I have a client app on Android using Java, and a server on my laptop in a Unity game. Both are on same network, and I got them to connect. When I send a small string message from client to server, though, the server blocks it with this warning:
ReadMessageBlocking: possible allocation attack with a header of 1298494342 bytes. How should I even begin approaching this roadblock?
For server, I'm using Unity's Mirror library, that is built on top of the Telepathy framework. For client, I followed the client part of this tutorial.
This (from Telepathy) contains the relevant method (ReadMessageBlocking) that throws this warning. I tried setting the MaxMessageSize to int.MaxValue (which comes to 2 GB) to at least accept the message so I could inspect it by printing its contents, but no avail.
I don't have a problem with ReadMessageBlocking, it's there for good reason. My concern is: Why in the world is my android, allegedly, sending a 1 GB header with the string? What can I do about it?
Edit: This is the relevant function that sends message from client (as given in the tutorial mentioned earlier.)
void sendMessage(final String message) {
new Thread(new Runnable() {
@Override
public void run() {
try {
if (null != socket) {
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(socket.getOutputStream())),
true);
out.println(message);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}).start();
}
}
For (Unity) server to receive, I didn't write anything. The warning comes from Telepathy's internal message handling function, which I think is the ReceiveLoop here.
I figured it out. Telepathy (and by extension, Mirror) uses a byte[] array to communicate packets, with the usual format of <size,message>. That means, the size (in bytes) of the message you want to send needs to be specified in the array first, followed by the bytes of the actual message content.
Since I'm using Java on the other side, DataOutputStream makes it a bit easier:
DataOutputStream d_out = new DataOutputStream(socket.getOutputStream());
byte [] byte_message = message.getBytes();
d_out.writeInt(byte_message.length);
d_out.write(byte_message);
Since I wasn't using DataOutputStream earlier, Telepathy interpreted the full message content as size and crying. So the full working Send code now looks like this:
void sendMessage(final String message) {
new Thread(new Runnable() {
@Override
public void run() {
try {
if (null != socket) {
DataOutputStream d_out = new
DataOutputStream(socket.getOutputStream());
byte [] byte_message = message.getBytes();
d_out.writeInt(byte_message.length);
d_out.write(byte_message);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}).start();
}
}