summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorFlavioJS <FlavioJS@54d463be-8e91-2dee-dedb-b68131a5f0ec>2009-02-20 05:53:50 +0000
committerFlavioJS <FlavioJS@54d463be-8e91-2dee-dedb-b68131a5f0ec>2009-02-20 05:53:50 +0000
commit6765daf13f27924282acbeed84f4481c04338596 (patch)
tree688a75b1a4dfbf80eaf9e776a1e201c60bc80676 /src/common
parent2d6cf0c06e355b0e697b5372a03e189d75893502 (diff)
downloadhercules-6765daf13f27924282acbeed84f4481c04338596.tar.gz
hercules-6765daf13f27924282acbeed84f4481c04338596.tar.bz2
hercules-6765daf13f27924282acbeed84f4481c04338596.tar.xz
hercules-6765daf13f27924282acbeed84f4481c04338596.zip
* Modified WFIFOSET to trigger a fatal error when trying to send a packet that is too big.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13539 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/common')
-rw-r--r--src/common/socket.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/common/socket.c b/src/common/socket.c
index 11493fef4..deba0e97b 100644
--- a/src/common/socket.c
+++ b/src/common/socket.c
@@ -630,11 +630,19 @@ int WFIFOSET(int fd, size_t len)
{ // actually there was a buffer overflow already
uint32 ip = s->client_addr;
ShowFatalError("WFIFOSET: Write Buffer Overflow. Connection %d (%d.%d.%d.%d) has written %u bytes on a %u/%u bytes buffer.\n", fd, CONVIP(ip), (unsigned int)len, (unsigned int)s->wdata_size, (unsigned int)s->max_wdata);
- ShowDebug("Likely command that caused it: 0x%x\n", (*(unsigned short*)(s->wdata + s->wdata_size)));
+ ShowDebug("Likely command that caused it: 0x%x\n", (*(uint16*)(s->wdata + s->wdata_size)));
// no other chance, make a better fifo model
exit(EXIT_FAILURE);
}
+ if( len > 0xFFFF )
+ {
+ // dynamic packets allow up to UINT16_MAX bytes (<packet_id>.W <packet_len>.W ...)
+ // all known fixed-size packets are within this limit, so use the same limit
+ ShowFatalError("WFIFOSET: Packet 0x%x is too big. (len=%u, max=%u)\n", (*(uint16*)(s->wdata + s->wdata_size)), (unsigned int)len, 0xFFFF);
+ exit(EXIT_FAILURE);
+ }
+
if( !s->flag.server && s->wdata_size+len > WFIFO_MAX )
{// reached maximum write fifo size
set_eof(fd);