Index and count must refer to a location within the buffer. How to solve (Parameter 'bytes') error
Hello, we opened an online game 2 days ago and today our game was attacked. The error in the attack is: "Index and count must refer to a location within the buffer. (Parameter 'bytes')" and we had a proxy attack, which causes the server to shut down. Does anyone know how to solve this error? I think it is caused by a corrupted packet sending error.
87 Replies
not enough detail, but you are presumably trying to access a range of data within a buffer that is not the right size to possibly contain it
Wipe the server and restore backup from before the attack?
the full exception and sample of the code throwing it would be helpful
with no context i would assume the "attack" is sending malformed packets that the server is not correctly handling/rejecting
how
using your backups
Ah, wait, is the attack that they're spamming some invalid packets?
Ot did they break the server itself?
i'm guessing it's not an issue that requires that though, they're probably just taking advantage of bugs in your code
I don't know anything about network, but I think the file about the error is:
i'm not going to read an 18kb source file without knowing what is throwing the exception
Yes
help us help you, narrow it down to the code that's breaking
So the server code itself has been altered by the attackers somehow?
Or are the packets sent by them simply what causes errors in the server code, and regular traffic works fine?
I think I can't fully tell my problem
Seems so
Jimmacle
the full exception and sample of the code throwing it would be helpful
Quoted by
React with ❌ to remove this embed.
my English is not very good what do i mean here
the exception and stack trace are the details of the error
that will say exactly what the problem is and what code is throwing it
then we need to see the code that is throwing that exception
So you want me to throw the code that gives the error?
The stack trace will have something like
error ... occured in file Scrunglo.cs on line 420:69
That will tell you which bit exactly causes the issueThere is no such mistake here
then where did you get
Index and count must refer to a location within the buffer. (Parameter 'bytes') from?He just gives the error in the title
that looks like an exception message
if that's all you have then your error logging is inadequate
we can't help with only that information
you need to log the stack trace
the stack trace says which code isn't working
ex.ToString() not only ex.Messagealso this shouldn't be crashing your server, at worst it should drop the offending connection
unfortunately it collapses
that is a problem with your code
Here's the problem there, I'm not good on the network side
so far you haven't given us enough information to help you
you don't need to know network, just basic C# debugging
If you just look at the code I throw and look at me with the error, wouldn't it be?
the error you are sharing doesn't say what line of code is throwing the error
that is the bare minimum information we need to get started
So how do I learn it?
Jimmacle
you need to log the stack trace
Quoted by
React with ❌ to remove this embed.
Sehra
ex.ToString() not only ex.MessageQuoted by
React with ❌ to remove this embed.
catch (Exception ex)
{
Logger.Print($"Unexpected error from {clientIp}: {ex.Message}");
WebhookHelper.SendNotification($"Unexpected error from {clientIp}: {ex.Message}");
RemoveConnection(connection);
}
ex.Message is wrong
make it ex.ToString()true?
yes
This will give me my code with error
yes
ohh
that will log what we need
Ok
I will come back
And
Created account number
yani bunun anlamı: case 10100:
ClientHelloReceived((ClientHelloMessage)message);
break;
case 10101:
LoginReceived((AuthenticationMessage)message);
break;
attack
i don't know what language that is or what relevance that has to the issue
get the log first, then we'll go from there
okeyy
it doesn't look like you changed anything
fuckkk
I forgot
😐
do you see how that's an entirely different error preventing your code from getting to the point of throwing the error we care about?
Yeah, but why can't he throw Webhook?
What should I do?
i really don't know how to help you, it's starting to seem like you don't understand how to debug C# code
you broke your program so it's not giving the same error anymore, so we still don't have the info we need
So this is good something bad?
bad
like, you're reading the error message right
it's now failing to accept connections at all, not just getting errors inside a connection
Could this be related to sending a broken package?
My logging form was Webhook, Webhook gives an error, what kind of loging I need to do now
you need to fix the bug you just introduced
?
Then do I need to translate this code?
But the WebHook Error is an unusual mistake
yes, you broke your webhook which is not related to the issue we are trying to fix
Actually I didn't break them they broke
The other side broke
@Jimmacle Now there is a problem in Webhook or this code?
idk man, it's your code
and you haven't been able to share detailed errors
BadRequest means it's a problem on your side, not the webhook side
So there is a mistake here
I don't need to remove the webhook system so?
i can't give you the answer
i have very little information about your code
you know better than i do
@Jimmacle
I got the outputs of the mistake
@Angius
yeah your networking code is just weak
it's being broken by the incoming message saying that a string is longer than it really is
or there's no string at all and it's just garbage data
Can you help me?
i can't fix it for you
i can help you fix it yourself
If I throw you a mistake now, then I throw the code I made?
this is pretty simple though, you're just missing a bounds check
but i assume the entire network stack has issues like this
error: DEBUG] Unexpected error from 64.202.184.249: System.ArgumentOutOfRangeException: Index and count must refer to a location within the buffer. (Parameter 'bytes')
at System.Text.UTF8Encoding.GetString(Byte[] bytes, Int32 index, Int32 count)
at Supercell.Laser.Titan.DataStream.ByteStream.ReadString(Int32 maxCapacity) in C:\Users\Administrator\Desktop\time brawl\src\Supercell.Laser.Titan\DataStream\ByteStream.cs:line 214
at normal code public string ReadString(int maxCapacity = 9000000)
{
int length = this.ReadBytesLength();
if (length <= -1)
{
return null;
}
else
{
if (length <= maxCapacity)
{
string value = Encoding.UTF8.GetString(this.Buffer, this.Offset, length);
this.Offset += length;
return value;
}
return null;
}
} fix: public string ReadString(int maxCapacity = 9000000)
{
int length = this.ReadBytesLength();
if (length <= 0 || length > maxCapacity) // Negatif veya çok büyük değerleri engelle
{
return null;
}
if (this.Offset + length > this.Buffer.Length) // Buffer sınırlarını kontrol et
{
Console.WriteLine("HATA: Geçersiz uzunluk veya buffer sınırı aşıldı!");
return null;
}
string value = Encoding.UTF8.GetString(this.Buffer, this.Offset, length);
this.Offset += length;
return value;
}
@Jimmacle For example, is this enough
?
try it and see
I can never do this alone ...
i mean, you wrote the code already right?
test it and see if it fixes the problem
no
then what did you just send me as the "fix"?
Ai coded
this server is ultimately to help you learn to help yourself
we're not here to review AI generated code or do the work for you
You are right, but this is an important moment
then you should be putting in the effort to understand the problem and fix it
the fact you deployed vulnerable code to production and don't understand it well enough to fix it doesn't make this a priority for me