Buffer overflow vulnerability

[marcellp]

This plugin seems to crash my server when the server you're connected to returns large amounts of data. This is a reasonably big problem because it prevents people from using this plugin with protocols where large responses are the norm (HTTP, FTP data transfer, etc.).

I've compiled the plugin from the current source tree.

In order to reproduce this bug, establish a netcat listener on an arbitrary port:

nc -L -p 11111

Create a sample script for testing:

#include <a_samp>
#include <socket>

main()
{
    new Socket:sock = socket_create(TCP);
    if(is_socket_valid(sock)) {
        socket_connect(sock, "127.0.0.1", 11111);
    }
}

public onSocketAnswer(Socket:id, data[])
{
}

Run the server while the netcat listener is open. When the connection gets established, send a random 2048 byte input from nc:

X8PryYI4tzwuumABxDUNGovQFM3pGHD9EUIjjuzrvYtt68sk0H7LpYKY1Lw0sngaVkFzR0b9yo4kAtk8TyhKDcApncjEKDvy75tAAVxfYVB2RG5uVmGcVAGkavLprHHAfV3Rc7KKEN4pu5loXk94SvuOz1rL9XBqjqoysrzhAUtbl33Q4ckVe5hTKvMHQHKVXcwfG78AXU0MMvM6I8qmhuuOnAbLo59MnpOW1KSxatP2ZsIAgFaAvcmzsMhAAtbLfkDkyiKfmFQitYqGD4YnsXHImuhxnWJtgm4gPqJsVQPETmt3oUo6Vz3o7pREf2A3F91wG5ugFtSGgoxaVMJgg7YBZa8TVO7q64vPbsnYJxU44aGTWt4S5wGLbaUxr3brLQa8XOEjcRFQ4SPB88rC76Qu1G5R8ShHDve4E3WKE1KyVWAfiWaNnHGA5fw6kpRfixoIFcVj6bYUqviYoRFKuHmqUgYHMT9Jxlczjcmjgr6DFWePaEkwoFuoDPnDSUWKIVGVS7cELeCrLUbAQfEHbW3H9YiaGUJrUL1fkkc937RpDmha3ePAlEsupPFQrXcjD1IXUewibQpx10S09IfxWRQ0PsTBfPNnE1PwhWIZYqJzQW1MBlyBu7MbfuZe0bHt7NCAGAYWtJ03QzNnNAMpD5WwRt66G9UTT8hwyoARCelEiGfaZlOktwmUz2j4G6Ie9I1fbqDfaVWH7VjuyF1LNtG9wEtIABjnlxp7OmWfOF16lq7coThTONMkPoII6KH24zQkODoQHAphoEBWNT2u0OyFL6HzfIPfKJwejGghWOOxcz75lESZhf6xTLxANp48U0igOBXEKyaH86Fo4271jt0NJ4CZ2BMeiV9QnT8UnggOlIXC8ULUeXVftl3sEafyOfGHHHIWH6zjkh8AmlHBx1qt2B1IVzPtZLVhLWr2OOqfNhrjjf6N9G6RtWAzfFqmvFqCA4Aw0xlVJegyv8clRWXVjbD1KJ0K5Qug9NWEQaHHGcpwVb7MWiRKvGeNkHDKDBQxJc0PEPy1oTGOHz4o3gwRqsWVJIvxvyn6p7sZazMNxBCG5UR6oyvgaAPN9SuibPbEOEPfumuUWJuvNcw709BD5MagOiDf9xYV70AL9nz4KoFrjOemyOsYAiW7Yjb1Vmt0nDc2GrBR7i3uMJxm3Ihm8YaR62IitwoJWuIc8O05XWVHScNu9v5SFHHumcrzMYnAiHsJ68nj5XWB8xNkqtZ5YVhNh20mJQnzZjTkSE5EuNpWl1L81YJrDCFNFEiqe1ay3q24MMfVTzNHirwZCbA2YhgpVsAsuccJkwJXWKHTGgChOqSGt2rNooNop42WIXDok1smcHvSQ3kXXlobRp6BS0hx5eh9WfDSgai3bOwwp3CEvognIDZWSCm9E5hD61WYe36qRReUU84RDOuIu9NCgeGGxKxHqfIeNY2J3XWSm4MV0wnAhxLQALMIu1yi1XzQL0eVwx7x9YuuUP9xhCVvNGY7cvn7JNPF6TJt0v18zTL9MBXVnYGEQPDzmGw2iBckj2OuKTw99LFBWqYSZIJoPxI5GHeyzouUPTkg1tjwJxpEygSmmj2Mi0tcwTIGkyGCUxtLeLchlvqQQfyvHRlgGUsWvYW8VaiKyvOKSlOlD3E8DE0o5Cv5hkLnretEzQQ0MRpHbenBsx2S3kyLaADb5FyhB0CtxvM2ayirCGSeBjpZv6fgovW7ijM57DQkRCs4CXfCRfufXhjwQIxLl6cqCXb6KeuubFr1kMGMYP5iPruhZMh1oym7iGzUH7x6QJ7J42YqPnfOsPjUA5RzD7fxZUe4VnUOgwvpMwMqKtcgRFx1UhDMXbOiaVK3BrLArsetbcSIrqpGYHpIfsDltooCDm2vJhcPZ9VvTi4ebp0BVUShgotM79kTc3wy9BaJ85MuG7qZf2O0Ao9bMKzsBnJrXlBDLpBQ2whpVAHzt6kKrsvlMFyAtkJvmawnUHMZuFlQtG7KltaZC4aszzVIyVEAQVcK6B5hJ8A9xnkp1rKbiwRSi95iybHYIaHC2uQv

Expected behavior: the data[] string of the callback should contain the data returned by the server.
Observed behavior: the server crashes and shuts down.