Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
This patch is a backport of the one initially written for the master
branch.
Breaks the SSL communication with some servers,
do the same that the other curl, wget, firefox & co clients do.
Fixes#9146
(cherry picked from commit 5cabe5f0fc)
- TCP:
- `listen` bind to wildcard "*" -> dual stack socket
- `listen` bind to address -> socket from address type
- `connect` -> resolve using best protocol (UNSPEC), socket from address type
- UDP:
- `listen` bind to wildcard "*" -> dual stack socket
- `listen` bind to address -> socket from address type
- `put_packet`/`put_var` -> resolve using TYPE_ANY (UNSPEC), socket from address type
(to change socket type you must first call `close` it)
(cherry picked from commit 88a56ba783)
clang-format does not handle that well *at all*.
For the reference, found the relevant pieces of code with:
`ag "=[ "$'\t'"]?"$'\n'"[ "$'\t'"]?{" --ignore=thirdparty`
(cherry picked from commit 40323407df)
That year should bring the long-awaited OpenGL ES 3.0 compatible renderer
with state-of-the-art rendering techniques tuned to work as low as middle
end handheld devices - without compromising with the possibilities given
for higher end desktop games of course. Great times ahead for the Godot
community and the gamers that will play our games!
(cherry picked from commit c7bc44d5ad)
IP_Address changes:
- Converts to and from String transparently while handling IPv4 as IPv6
mapped (::ffff:[IP]) address internally.
- Completely remove AddrType enum.
- Setting/Getting of ip array is now only possible through dedicated functions
(ie. set_ipv4, get_ipv4, set_ipv6, get_ipv6)
- Add function to know if the address is a valid IPv4 (for IP implementation and enet)
(cherry picked from commit 1aff508dd9)
PacketPeerUDP/StreamPeerTCP/TCP_Server now uses an instance variable
to store the selected ip_type (IPv4/IPv6/ANY, where ANY = dual stack).
All calls to resolve addresses, sending/receving data, connecting/listening
will use that socket type.
(cherry picked from commit 95bdd97768)
Rémi Verschelde
Fabio Alessandrelli
James
Xavier Sellier
volzhs
Marcelo Fernandez
Raymoo
Indah Sylvia
Poommetee Ketson
Martin Capitanio
George Marques
Andreas Haas
Pedro J. Estébanez
Bojidar Marinov
Juan Linietsky
Karroffel
Ariel Manzur