1. Hey! Guest! The 34th GMC Jam will take place between August 22nd, 12:00 UTC (Thursday noon) and August 26th, 12:00 UTC (Monday noon). Why not join in! Click here to find out more!
    Dismiss Notice

GM:S 1.4 [Solved] Fatal Error when reciving a 0 size buffer from network.

Discussion in 'Programming' started by Adanlink, Mar 6, 2019.

  1. Adanlink

    Adanlink Member

    Joined:
    Feb 26, 2019
    Posts:
    2
    Hi, I'm making a multiplayer game (with UDP and GMS 1.4.9999) that has a server and a client.
    The client doing this little piece of code:
    Code:
    socket = network_create_socket(network_socket_udp);
    buffer = buffer_create(1, buffer_grow, 1);
    buffer_seek(buffer, buffer_seek_start, 0);
    network_send_udp(socket, 127.0.0.1, 27450, buffer, buffer_tell(buffer));
    
    It has the capacity of crashing all the entire server with this beautifull error:
    Code:
    ERROR!!! :: ############################################################################################
    FATAL ERROR in
    action number 1
    of PreCreate Event
    for object obj_network:
    
    
    buffer_create: Illegal size 0
    ############################################################################################
    
    The server only has an object named "obj_network" that is in the only room. This object only has de Create Event with this only piece of code:
    Code:
    serversocket = network_create_socket_ext(network_socket_udp, 27450);
    
    Is this an unavoidable error? I don't want to let the malicious users crash the server that easly xD
     
  2. Simon Gust

    Simon Gust Member

    Joined:
    Nov 15, 2016
    Posts:
    3,149
    When I try this code I get no error on the buffer's behalf at least, using version 1.4.8404
    Try making the buffer a bit bigger or try filling it.

    What I do find interesting is this
    Code:
    network_send_udp(socket, 127.0.0.1, 27450, buffer, buffer_tell(buffer));
    
    the ip's format like that is not a real format and should be a string
    Code:
    network_send_udp(socket, "127.0.0.1", 27450, buffer, buffer_tell(buffer));
    
     
  3. FrostyCat

    FrostyCat Member

    Joined:
    Jun 26, 2016
    Posts:
    4,327
    @Simon Gust:

    This isn't about making the buffer bigger or adding data to it, I'm sure the original poster is past that point. This is about how it's possible to crash a GMS-made game with a listening UDP port simply by sending it an intentionally crafted packet.

    In any case, I don't think this will be going anywhere. GMS 1.4 has been past sunset since last July, and it has never been a good idea to write a central server in any version of GMS. Now if there is a reproduction on GMS 2, then that may be worth talking about.
     
  4. Simon Gust

    Simon Gust Member

    Joined:
    Nov 15, 2016
    Posts:
    3,149
    So you know why the error came up? And what it is about? Because I would like to know.
     
  5. FrostyCat

    FrostyCat Member

    Joined:
    Jun 26, 2016
    Posts:
    4,327
    The original poster has made it pretty clear what the error was about and where it comes from.
    • The client sends a packet with main body length 0.
    • The server receives this packet, and prepares for a Network event by creating a buffer of the same size as the body for async_load[? "buffer"].
    • The buffer mechanism doesn't allow creating buffers of size 0, and crashes the server with an error.
    This is a "ping of death" attack that could be executed against any vulnerable GMS-made executables that listen to TCP or UDP ports via the built-in Networking functions.
     
  6. YellowAfterlife

    YellowAfterlife ᴏɴʟɪɴᴇ ᴍᴜʟᴛɪᴘʟᴀʏᴇʀ Forum Staff Moderator

    Joined:
    Apr 21, 2016
    Posts:
    2,355
    Testing the following in GMS2, it does not crash and shows a zero-size packet as intended
    Code:
    socket = network_create_server(network_socket_udp, 5000, 1);
    buffer = buffer_create(1, buffer_grow, 1);
    buffer_seek(buffer, buffer_seek_start, 0);
    network_send_udp(socket, "127.0.0.1", 5000, buffer, buffer_tell(buffer));
    
    and in async
    Code:
    show_debug_message(json_encode(async_load));
    So, I guess your options are
     
    Adanlink likes this.
  7. Adanlink

    Adanlink Member

    Joined:
    Feb 26, 2019
    Posts:
    2
    I will accept my fate then (will die trying to learn how to do a server in C# and PostgreSQL). Thx to all of you and have a nice day!
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice