View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000057||Volume 2||Bug||public||2019-05-06 13:37||2019-05-18 12:34|
|Product Version||Issue 1|
|Target Version||Issue 2||Fixed in Version|
|Summary||0000057: Elminate unsafe string handling in dbserver|
|Description||Clients talk directly to the dbserver; it's visible to the outside world. dbserver happily passes messages around to the various other servers that aren't exposed to the Internet in general.|
dbserver uses unsafe string handling functions (an example would be using "strcpy()" instead of "strncpy()"), which makes it a prime target for buffer overruns/underruns... these sorts of bugs are highly exploitable, and it makes the dbserver a potential target for denial of service attacks.
As a step towards making dbserver more secure, I'll replace unsafe string functions with safe ones.
|Additional Information||I haven't looked at the code yet, this was mentioned by @asuffield on Discord.|
This type of low-hanging fix will also be applied to the rest of the code, in roughly this order:
* servers that are accessible to the Internet at large
* game client
* servers that are only accessible from other servers.
IMHO this is very important because the messages passed between servers/clients/etc. are all string based.
|Tags||No tags attached.|
||This is on hold until we start adding unit tests. Unsafe string handling is bad, but if there's no actual way to exploit it, it's not a big deal.|