Tampered Packets

[Krilliac]

Description:

Tampered/Manipulated Packets cause all kinds of weird behavior

Expected behaviour:

Find a way to filter, dispose and alert on tampered/manipulated packets

Steps to reproduce the problem:

Step 1 Using a Tool called Clumsy https://jagt.github.io/clumsy/index.html Step 2 you can set various options to simulate network latency on either the sending or receiving or both sides. Step 3 One of the options allows to send Tampered packets, which causes all kinds of weird behavior. Tick it and watch the fireworks. Operating system:

Win 10

Error dumps in direct result of packet manipulation

---

CRASH CRASH CRASH

Unhandled Exception: System.NullReferenceException: Object reference not set to
an instance of an object.
   at WorldCluster.Server.WC_Network.ClientClass.OnPacket(Object state) in C:\MV
B\mangosvb\src\Source\WorldCluster\Server\WC.Network.vb:line 716
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object sta
te)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionCo
ntext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C
ontextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWor
kItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

**--------------------------------------------------------------------------------------------------------------**

[05:15:59] Connection from [] caused an error System.ObjectDi
sposedException: Cannot access a disposed object.
Object name: 'System.Net.Sockets.Socket'.
   at System.Net.Sockets.Socket.BeginSend(Byte[] buffer, Int32 offset, Int32 siz
e, SocketFlags socketFlags, SocketError& errorCode, AsyncCallback callback, Obje
ct state)
   at System.Net.Sockets.Socket.BeginSend(Byte[] buffer, Int32 offset, Int32 siz
e, SocketFlags socketFlags, AsyncCallback callback, Object state)
   at WorldCluster.Server.WC_Network.ClientClass.Send(PacketClass& packet) in C:
\MVB\mangosvb\src\Source\WorldCluster\Server\WC.Network.vb:line 761

**--------------------------------------------------------------------------------------------------------------**

[05:15:59] System.NullReferenceException: Object reference not set to an instanc
e of an object.
   at WorldCluster.Server.WC_Network.ClientClass.OnPacket(Object state) in C:\MV
B\mangosvb\src\Source\WorldCluster\Server\WC.Network.vb:line 716
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object sta
te)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionCo
ntext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C
ontextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWor
kItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

**--------------------------------------------------------------------------------------------------------------**

System.OverflowException: Arithmetic operation resulted in an overflow.
   at mangosVB.WorldServer.WS_Maps.GetMapTileX(Single x) in C:\MVB\mangosvb\src\
Source\WorldServer\Maps\WS.Maps.vb:line 533
   at mangosVB.WorldServer.WS_CharMovement.On_MSG_MOVE_HEARTBEAT(PacketClass& pa
cket, ClientClass& client) in C:\MVB\mangosvb\src\Source\WorldServer\Handlers\WS
.Handlers.CharMovement.vb:line 530
   at mangosVB.WorldServer.WS_Network.ClientClass.OnPacket(Object state) in C:\M
VB\mangosvb\src\Source\WorldServer\Server\WS.Network.vb:line 391
[09:49:25] [68.103.205.91:55045] DEBUG: Packet Dump - Length=34
|  00 20 EE 00 00 00 01 00 00 00 BD D0 CF 3E 51 EE |    ?   ☺   ???>Q? |
|  A3 57 C3 BA 12 E3 28 B6 78 C2 97 4B 99 40 59 05 |  ?W??↕?(?x??K?@Y♣ |
|  00 00                                           |                   |

**--------------------------------------------------------------------------------------------------------------**
[09:49:25] CMSG_SETSHEATHED [137]
[09:49:25] Unhandled sheathe state [137]
**--------------------------------------------------------------------------------------------------------------**

[09:52:07] Error while applying aura for spell 2457:
System.OverflowException: Arithmetic operation resulted in an overflow.
   at mangosVB.WorldServer.WS_Maps.GetSubMapTileX(Single x) in C:\MVB\mangosvb\s
rc\Source\WorldServer\Maps\WS.Maps.vb:line 539
   at mangosVB.WorldServer.WS_CharMovement.UpdateCell(CharacterObject& Character
) in C:\MVB\mangosvb\src\Source\WorldServer\Handlers\WS.Handlers.CharMovement.vb
:line 810
   at mangosVB.WorldServer.WS_Spells.SPELL_EFFECT_DETECT(SpellTargets& Target, B
aseObject& Caster, SpellEffect& SpellInfo, Int32 SpellID, List`1& Infected, Item
Object& Item) in C:\MVB\mangosvb\src\Source\WorldServer\Spells\WS.Spells.vb:line
 3129
   at mangosVB.WorldServer.WS_Spells.SpellInfo.Apply(BaseObject& caster, SpellTa
rgets Targets) in C:\MVB\mangosvb\src\Source\WorldServer\Spells\WS.Spells.vb:lin
e 804
   at mangosVB.WorldServer.WS_PlayerHelper.InitializeTalentSpells(CharacterObjec
t objCharacter) in C:\MVB\mangosvb\src\Source\WorldServer\Player\WS.PlayerHelper
.vb:line 512
   at mangosVB.WorldServer.WS_Spells.SPELL_AURA_MOD_SHAPESHIFT(BaseUnit& Target,
 BaseObject& Caster, SpellEffect& EffectInfo, Int32 SpellID, Int32 StackCount, A
uraAction Action) in C:\MVB\mangosvb\src\Source\WorldServer\Spells\WS.Spells.vb:
line 4642
   at mangosVB.WorldServer.WS_Spells.ApplyAura(BaseUnit& auraTarget, BaseObject&
 Caster, SpellEffect& SpellInfo, Int32 SpellID) in C:\MVB\mangosvb\src\Source\Wo
rldServer\Spells\WS.Spells.vb:line 2851

**--------------------------------------------------------------------------------------------------------------**

[09:52:07] Error on login: System.OverflowException: Arithmetic operation result
ed in an overflow.
   at mangosVB.WorldServer.WS_Maps.GetSubMapTileX(Single x) in C:\MVB\mangosvb\s
rc\Source\WorldServer\Maps\WS.Maps.vb:line 539
   at mangosVB.WorldServer.WS_CharMovement.UpdateCell(CharacterObject& Character
) in C:\MVB\mangosvb\src\Source\WorldServer\Handlers\WS.Handlers.CharMovement.vb
:line 810
   at mangosVB.WorldServer.WS_Spells.SPELL_EFFECT_DETECT(SpellTargets& Target, B
aseObject& Caster, SpellEffect& SpellInfo, Int32 SpellID, List`1& Infected, Item
Object& Item) in C:\MVB\mangosvb\src\Source\WorldServer\Spells\WS.Spells.vb:line
 3129
   at mangosVB.WorldServer.WS_Spells.SpellInfo.Apply(BaseObject& caster, SpellTa
rgets Targets) in C:\MVB\mangosvb\src\Source\WorldServer\Spells\WS.Spells.vb:lin
e 804
   at mangosVB.WorldServer.WS_PlayerHelper.InitializeTalentSpells(CharacterObjec
t objCharacter) in C:\MVB\mangosvb\src\Source\WorldServer\Player\WS.PlayerHelper
.vb:line 512
   at mangosVB.WorldServer.WS_Network.WorldServerClass.ClientLogin(UInt32 id, UI
nt64 guid) in C:\MVB\mangosvb\src\Source\WorldServer\Server\WS.Network.vb:line 1
99

**--------------------------------------------------------------------------------------------------------------**

[05:15:59] [] No Packet Information in Queue
[05:15:59] Connection from [] cause error System.NullReferenc
eException: Object reference not set to an instance of an object.
   at mangosVB.WorldServer.WS_Network.ClientClass.OnPacket(Object state) in C:\M
VB\mangosvb\src\Source\WorldServer\Server\WS.Network.vb:line 407

[Krilliac]

No longer an issue with f1d8467d8829256f9843998bca0a9f939cc6519f but will remain open due to the issues stated above (Many more crash points exist through out the core if a player sends a corrupt packet)