View Issue Details

IDProjectCategoryView StatusLast Update
0000057Volume 2Bugpublic2019-05-18 12:34
ReporterTafferAssigned ToTaffer 
PrioritynormalSeveritymajorReproducibilityalways
Status assignedResolutionopen 
Product VersionIssue 1 
Target VersionIssue 2Fixed in Version 
Summary0000057: Elminate unsafe string handling in dbserver
DescriptionClients talk directly to the dbserver; it's visible to the outside world. dbserver happily passes messages around to the various other servers that aren't exposed to the Internet in general.

dbserver uses unsafe string handling functions (an example would be using "strcpy()" instead of "strncpy()"), which makes it a prime target for buffer overruns/underruns... these sorts of bugs are highly exploitable, and it makes the dbserver a potential target for denial of service attacks.

As a step towards making dbserver more secure, I'll replace unsafe string functions with safe ones.
Additional InformationI haven't looked at the code yet, this was mentioned by @asuffield on Discord.

This type of low-hanging fix will also be applied to the rest of the code, in roughly this order:

* servers that are accessible to the Internet at large
* game client
* servers that are only accessible from other servers.

IMHO this is very important because the messages passed between servers/clients/etc. are all string based.
TagsNo tags attached.
subsystem

Activities

Taffer

2019-05-07 11:00

developer   ~0000040

https://stackoverflow.com/questions/6747995/a-complete-list-of-unsafe-string-handling-functions-and-their-safer-replacements

Taffer

2019-05-18 12:34

developer   ~0000065

This is on hold until we start adding unit tests. Unsafe string handling is bad, but if there's no actual way to exploit it, it's not a big deal.

Issue History

Date Modified Username Field Change
2019-05-06 13:37 Taffer New Issue
2019-05-06 13:37 Taffer Status new => assigned
2019-05-06 13:37 Taffer Assigned To => Taffer
2019-05-07 11:00 Taffer Note Added: 0000040
2019-05-18 12:34 Taffer Note Added: 0000065