aMule Forum

English => aMule crashes => Topic started by: Lotta on April 15, 2016, 05:25:10 PM

Title: Crash: wxFail in CUpDownClient::ProcessPublicKeyPacket()
Post by: Lotta on April 15, 2016, 05:25:10 PM

Hi!

I just posted a backtrace in http://forum.amule.org/index.php?topic=21315.0 due to a crash, which I can reproduce also with aMule-SVN-r10915 (from tarball).

wxFail is raised in CUpDownClient::ProcessPublicKeyPacket() because
        nSize > 250
and
        pachPacket[0] != nSize-1
and surely it's not an accident that nSize-1-pachPacket[0] turns out to be 256 in this case.

Anything known about this erroneous setting of bit 8 in nSize?

Title: Re: Crash: wxFail in CUpDownClient::ProcessPublicKeyPacket()
Post by: Lotta on April 16, 2016, 02:07:15 AM

Actually, it's even in the logs:

.2016-04-15 17:02:23: ClientTCPSocket.cpp(1969): Remote Client Protocol: Packet with protocol c5, opcode 85, size 421 received from ...

But statistics indicate that for protocol c5 (OP_EMULEPROT) and opcode 85 (OP_PUBLICKEY) the size should always be 77. And also according to the source, size 421 (which agrees with the size given in the packet header) definitely isn't allowed for this type of packet. Brief, some remote client sends a malformed packet with protocol c5, opcode 85.

Question to the adepts: What should be done with such a defective packet? How to discard it cleanly?

Title: Re: Crash: wxFail in CUpDownClient::ProcessPublicKeyPacket()
Post by: GonoszTopi on May 06, 2016, 10:37:59 PM

Should be fixed now by revision 10922.