diff options
author | shennetsind <ind@henn.et> | 2015-01-17 17:43:18 -0200 |
---|---|---|
committer | shennetsind <ind@henn.et> | 2015-01-17 17:43:18 -0200 |
commit | 348044f12d5f683c8945e0eac642f2795050fb4e (patch) | |
tree | 0f481175cd4d4056ef0859c637a3b0c2df159854 /src | |
parent | f0ea100d5ccc03d8f94b67ea9d3ffa82fcd937b1 (diff) | |
download | hercules-348044f12d5f683c8945e0eac642f2795050fb4e.tar.gz hercules-348044f12d5f683c8945e0eac642f2795050fb4e.tar.bz2 hercules-348044f12d5f683c8945e0eac642f2795050fb4e.tar.xz hercules-348044f12d5f683c8945e0eac642f2795050fb4e.zip |
Another ~10 Fixes
Addressing out of bounds read/write, resource leaks.
Special Thanks to 4144 and Haruna!
Signed-off-by: shennetsind <ind@henn.et>
Diffstat (limited to 'src')
-rw-r--r-- | src/common/socket.c | 4 | ||||
-rw-r--r-- | src/common/sql.c | 4 | ||||
-rw-r--r-- | src/map/battleground.c | 2 | ||||
-rw-r--r-- | src/map/clif.c | 5 | ||||
-rw-r--r-- | src/map/map.c | 2 | ||||
-rw-r--r-- | src/map/pc.c | 54 | ||||
-rw-r--r-- | src/map/quest.c | 2 |
7 files changed, 40 insertions, 33 deletions
diff --git a/src/common/socket.c b/src/common/socket.c index 2ab37109c..9c1f35eee 100644 --- a/src/common/socket.c +++ b/src/common/socket.c @@ -505,7 +505,7 @@ int connect_client(int listen_fd) { int make_listen_bind(uint32 ip, uint16 port) { - struct sockaddr_in server_address; + struct sockaddr_in server_address = { 0 }; int fd; int result; @@ -555,7 +555,7 @@ int make_listen_bind(uint32 ip, uint16 port) } int make_connection(uint32 ip, uint16 port, struct hSockOpt *opt) { - struct sockaddr_in remote_address; + struct sockaddr_in remote_address = { 0 }; int fd; int result; diff --git a/src/common/sql.c b/src/common/sql.c index abc2ed57a..f0b2365a4 100644 --- a/src/common/sql.c +++ b/src/common/sql.c @@ -1031,8 +1031,10 @@ void Sql_HerculesUpdateCheck(Sql* self) { continue; } - if( fgetc(ufp) != '#' ) + if( fgetc(ufp) != '#' ) { + fclose(ufp); continue; + } fseek (ufp,1,SEEK_SET);/* woo. skip the # */ diff --git a/src/map/battleground.c b/src/map/battleground.c index eb9f605ad..ee241c5b8 100644 --- a/src/map/battleground.c +++ b/src/map/battleground.c @@ -793,7 +793,7 @@ enum BATTLEGROUNDS_QUEUE_ACK bg_canqueue(struct map_session_data *sd, struct bg_ count++; } if ( count < arena->min_team_players ) { - char response[100]; + char response[117]; if( count != sd->guild->connect_member && sd->guild->connect_member >= arena->min_team_players ) sprintf(response, "Can't apply: not enough members in your team/guild that have not entered the queue in individual mode, minimum is %d",arena->min_team_players); else diff --git a/src/map/clif.c b/src/map/clif.c index 4e55a515b..31f7961d5 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -13884,7 +13884,8 @@ void clif_parse_PMIgnore(int fd, struct map_session_data* sd) { return; } // move everything one place down to overwrite removed entry - memmove(sd->ignore[i].name, sd->ignore[i+1].name, (MAX_IGNORE_LIST-i-1)*sizeof(sd->ignore[0].name)); + if( i != MAX_IGNORE_LIST - 1 ) + memmove(sd->ignore[i].name, sd->ignore[i+1].name, (MAX_IGNORE_LIST-i-1)*sizeof(sd->ignore[0].name)); // wipe last entry memset(sd->ignore[MAX_IGNORE_LIST-1].name, 0, sizeof(sd->ignore[0].name)); } @@ -17747,7 +17748,7 @@ void clif_parse_CashShopReqTab(int fd, struct map_session_data *sd) { short tab = RFIFOW(fd, 2); int j; - if( tab < 0 || tab > CASHSHOP_TAB_MAX || clif->cs.item_count[tab] == 0 ) + if( tab < 0 || tab >= CASHSHOP_TAB_MAX || clif->cs.item_count[tab] == 0 ) return; WFIFOHEAD(fd, 10 + ( clif->cs.item_count[tab] * 6 ) ); diff --git a/src/map/map.c b/src/map/map.c index 8332d4371..7eafde9dc 100644 --- a/src/map/map.c +++ b/src/map/map.c @@ -2468,7 +2468,7 @@ int16 map_mapname2mapid(const char* name) { *------------------------------------------*/ int16 map_mapindex2mapid(unsigned short map_index) { - if (!map_index || map_index > MAX_MAPINDEX) + if (!map_index || map_index >= MAX_MAPINDEX) return -1; return map->index2mapid[map_index]; diff --git a/src/map/pc.c b/src/map/pc.c index 283bffc7a..10b464570 100644 --- a/src/map/pc.c +++ b/src/map/pc.c @@ -2833,30 +2833,34 @@ int pc_bonus2(struct map_session_data *sd,int type,int type2,int val) break; case SP_ADD_DAMAGE_CLASS: switch (sd->state.lr_flag) { - case 0: //Right hand - ARR_FIND(0, ARRAYLENGTH(sd->right_weapon.add_dmg), i, sd->right_weapon.add_dmg[i].rate == 0 || sd->right_weapon.add_dmg[i].class_ == type2); - if (i == ARRAYLENGTH(sd->right_weapon.add_dmg)) { - ShowWarning("pc_bonus2: Reached max (%"PRIuS") number of add Class dmg bonuses per character!\n", - ARRAYLENGTH(sd->right_weapon.add_dmg)); + case 0: //Right hand + ARR_FIND(0, ARRAYLENGTH(sd->right_weapon.add_dmg), i, sd->right_weapon.add_dmg[i].rate == 0 || sd->right_weapon.add_dmg[i].class_ == type2); + if (i == ARRAYLENGTH(sd->right_weapon.add_dmg)) { + ShowWarning("pc_bonus2: Reached max (%"PRIuS") number of add Class dmg bonuses per character!\n", + ARRAYLENGTH(sd->right_weapon.add_dmg)); + break; + } + sd->right_weapon.add_dmg[i].class_ = type2; + sd->right_weapon.add_dmg[i].rate += val; + if (!sd->right_weapon.add_dmg[i].rate) { //Shift the rest of elements up. + if( i != ARRAYLENGTH(sd->right_weapon.add_dmg) - 1 ) + memmove(&sd->right_weapon.add_dmg[i], &sd->right_weapon.add_dmg[i+1], sizeof(sd->right_weapon.add_dmg) - (i+1)*sizeof(sd->right_weapon.add_dmg[0])); + } break; - } - sd->right_weapon.add_dmg[i].class_ = type2; - sd->right_weapon.add_dmg[i].rate += val; - if (!sd->right_weapon.add_dmg[i].rate) //Shift the rest of elements up. - memmove(&sd->right_weapon.add_dmg[i], &sd->right_weapon.add_dmg[i+1], sizeof(sd->right_weapon.add_dmg) - (i+1)*sizeof(sd->right_weapon.add_dmg[0])); - break; - case 1: //Left hand - ARR_FIND(0, ARRAYLENGTH(sd->left_weapon.add_dmg), i, sd->left_weapon.add_dmg[i].rate == 0 || sd->left_weapon.add_dmg[i].class_ == type2); - if (i == ARRAYLENGTH(sd->left_weapon.add_dmg)) { - ShowWarning("pc_bonus2: Reached max (%"PRIuS") number of add Class dmg bonuses per character!\n", - ARRAYLENGTH(sd->left_weapon.add_dmg)); + case 1: //Left hand + ARR_FIND(0, ARRAYLENGTH(sd->left_weapon.add_dmg), i, sd->left_weapon.add_dmg[i].rate == 0 || sd->left_weapon.add_dmg[i].class_ == type2); + if (i == ARRAYLENGTH(sd->left_weapon.add_dmg)) { + ShowWarning("pc_bonus2: Reached max (%"PRIuS") number of add Class dmg bonuses per character!\n", + ARRAYLENGTH(sd->left_weapon.add_dmg)); + break; + } + sd->left_weapon.add_dmg[i].class_ = type2; + sd->left_weapon.add_dmg[i].rate += val; + if (!sd->left_weapon.add_dmg[i].rate) { //Shift the rest of elements up. + if( i != ARRAYLENGTH(sd->left_weapon.add_dmg) - 1 ) + memmove(&sd->left_weapon.add_dmg[i], &sd->left_weapon.add_dmg[i+1], sizeof(sd->left_weapon.add_dmg) - (i+1)*sizeof(sd->left_weapon.add_dmg[0])); + } break; - } - sd->left_weapon.add_dmg[i].class_ = type2; - sd->left_weapon.add_dmg[i].rate += val; - if (!sd->left_weapon.add_dmg[i].rate) //Shift the rest of elements up. - memmove(&sd->left_weapon.add_dmg[i], &sd->left_weapon.add_dmg[i+1], sizeof(sd->left_weapon.add_dmg) - (i+1)*sizeof(sd->left_weapon.add_dmg[0])); - break; } break; case SP_ADD_MAGIC_DAMAGE_CLASS: @@ -2869,7 +2873,7 @@ int pc_bonus2(struct map_session_data *sd,int type,int type2,int val) } sd->add_mdmg[i].class_ = type2; sd->add_mdmg[i].rate += val; - if (!sd->add_mdmg[i].rate) //Shift the rest of elements up. + if (!sd->add_mdmg[i].rate && i != ARRAYLENGTH(sd->add_mdmg) - 1) //Shift the rest of elements up. memmove(&sd->add_mdmg[i], &sd->add_mdmg[i+1], sizeof(sd->add_mdmg) - (i+1)*sizeof(sd->add_mdmg[0])); break; case SP_ADD_DEF_CLASS: @@ -2882,7 +2886,7 @@ int pc_bonus2(struct map_session_data *sd,int type,int type2,int val) } sd->add_def[i].class_ = type2; sd->add_def[i].rate += val; - if (!sd->add_def[i].rate) //Shift the rest of elements up. + if ( !sd->add_def[i].rate && i != ARRAYLENGTH(sd->add_def) - 1) //Shift the rest of elements up. memmove(&sd->add_def[i], &sd->add_def[i+1], sizeof(sd->add_def) - (i+1)*sizeof(sd->add_def[0])); break; case SP_ADD_MDEF_CLASS: @@ -2895,7 +2899,7 @@ int pc_bonus2(struct map_session_data *sd,int type,int type2,int val) } sd->add_mdef[i].class_ = type2; sd->add_mdef[i].rate += val; - if (!sd->add_mdef[i].rate) //Shift the rest of elements up. + if (!sd->add_mdef[i].rate && i != ARRAYLENGTH(sd->add_mdef) - 1) //Shift the rest of elements up. memmove(&sd->add_mdef[i], &sd->add_mdef[i+1], sizeof(sd->add_mdef) - (i+1)*sizeof(sd->add_mdef[0])); break; case SP_HP_DRAIN_RATE: diff --git a/src/map/quest.c b/src/map/quest.c index b76d6bc82..e993ab69d 100644 --- a/src/map/quest.c +++ b/src/map/quest.c @@ -43,7 +43,7 @@ struct quest_interface quest_s; * @return Quest entry (equals to &quest->dummy if the ID is invalid) */ struct quest_db *quest_db(int quest_id) { - if (quest_id < 0 || quest_id > MAX_QUEST_DB || quest->db_data[quest_id] == NULL) + if (quest_id < 0 || quest_id >= MAX_QUEST_DB || quest->db_data[quest_id] == NULL) return &quest->dummy; return quest->db_data[quest_id]; } |