Skip to content

Critical DoS: malformed action crashes run_game (UnboundLocalError) #475

New issue
New issue
Closed
#486
Closed
Critical DoS: malformed action crashes run_game (UnboundLocalError)#475
#486
Milestone
netsecgame v 0.1.1
@eldraco

Description

@eldraco
eldraco
opened on Mar 5, 2026

Bug Report

Title

Unauthenticated malformed message crashes central game loop (single-packet DoS)

Severity

Critical

Affected Component

AIDojoCoordinator/coordinator.py (equivalent to hinted netsecgame/game/agent_server.py flow)

Vulnerability Type

Denial of Service (DoS) via unhandled exception / logic error

Description

The coordinator accepts raw network input from agents and pushes it to run_game(). In run_game(), JSON parsing failures are logged but not handled safely. The code continues to match action.type even when Action.from_json(message) failed, leaving action undefined.

This raises UnboundLocalError and terminates the main action-processing coroutine. A single unauthenticated client can send one malformed message and stop action processing for all players.

Evidence (Code References)

  • AIDojoCoordinator/coordinator.py:422-428: parse exception is caught and only logged.
  • AIDojoCoordinator/coordinator.py:429: match action.type is executed regardless of parse success.

Impact

  • Full service-level DoS of gameplay processing.
  • Affects all connected agents, not just attacker session.
  • Exploitable remotely without authentication.

Reproduction

  1. Connect to the game TCP port as an agent client.
  2. Send invalid/non-JSON payload (or malformed action JSON).
  3. The server logs parse failure, then raises on action.type.
  4. run_game() task dies; coordinator stops processing subsequent actions.

Example payload:

not-a-json-message

Root Cause

Control flow uses action outside the success path of Action.from_json(). The exception handler does not continue, default action, or return an error response.

Suggested Fix

  • After parse failure, immediately respond with BAD_REQUEST and continue the loop.
  • Wrap action dispatch (match action.type) in a safe guard that only runs if parsing succeeded.
  • Add regression test: malformed message must not crash run_game() and must produce error response.

Why This Is The Most Serious Issue

This is a one-packet, unauthenticated, service-wide kill-switch against the central coordinator loop, making it higher impact than per-connection hangs or protocol robustness issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions