLMessageThrottleEntry a, LLMessageThrottleEntry b) { return a.getHash() == b.getHash(); } -#endif const U64 SEC_TO_USEC = 1000000; @@ -118,14 +108,8 @@ BOOL LLMessageThrottle::addViewerAlert(const LLUUID& to, const std::string& mesg LLMessageThrottleEntry entry(hash, LLFrameTimer::getTotalTime()); // Check if this message is already in the list. -#if _MSC_VER >= 1500 // VC9 has a bug in search_n - // SJB: This *should* work but has not been tested yet *TODO: Test! - message_list_iterator_t found = std::find_if(message_list->begin(), message_list->end(), - std::bind2nd(eq_message_throttle_entry(), entry)); -#else message_list_iterator_t found = std::search_n(message_list->begin(), message_list->end(), 1, entry, eq_message_throttle_entry); -#endif if (found == message_list->end()) { // This message was not found. Add it to the list. @@ -152,14 +136,8 @@ BOOL LLMessageThrottle::addAgentAlert(const LLUUID& agent, const LLUUID& task, c LLMessageThrottleEntry entry(hash, LLFrameTimer::getTotalTime()); // Check if this message is already in the list. -#if _MSC_VER >= 1500 // VC9 has a bug in search_n - // SJB: This *should* work but has not been tested yet *TODO: Test! - message_list_iterator_t found = std::find_if(message_list->begin(), message_list->end(), - std::bind2nd(eq_message_throttle_entry(), entry)); -#else message_list_iterator_t found = std::search_n(message_list->begin(), message_list->end(), 1, entry, eq_message_throttle_entry); -#endif if (found == message_list->end()) { -- cgit v1.2.3 From adcd08fbf4d96f8f52cef81895bda202c9e45896 Mon Sep 17 00:00:00 2001 From: Andrey Lihatskiy Date: Tue, 28 Sep 2021 19:07:48 +0300 Subject: Revert "Merge branch 'c++17' into DRTVWR-522-maint" This reverts commit 203ea3a70a775a09cbbffb1740ab7c58f1780baa, reversing changes made to 8e3f0778863a5aa337d1148a243ea91d238a8ac5. # Conflicts: # indra/newview/llmachineid.cpp --- indra/llmessage/llcircuit.cpp | 11 ++++++----- indra/llmessage/lldispatcher.cpp | 2 +- indra/llmessage/llmessagethrottle.cpp | 22 ++++++++++++++++++++++ 3 files changed, 29 insertions(+), 6 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcircuit.cpp b/indra/llmessage/llcircuit.cpp index a39989515e..8baa2e328b 100644 --- a/indra/llmessage/llcircuit.cpp +++ b/indra/llmessage/llcircuit.cpp @@ -436,11 +436,12 @@ LLCircuit::LLCircuit(const F32Seconds circuit_heartbeat_interval, const F32Secon LLCircuit::~LLCircuit() { - // delete pointers in the map. - for (auto circ_pair : mCircuitData) - { - delete circ_pair.second; - } + // delete pointers in the map. + std::for_each(mCircuitData.begin(), + mCircuitData.end(), + llcompose1( + DeletePointerFunctor(), + llselect2nd())); } LLCircuitData *LLCircuit::addCircuitData(const LLHost &host, TPACKETID in_id) diff --git a/indra/llmessage/lldispatcher.cpp b/indra/llmessage/lldispatcher.cpp index 8dfd924f31..717ef10f70 100644 --- a/indra/llmessage/lldispatcher.cpp +++ b/indra/llmessage/lldispatcher.cpp @@ -62,7 +62,7 @@ void LLDispatcher::copyAllHandlerNames(keys_t& names) const mHandlers.begin(), mHandlers.end(), std::back_insert_iterator(names), - [](const dispatch_map_t::value_type& pair){ return pair.first; }); + llselect1st()); } bool LLDispatcher::dispatch( diff --git a/indra/llmessage/llmessagethrottle.cpp b/indra/llmessage/llmessagethrottle.cpp index c5ae8b4547..579d6d7187 100644 --- a/indra/llmessage/llmessagethrottle.cpp +++ b/indra/llmessage/llmessagethrottle.cpp @@ -32,8 +32,18 @@ #include "llframetimer.h" // This is used for the stl search_n function. +#if _MSC_VER >= 1500 // VC9 has a bug in search_n +struct eq_message_throttle_entry : public std::binary_function< LLMessageThrottleEntry, LLMessageThrottleEntry, bool > +{ + bool operator()(const LLMessageThrottleEntry& a, const LLMessageThrottleEntry& b) const + { + return a.getHash() == b.getHash(); + } +}; +#else bool eq_message_throttle_entry(LLMessageThrottleEntry a, LLMessageThrottleEntry b) { return a.getHash() == b.getHash(); } +#endif const U64 SEC_TO_USEC = 1000000; @@ -108,8 +118,14 @@ BOOL LLMessageThrottle::addViewerAlert(const LLUUID& to, const std::string& mesg LLMessageThrottleEntry entry(hash, LLFrameTimer::getTotalTime()); // Check if this message is already in the list. +#if _MSC_VER >= 1500 // VC9 has a bug in search_n + // SJB: This *should* work but has not been tested yet *TODO: Test! + message_list_iterator_t found = std::find_if(message_list->begin(), message_list->end(), + std::bind2nd(eq_message_throttle_entry(), entry)); +#else message_list_iterator_t found = std::search_n(message_list->begin(), message_list->end(), 1, entry, eq_message_throttle_entry); +#endif if (found == message_list->end()) { // This message was not found. Add it to the list. @@ -136,8 +152,14 @@ BOOL LLMessageThrottle::addAgentAlert(const LLUUID& agent, const LLUUID& task, c LLMessageThrottleEntry entry(hash, LLFrameTimer::getTotalTime()); // Check if this message is already in the list. +#if _MSC_VER >= 1500 // VC9 has a bug in search_n + // SJB: This *should* work but has not been tested yet *TODO: Test! + message_list_iterator_t found = std::find_if(message_list->begin(), message_list->end(), + std::bind2nd(eq_message_throttle_entry(), entry)); +#else message_list_iterator_t found = std::search_n(message_list->begin(), message_list->end(), 1, entry, eq_message_throttle_entry); +#endif if (found == message_list->end()) { -- cgit v1.2.3