Merge pull request #30306 from Faless/mp/safe_decode_3.0

[3.0] Multiplayer API now respects allow_object_decoding
This commit is contained in:
Rémi Verschelde 2019-07-04 08:10:47 +02:00 committed by GitHub
commit 0c4881f1db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 6 deletions

View File

@ -60,6 +60,8 @@
</methods> </methods>
<members> <members>
<member name="allow_object_decoding" type="bool" setter="set_allow_object_decoding" getter="is_object_decoding_allowed"> <member name="allow_object_decoding" type="bool" setter="set_allow_object_decoding" getter="is_object_decoding_allowed">
If [code]true[/code] the PacketPeer will allow encoding and decoding of object via [method get_var] and [method put_var].
[b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</member> </member>
</members> </members>
<constants> <constants>

View File

@ -1820,10 +1820,10 @@ void SceneTree::_rpc(Node *p_from, int p_to, bool p_unreliable, bool p_set, cons
if (p_set) { if (p_set) {
//set argument //set argument
Error err = encode_variant(*p_arg[0], NULL, len); Error err = encode_variant(*p_arg[0], NULL, len, !network_peer->is_object_decoding_allowed());
ERR_FAIL_COND(err != OK); ERR_FAIL_COND(err != OK);
MAKE_ROOM(ofs + len); MAKE_ROOM(ofs + len);
encode_variant(*p_arg[0], &packet_cache[ofs], len); encode_variant(*p_arg[0], &packet_cache[ofs], len, !network_peer->is_object_decoding_allowed());
ofs += len; ofs += len;
} else { } else {
@ -1832,10 +1832,10 @@ void SceneTree::_rpc(Node *p_from, int p_to, bool p_unreliable, bool p_set, cons
packet_cache[ofs] = p_argcount; packet_cache[ofs] = p_argcount;
ofs += 1; ofs += 1;
for (int i = 0; i < p_argcount; i++) { for (int i = 0; i < p_argcount; i++) {
Error err = encode_variant(*p_arg[i], NULL, len); Error err = encode_variant(*p_arg[i], NULL, len, !network_peer->is_object_decoding_allowed());
ERR_FAIL_COND(err != OK); ERR_FAIL_COND(err != OK);
MAKE_ROOM(ofs + len); MAKE_ROOM(ofs + len);
encode_variant(*p_arg[i], &packet_cache[ofs], len); encode_variant(*p_arg[i], &packet_cache[ofs], len, !network_peer->is_object_decoding_allowed());
ofs += len; ofs += len;
} }
} }
@ -2018,7 +2018,7 @@ void SceneTree::_network_process_packet(int p_from, const uint8_t *p_packet, int
ERR_FAIL_COND(ofs >= p_packet_len); ERR_FAIL_COND(ofs >= p_packet_len);
int vlen; int vlen;
Error err = decode_variant(args[i], &p_packet[ofs], p_packet_len - ofs, &vlen); Error err = decode_variant(args[i], &p_packet[ofs], p_packet_len - ofs, &vlen, network_peer->is_object_decoding_allowed());
ERR_FAIL_COND(err != OK); ERR_FAIL_COND(err != OK);
//args[i]=p_packet[3+i]; //args[i]=p_packet[3+i];
argp[i] = &args[i]; argp[i] = &args[i];
@ -2044,7 +2044,7 @@ void SceneTree::_network_process_packet(int p_from, const uint8_t *p_packet, int
ERR_FAIL_COND(ofs >= p_packet_len); ERR_FAIL_COND(ofs >= p_packet_len);
Variant value; Variant value;
decode_variant(value, &p_packet[ofs], p_packet_len - ofs); decode_variant(value, &p_packet[ofs], p_packet_len - ofs, NULL, network_peer->is_object_decoding_allowed());
bool valid; bool valid;