Waterfall/BungeeCord-Patches/0056-Additional-DoS-mitigations.patch

240 lines
12 KiB
Diff

From 811cfe0f1dfcae2fff7c333beb3a28ddbbf4d221 Mon Sep 17 00:00:00 2001
From: "Five (Xer)" <admin@fivepb.me>
Date: Sat, 30 Jan 2021 18:04:14 +0100
Subject: [PATCH] Additional DoS mitigations
Some stricter length checks and cached exceptions to withstand more illegitimate connections
Courtesy of Tux and the Velocity Contributors. See:
https://github.com/VelocityPowered/Velocity/commit/5ceac16a821ea35572ff11412ace8929fd06e278
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
index d3559188..59f2cb73 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
@@ -57,6 +57,7 @@ public abstract class DefinedPacket
int len = readVarInt( buf );
if ( len > maxLen * 3 )
{
+ if(!MinecraftDecoder.DEBUG) throw STRING_TOO_MANY_BYTES_EXCEPTION; // Waterfall start: Additional DoS mitigations
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 3 + " (got " + len + " bytes)" );
}
@@ -65,6 +66,7 @@ public abstract class DefinedPacket
if ( s.length() > maxLen )
{
+ if(!MinecraftDecoder.DEBUG) throw STRING_TOO_LONG_EXCEPTION; // Waterfall start: Additional DoS mitigations
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen + " (got " + s.length() + " characters)" );
}
@@ -396,4 +398,21 @@ public abstract class DefinedPacket
@Override
public abstract String toString();
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ private static final OverflowPacketException STRING_TOO_LONG_EXCEPTION
+ = new OverflowPacketException("A string was longer than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final OverflowPacketException STRING_TOO_MANY_BYTES_EXCEPTION
+ = new OverflowPacketException("A string had more data than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return -1;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 0;
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
index f5e414c1..ac83e325 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
@@ -3,7 +3,7 @@ package net.md_5.bungee.protocol;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufUtil;
import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.DecoderException;
+import io.netty.handler.codec.CorruptedFrameException;
import io.netty.handler.codec.MessageToMessageDecoder;
import java.util.List;
import lombok.AllArgsConstructor;
@@ -56,10 +56,16 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
if ( packet != null )
{
packetTypeInfo = packet.getClass();
+ doLengthSanityChecks(in, packet, prot.getDirection(), packetId); // Waterfall: Additional DoS mitigations
packet.read( in, prot.getDirection(), protocolVersion );
if ( in.isReadable() )
{
+ // Waterfall start: Additional DoS mitigations
+ if(!DEBUG) {
+ throw PACKET_NOT_READ_TO_END;
+ }
+ // Waterfall end
throw new BadPacketException( "Packet " + protocol + ":" + prot.getDirection() + "/" + packetId + " (" + packet.getClass().getSimpleName() + ") larger than expected, extra bytes: " + in.readableBytes() );
}
} else
@@ -70,6 +76,11 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
out.add( new PacketWrapper( packet, slice ) );
slice = null;
} catch (BadPacketException | IndexOutOfBoundsException e) {
+ // Waterfall start: Additional DoS mitigations
+ if(!DEBUG) {
+ throw e;
+ }
+ // Waterfall end
final String packetTypeStr;
if (packetTypeInfo instanceof Integer) {
packetTypeStr = "id " + Integer.toHexString((Integer) packetTypeInfo);
@@ -87,4 +98,52 @@ public class MinecraftDecoder extends MessageToMessageDecoder<ByteBuf>
}
}
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public static final boolean DEBUG = Boolean.getBoolean("waterfall.packet-decode-logging");
+
+ // Cached Exceptions:
+ private static final CorruptedFrameException PACKET_LENGTH_OVERSIZED =
+ new CorruptedFrameException("A packet could not be decoded because it was too large. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final CorruptedFrameException PACKET_LENGTH_UNDERSIZED =
+ new CorruptedFrameException("A packet could not be decoded because it was smaller than allowed. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+ private static final BadPacketException PACKET_NOT_READ_TO_END =
+ new BadPacketException("Couldn't read all bytes from a packet. For more "
+ + "information, launch Waterfall with -Dwaterfall.packet-decode-logging=true");
+
+
+ private void doLengthSanityChecks(ByteBuf buf, DefinedPacket packet,
+ ProtocolConstants.Direction direction, int packetId) throws Exception {
+ int expectedMinLen = packet.expectedMinLength(buf, direction, protocolVersion);
+ int expectedMaxLen = packet.expectedMaxLength(buf, direction, protocolVersion);
+ if (expectedMaxLen != -1 && buf.readableBytes() > expectedMaxLen) {
+ throw handleOverflow(packet, expectedMaxLen, buf.readableBytes(), packetId);
+ }
+ if (buf.readableBytes() < expectedMinLen) {
+ throw handleUnderflow(packet, expectedMaxLen, buf.readableBytes(), packetId);
+ }
+ }
+
+ private Exception handleOverflow(DefinedPacket packet, int expected, int actual, int packetId) {
+ if (DEBUG) {
+ throw new CorruptedFrameException( "Packet " + packet.getClass() + " " + packetId
+ + " Protocol " + protocolVersion + " was too big (expected "
+ + expected + " bytes, got " + actual + " bytes)");
+ } else {
+ return PACKET_LENGTH_OVERSIZED;
+ }
+ }
+
+ private Exception handleUnderflow(DefinedPacket packet, int expected, int actual, int packetId) {
+ if (DEBUG) {
+ throw new CorruptedFrameException( "Packet " + packet.getClass() + " " + packetId
+ + " Protocol " + protocolVersion + " was too small (expected "
+ + expected + " bytes, got " + actual + " bytes)");
+ } else {
+ return PACKET_LENGTH_UNDERSIZED;
+ }
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
index 63e9d18d..545eec72 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
@@ -63,4 +63,17 @@ public class EncryptionResponse extends DefinedPacket
private final long salt;
private final byte[] signature;
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ // It turns out these come out to the same length, whether we're talking >=1.8 or not.
+ // The length prefix always winds up being 2 bytes.
+ if (protocolVersion >= ProtocolConstants.MINECRAFT_1_19) return -1;
+ return 260;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return expectedMaxLength(buf, direction, protocolVersion);
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
index 5186a6a8..3224b0d2 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
@@ -65,4 +65,13 @@ public class LoginRequest extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ // Accommodate the rare (but likely malicious) use of UTF-8 usernames, since it is technically
+ // legal on the protocol level.
+ if (protocolVersion >= ProtocolConstants.MINECRAFT_1_19) return -1;
+ return 1 + (16 * 3);
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
index 5f24d425..3163a771 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/PingPacket.java
@@ -7,6 +7,7 @@ import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import net.md_5.bungee.protocol.AbstractPacketHandler;
import net.md_5.bungee.protocol.DefinedPacket;
+import net.md_5.bungee.protocol.ProtocolConstants;
@Data
@NoArgsConstructor
@@ -34,4 +35,14 @@ public class PingPacket extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 8;
+ }
+
+ public int expectedMinLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 8;
+ }
+ // Waterfall end
}
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
index 738f0c92..ec33d337 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/StatusRequest.java
@@ -6,6 +6,7 @@ import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import net.md_5.bungee.protocol.AbstractPacketHandler;
import net.md_5.bungee.protocol.DefinedPacket;
+import net.md_5.bungee.protocol.ProtocolConstants;
@Data
@NoArgsConstructor
@@ -28,4 +29,10 @@ public class StatusRequest extends DefinedPacket
{
handler.handle( this );
}
+
+ // Waterfall start: Additional DoS mitigations, courtesy of Velocity
+ public int expectedMaxLength(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) {
+ return 0;
+ }
+ // Waterfall end
}
--
2.38.1