|Line 105 makes your code vulnerable against [d]dos attacks. I can show how to change that. Would you be able to do so?|
Thanks for your time dealing with this and yes, I will be able to change the code if you show me how. I understand I have to pass the new msg_size and dst_size variables to the function calls, but I don't seem to understand how.
|Actually that would be not that simple. The problem would be the receive function. It would be an additional protection against invalid clients but it would not prevent the crash.|
I have contacted the original developer of the game. He said he's not dealing with the code anymore, but he had similar problem before. He said:
|all i did was send "hi iam client" from the client to the server before each new connection is accepted which will result in a 13 bytes, then in server look to recv these 13 bytes and if not, close the connection|
That way you will only allow connection through a real client only, he said.
EDIT: I added your code and changed all the lines that I received errors on for eg:
It required me to change a lot of code. A lot of things are dependent on that split function like login,password,charname - information that is sended from client to server and back are using this split function too. When I added your code and I tried to dos the server it didn't crashed! It was fine and running ok I was see that packet names that I am sending to server with the dos tool, but the server didn't crash! However, other things are screwed up like it doesn't accept user and password (says incorrect password) and it doesn't read the databases, since they are for e.g a in-game bot:
So basically yes, your code works just fine, but the whole server is screwed up :/
EDIT 2: I fixed it. I used your code as another void and added that split method only for the sockets and it worked! Server is not crashing and doing fine. Thank you very much for your time to deal with my problem man! I owe u a big one :>
EDIT 3: As I said, it works and server didn't crash, but still vulnerable to TCP dos attack. It will send so much packets that the server will get unresposible to other traffic. Now I really need to do something to prevent this. I think that time delay of 1 second between each new connection will do the job.
EDIT 4: I am stupid ! The server is displaying a message [ printf("usr-rcv-%d\n", etc); ] The someone is dossing he send packet name (e.g THIS IS DDOS) and server display that message 30000000 times in the cmd window and that's why it goes unresponsible! I removed the message and now it's fine, voila!