Waterfall/BungeeCord-Patches/0055-Additional-DoS-mitigations.patch

262 lines
13 KiB
Diff
Raw Normal View History

From 55d33b55acd0b62aa1afed32c926229200ae9e42 Mon Sep 17 00:00:00 2001
From: "Five (Xer)" <admin@fivepb.me>
Date: Sat, 30 Jan 2021 18:04:14 +0100
Subject: [PATCH] Additional DoS mitigations
Some stricter length checks and cached exceptions to withstand more illegitimate connections
Courtesy of Tux and the Velocity Contributors. See:
https://github.com/VelocityPowered/Velocity/commit/5ceac16a821ea35572ff11412ace8929fd06e278
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
index 1fdf7053..aac03774 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
@@ -62,6 +62,7 @@ public abstract class DefinedPacket
int len = readVarInt( buf );
if ( len > maxLen * 3 )
{
+ if(!MinecraftDecoder.DEBUG) throw STRING_TOO_MANY_BYTES_EXCEPTION; // Waterfall start: Additional DoS mitigations
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 3 + " (got " + len + " bytes)" );
}
@@ -70,6 +71,7 @@ public abstract class DefinedPacket
if ( s.length() > maxLen )
{
+ if(!MinecraftDecoder.DEBUG) throw STRING_TOO_LONG_EXCEPTION; // Waterfall start: Additional DoS mitigations
2021-09-29 04:37:21 +02:00
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen + " (got " + s.length() + " characters)" );
}
@@ -499,4 +501,21 @@ public abstract class DefinedPacket
@Override
public abstract String toString();
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ private static final OverflowPacketException STRING_TOO_LONG_EXCEPTION
+ = new OverflowPacketException("A string was longer than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final OverflowPacketException STRING_TOO_MANY_BYTES_EXCEPTION
+ = new OverflowPacketException("A string had more data than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return -1;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 0;
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
index 52f76cd9..3a4a735c 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
@@ -3,7 +3,7 @@ package net.md_5.bungee.protocol;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufUtil;
import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.DecoderException;
+import io.netty.handler.codec.CorruptedFrameException;
import io.netty.handler.codec.MessageToMessageDecoder;
import java.util.List;
import lombok.AllArgsConstructor;
2023-09-21 12:33:23 +02:00
@@ -58,10 +58,16 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
if ( packet != null )
{
packetTypeInfo = packet.getClass();
+ doLengthSanityChecks(in, packet, prot.getDirection(), packetId); // Waterfall: Additional DoS mitigations
packet.read( in, protocol, prot.getDirection(), protocolVersion );
if ( in.isReadable() )
{
+ // Waterfall start: Additional DoS mitigations
+ if(!DEBUG) {
+ throw PACKET_NOT_READ_TO_END;
+ }
+ // Waterfall end
throw new BadPacketException( "Packet " + protocol + ":" + prot.getDirection() + "/" + packetId + " (" + packet.getClass().getSimpleName() + ") larger than expected, extra bytes: " + in.readableBytes() );
}
} else
@@ -72,6 +78,25 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
out.add( new PacketWrapper( packet, slice, protocol ) );
slice = null;
} catch (BadPacketException | IndexOutOfBoundsException e) {
+ // Waterfall start: Additional DoS mitigations
+ if(!DEBUG) {
+ throw e;
+ }
+ // Waterfall end
+ final String packetTypeStr;
+ if (packetTypeInfo instanceof Integer) {
+ packetTypeStr = "id " + Integer.toHexString((Integer) packetTypeInfo);
+ } else if (packetTypeInfo instanceof Class) {
+ packetTypeStr = "class " + ((Class) packetTypeInfo).getSimpleName();
+ } else {
+ packetTypeStr = "unknown";
+ }
+ throw new FastDecoderException("Error decoding packet " + packetTypeStr + " with contents:\n" + ByteBufUtil.prettyHexDump(slice), e); // Waterfall
+ // Waterfall start
+ } catch (Exception e) {
+ if (!DEBUG) {
+ throw e;
+ }
final String packetTypeStr;
if (packetTypeInfo instanceof Integer) {
packetTypeStr = "id " + Integer.toHexString((Integer) packetTypeInfo);
@@ -81,6 +106,7 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
packetTypeStr = "unknown";
}
throw new FastDecoderException("Error decoding packet " + packetTypeStr + " with contents:\n" + ByteBufUtil.prettyHexDump(slice), e); // Waterfall
+ // Waterfall end
} finally
{
if ( slice != null )
@@ -89,4 +115,52 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
}
}
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public static final boolean DEBUG = Boolean.getBoolean("waterfall.packet-decode-logging");
+
+ // Cached Exceptions:
+ private static final CorruptedFrameException PACKET_LENGTH_OVERSIZED =
+ new CorruptedFrameException("A packet could not be decoded because it was too large. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final CorruptedFrameException PACKET_LENGTH_UNDERSIZED =
+ new CorruptedFrameException("A packet could not be decoded because it was smaller than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final BadPacketException PACKET_NOT_READ_TO_END =
+ new BadPacketException("Couldn't read all bytes from a packet. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+
+
+ private void doLengthSanityChecks(ByteBuf buf, DefinedPacket packet,
+ ProtocolConstants.Direction direction, int packetId) throws Exception {
+ int expectedMinLen = packet.expectedMinLength(buf, direction, protocolVersion);
+ int expectedMaxLen = packet.expectedMaxLength(buf, direction, protocolVersion);
+ if (expectedMaxLen != -1 && buf.readableBytes() > expectedMaxLen) {
+ throw handleOverflow(packet, expectedMaxLen, buf.readableBytes(), packetId);
+ }
+ if (buf.readableBytes() < expectedMinLen) {
+ throw handleUnderflow(packet, expectedMaxLen, buf.readableBytes(), packetId);
+ }
+ }
+
+ private Exception handleOverflow(DefinedPacket packet, int expected, int actual, int packetId) {
+ if (DEBUG) {
+ throw new CorruptedFrameException( "Packet " + packet.getClass() + " " + packetId
+ + " Protocol " + protocolVersion + " was too big (expected "
+ + expected + " bytes, got " + actual + " bytes)");
+ } else {
+ return PACKET_LENGTH_OVERSIZED;
+ }
+ }
+
+ private Exception handleUnderflow(DefinedPacket packet, int expected, int actual, int packetId) {
+ if (DEBUG) {
+ throw new CorruptedFrameException( "Packet " + packet.getClass() + " " + packetId
+ + " Protocol " + protocolVersion + " was too small (expected "
+ + expected + " bytes, got " + actual + " bytes)");
+ } else {
+ return PACKET_LENGTH_UNDERSIZED;
+ }
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
index 63e9d18d..545eec72 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
2022-06-07 20:01:42 +02:00
@@ -63,4 +63,17 @@ public class EncryptionResponse extends DefinedPacket
2022-06-07 19:12:20 +02:00
private final long salt;
private final byte[] signature;
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ // It turns out these come out to the same length, whether we're talking >=1.8 or not.
+ // The length prefix always winds up being 2 bytes.
2022-06-07 20:01:42 +02:00
+ if (protocolVersion >= ProtocolConstants.MINECRAFT_1_19) return -1;
+ return 260;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return expectedMaxLength(buf, direction, protocolVersion);
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
2023-09-21 12:33:23 +02:00
index e62a3a03..9789215c 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
2023-09-21 12:33:23 +02:00
@@ -71,4 +71,13 @@ public class LoginRequest extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ // Accommodate the rare (but likely malicious) use of UTF-8 usernames, since it is technically
+ // legal on the protocol level.
2022-06-07 20:01:42 +02:00
+ if (protocolVersion >= ProtocolConstants.MINECRAFT_1_19) return -1;
+ return 1 + (16 * 3);
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
index 5f24d425..3163a771 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
@@ -7,6 +7,7 @@ import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import net.md_5.bungee.protocol.AbstractPacketHandler;
import net.md_5.bungee.protocol.DefinedPacket;
+import net.md_5.bungee.protocol.ProtocolConstants;
@Data
@NoArgsConstructor
@@ -34,4 +35,14 @@ public class PingPacket extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 8;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 8;
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
index 738f0c92..ec33d337 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
@@ -6,6 +6,7 @@ import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import net.md_5.bungee.protocol.AbstractPacketHandler;
import net.md_5.bungee.protocol.DefinedPacket;
+import net.md_5.bungee.protocol.ProtocolConstants;
@Data
@NoArgsConstructor
@@ -28,4 +29,10 @@ public class StatusRequest extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 0;
+ }
+ // Waterfall end
}
--
2.42.1