We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SprotoRPC.cs中的核心函数 Dispatch中,有如下判断: info.Response = null; if (this.package.HasSession) { long session = this.package.session; info.Response = delegate (SprotoTypeBase response) {
info.Response = null; if (this.package.HasSession) { long session = this.package.session; info.Response = delegate (SprotoTypeBase response) {
这样写的后果是,如果客户端发包带有session,则info.Response被赋值;如果客户端发包不带session,则info.Response不被赋值。 当客户端调整逻辑时,或刻意发送错误的包时,会导致服务器逻辑中Response出现null
这个问题会变成一个很难防范的服务器漏洞——除非我们对所有的sinfo.Response都判断是否为空,否则就会出现空引用异常,非常危险。 即便服务器做了针对null的异常处理,也会导致逻辑在执行到一半时中止(执行到Response时中止),依然有很大风险。
我目前在自己的项目中设计为:无论package.session是否存在,都给Response附上一个值,就算出问题也是客户端收包出问题,不会有更多不良影响。请考虑。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
SprotoRPC.cs中的核心函数 Dispatch中,有如下判断:
info.Response = null; if (this.package.HasSession) { long session = this.package.session; info.Response = delegate (SprotoTypeBase response) {这样写的后果是,如果客户端发包带有session,则info.Response被赋值;如果客户端发包不带session,则info.Response不被赋值。
当客户端调整逻辑时,或刻意发送错误的包时,会导致服务器逻辑中Response出现null
这个问题会变成一个很难防范的服务器漏洞——除非我们对所有的sinfo.Response都判断是否为空,否则就会出现空引用异常,非常危险。
即便服务器做了针对null的异常处理,也会导致逻辑在执行到一半时中止(执行到Response时中止),依然有很大风险。
我目前在自己的项目中设计为:无论package.session是否存在,都给Response附上一个值,就算出问题也是客户端收包出问题,不会有更多不良影响。请考虑。
The text was updated successfully, but these errors were encountered: