Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dialer conn: decode packet 3: varint overflows integer #234

Open
RestartFU opened this issue Jul 1, 2024 · 3 comments
Open

dialer conn: decode packet 3: varint overflows integer #234

RestartFU opened this issue Jul 1, 2024 · 3 comments

Comments

@RestartFU
Copy link

some servers (ex: skill-mine.ru:19133) send invalid varints on purpose, preventing anyone using gophertunnel to join their servers

when removing the panic:

2024/07/01 15:18:50 dialer conn: decode packet *packet.ServerToClientHandshake: 550 unread bytes left: 0x808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808
08080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080800065794a344e5855694f694a4e53466c335255465a53457476576b6c36616a42445156465a526b73305255564251306c45575764425
2566b335a32315154586c634c7a4e54596d6f776448523256337052566e4a4f566c7776597a4a795a7a6469517a424f6455466f646c525863334e4a556b6330627a5a4f4e446772555731634c7a427353304e7a593345784e484a7954575a5261465668596d6c616447513354305279656d5
63553473878566e4e5052306f354f537451645374754e554a4b57564e765430525455303830556c5234555570316157394565474a345a47704b566d3145496977695957786e496a6f6952564d7a4f44516966512e65794a7a59577830496a6f696431425153566878647a524d566a5674646
b4d784e5842574f4535705a7a3039496e302e585774556d685f722d586c4c4c766a7a5672762d6f553552574c5468445a77345a746b2d6c556a6e6c356870776b49626d4964644f4e734d69324b69315434557657454675334b34596f6448396649766b5935734269394b763445776d4877706b36704a4f536b6a446b68564e6b324a41735274696b34754456324f456f3375
Failed to connect to skill-mine.ru:19133: dial minecraft 192.168.2.157:51633->57.129.5.154:19133: use of closed network connection
@Flonja
Copy link
Contributor

Flonja commented Jul 1, 2024
edited
Loading

What's the entire buffer of ServerToClientHandshake? nvm

@Sandertv
Copy link
Owner

Sandertv commented Jul 1, 2024

The entire 808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808 080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808000 fragment is part of the varint fyi .-.

@Flonja
Copy link
Contributor

Flonja commented Jul 2, 2024
edited
Loading

After some debugging in the Discord server, a "patch" got written: (of course this would have to be copied onto other types as well)

func (r *Reader) Varuint32(x *uint32) {
    var v uint32
+    var i int
-    for i := 0; i < 35; i += 7 {
+    for {
        b, err := r.r.ReadByte()
        if err != nil {
            r.panic(err)
        }

        v |= uint32(b&0x7f) << i
        if b&0x80 == 0 {
            *x = v
            return
        }
+        i += 7
    }
-    r.panic(errVarIntOverflow)
}

It turns out the client won't stop reading until it gets to the "end".
This patch should be used temporarily though, since this is technically an issue on Bedrock's side where it doesn't have a strict limit on how much it should read.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sandertv @Flonja @RestartFU