diff options
-rw-r--r-- | src/map/clif.c | 166 | ||||
-rw-r--r-- | src/map/intif.c | 6 |
2 files changed, 98 insertions, 74 deletions
diff --git a/src/map/clif.c b/src/map/clif.c index bb0eb1ab1..70a88bfda 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -1957,20 +1957,23 @@ void clif_selllist(struct map_session_data *sd) /// - set npcid of dialog window (0 by default) /// - if set to clear on next mes, clear contents /// - append this text -void clif_scriptmes(struct map_session_data *sd, int npcid, const char *mes) { - int fd = sd->fd; - size_t slen; +void clif_scriptmes(struct map_session_data *sd, int npcid, const char *mes) +{ + int fd, slen; nullpo_retv(sd); nullpo_retv(mes); - slen = strlen(mes) + 9; + + fd = sd->fd; + slen = (int)strlen(mes) + 9; + Assert_retv(slen <= INT16_MAX); sd->state.dialog = 1; WFIFOHEAD(fd, slen); - WFIFOW(fd,0)=0xb4; - WFIFOW(fd,2)=slen; - WFIFOL(fd,4)=npcid; + WFIFOW(fd,0) = 0xb4; + WFIFOW(fd,2) = slen; + WFIFOL(fd,4) = npcid; memcpy(WFIFOP(fd,8), mes, slen-8); WFIFOSET(fd,WFIFOW(fd,2)); } @@ -2072,24 +2075,27 @@ void clif_sendfakenpc(struct map_session_data *sd, int npcid) { /// WARNING: the 'cancel' button closes other windows besides the dialog window and the menu window. /// Which suggests their have intertwined behavior. (probably the mouse targeting) /// TODO investigate behavior of other windows [FlavioJS] -void clif_scriptmenu(struct map_session_data* sd, int npcid, const char* mes) { - int fd; - size_t slen; +void clif_scriptmenu(struct map_session_data *sd, int npcid, const char *mes) +{ + int fd, slen; struct block_list *bl = NULL; nullpo_retv(sd); nullpo_retv(mes); + fd = sd->fd; - slen = strlen(mes) + 9; + slen = (int)strlen(mes) + 9; + Assert_retv(slen <= INT16_MAX); + if (!sd->state.using_fake_npc && (npcid == npc->fake_nd->bl.id || ((bl = map->id2bl(npcid)) != NULL && (bl->m!=sd->bl.m || bl->x<sd->bl.x-AREA_SIZE-1 || bl->x>sd->bl.x+AREA_SIZE+1 || bl->y<sd->bl.y-AREA_SIZE-1 || bl->y>sd->bl.y+AREA_SIZE+1)))) clif->sendfakenpc(sd, npcid); WFIFOHEAD(fd, slen); - WFIFOW(fd,0)=0xb7; - WFIFOW(fd,2)=slen; - WFIFOL(fd,4)=npcid; + WFIFOW(fd,0) = 0xb7; + WFIFOW(fd,2) = slen; + WFIFOL(fd,4) = npcid; memcpy(WFIFOP(fd,8), mes, slen-8); WFIFOSET(fd,WFIFOW(fd,2)); } @@ -3610,26 +3616,29 @@ void clif_createchat(struct map_session_data* sd, int flag) /// 1 = public /// 2 = arena (npc waiting room) /// 3 = PK zone (non-clickable) -void clif_dispchat(struct chat_data* cd, int fd) +void clif_dispchat(struct chat_data *cd, int fd) { unsigned char buf[128]; uint8 type; + int len; - if( cd == NULL || cd->owner == NULL ) + if (cd == NULL || cd->owner == NULL) return; type = (cd->owner->type == BL_PC ) ? (cd->pub) ? 1 : 0 : (cd->owner->type == BL_NPC) ? (cd->limit) ? 2 : 3 : 1; + len = (int)strlen(cd->title); + Assert_retv(len <= INT16_MAX - 17); WBUFW(buf, 0) = 0xd7; - WBUFW(buf, 2) = 17 + strlen(cd->title); + WBUFW(buf, 2) = 17 + len; WBUFL(buf, 4) = cd->owner->id; WBUFL(buf, 8) = cd->bl.id; WBUFW(buf,12) = cd->limit; WBUFW(buf,14) = (cd->owner->type == BL_NPC) ? cd->users+1 : cd->users; WBUFB(buf,16) = type; - memcpy(WBUFP(buf,17), cd->title, strlen(cd->title)); // not zero-terminated + memcpy(WBUFP(buf,17), cd->title, len); // not zero-terminated if( fd ) { WFIFOHEAD(fd,WBUFW(buf,2)); @@ -3647,10 +3656,11 @@ void clif_dispchat(struct chat_data* cd, int fd) /// 1 = public /// 2 = arena (npc waiting room) /// 3 = PK zone (non-clickable) -void clif_changechatstatus(struct chat_data* cd) +void clif_changechatstatus(struct chat_data *cd) { unsigned char buf[128]; uint8 type; + int len; if( cd == NULL || cd->usersd[0] == NULL ) return; @@ -3658,15 +3668,17 @@ void clif_changechatstatus(struct chat_data* cd) type = (cd->owner->type == BL_PC ) ? (cd->pub) ? 1 : 0 : (cd->owner->type == BL_NPC) ? (cd->limit) ? 2 : 3 : 1; + len = (int)strlen(cd->title); + Assert_retv(len <= INT16_MAX - 17); WBUFW(buf, 0) = 0xdf; - WBUFW(buf, 2) = 17 + strlen(cd->title); + WBUFW(buf, 2) = 17 + len; WBUFL(buf, 4) = cd->owner->id; WBUFL(buf, 8) = cd->bl.id; WBUFW(buf,12) = cd->limit; WBUFW(buf,14) = (cd->owner->type == BL_NPC) ? cd->users+1 : cd->users; WBUFB(buf,16) = type; - memcpy(WBUFP(buf,17), cd->title, strlen(cd->title)); // not zero-terminated + memcpy(WBUFP(buf,17), cd->title, len); // not zero-terminated clif->send(buf,WBUFW(buf,2),cd->owner,CHAT); } @@ -5516,7 +5528,7 @@ void clif_displaymessage2(const int fd, const char* mes) { line = strtok(message, "\n"); while(line != NULL) { // Limit message to 255+1 characters (otherwise it causes a buffer overflow in the client) - size_t len = strnlen(line, 255); + int len = (int)strnlen(line, 255); if (len > 0) { // don't send a void message (it's not displaying on the client chat). @help can send void line. if( map->cpsd_active && fd == 0 ) { @@ -5594,27 +5606,27 @@ void clif_broadcast(struct block_list *bl, const char *mes, size_t len, int type * Displays a message on a 'bl' to all it's nearby clients * Used by npc_globalmessage *------------------------------------------*/ -void clif_GlobalMessage(struct block_list* bl, const char* message) { +void clif_GlobalMessage(struct block_list *bl, const char *message) +{ char buf[256]; - size_t len; + int len; nullpo_retv(bl); - if(!message) + if (message == NULL) return; - len = strlen(message)+1; + len = (int)strlen(message)+1; - if (len > sizeof(buf)-8) { - ShowWarning("clif_GlobalMessage: Truncating too long message '%s' (len=%"PRIuS").\n", message, len); - len = sizeof(buf)-8; + if (len > (int)sizeof(buf)-8) { + ShowWarning("clif_GlobalMessage: Truncating too long message '%s' (len=%d).\n", message, len); + len = (int)sizeof(buf)-8; } - WBUFW(buf,0)=0x8d; - WBUFW(buf,2)=len+8; - WBUFL(buf,4)=bl->id; + WBUFW(buf,0) = 0x8d; + WBUFW(buf,2) = len+8; + WBUFL(buf,4) = bl->id; safestrncpy(WBUFP(buf,8),message,len); - clif->send((unsigned char *) buf,WBUFW(buf,2),bl,ALL_CLIENT); - + clif->send(buf,WBUFW(buf,2),bl,ALL_CLIENT); } /// Send broadcast message with font formatting (ZC_BROADCAST2). @@ -8203,10 +8215,11 @@ void clif_specialeffect_value(struct block_list* bl, int effect_id, int num, sen */ void clif_messagecolor_self(int fd, uint32 color, const char *msg) { - size_t msg_len; + int msg_len; nullpo_retv(msg); - msg_len = strlen(msg) + 1; + msg_len = (int)strlen(msg) + 1; + Assert_retv(msg_len <= INT16_MAX - 12); WFIFOHEAD(fd,msg_len + 12); WFIFOW(fd,0) = 0x2C1; @@ -8226,17 +8239,19 @@ void clif_messagecolor_self(int fd, uint32 color, const char *msg) * @param color Message color (RGB format: 0xRRGGBB) * @param msg Message text */ -void clif_messagecolor(struct block_list* bl, uint32 color, const char *msg) +void clif_messagecolor(struct block_list *bl, uint32 color, const char *msg) { - size_t msg_len = strlen(msg) + 1; + int msg_len; uint8 buf[256]; nullpo_retv(bl); nullpo_retv(msg); - if (msg_len > sizeof(buf)-12) { - ShowWarning("clif_messagecolor: Truncating too long message '%s' (len=%"PRIuS").\n", msg, msg_len); - msg_len = sizeof(buf)-12; + msg_len = (int)strlen(msg) + 1; + + if (msg_len > (int)sizeof(buf)-12) { + ShowWarning("clif_messagecolor: Truncating too long message '%s' (len=%d).\n", msg, msg_len); + msg_len = (int)sizeof(buf)-12; } WBUFW(buf,0) = 0x2C1; @@ -8556,34 +8571,33 @@ void clif_slide(struct block_list *bl, int x, int y) /// Public chat message (ZC_NOTIFY_CHAT). lordalfa/Skotlex - used by @me as well /// 008d <packet len>.W <id>.L <message>.?B -void clif_disp_overhead(struct block_list *bl, const char* mes) +void clif_disp_overhead(struct block_list *bl, const char *mes) { unsigned char buf[256]; //This should be more than sufficient, the theoretical max is CHAT_SIZE + 8 (pads and extra inserted crap) - size_t len_mes; + int mes_len; nullpo_retv(bl); nullpo_retv(mes); - len_mes = strlen(mes)+1; //Account for \0 + mes_len = (int)strlen(mes)+1; //Account for \0 - if (len_mes > sizeof(buf)-8) { - ShowError("clif_disp_overhead: Message too long (length %"PRIuS")\n", len_mes); - len_mes = sizeof(buf)-8; //Trunk it to avoid problems. + if (mes_len > (int)sizeof(buf)-8) { + ShowError("clif_disp_overhead: Message too long (length %d)\n", mes_len); + mes_len = sizeof(buf)-8; //Trunk it to avoid problems. } // send message to others WBUFW(buf,0) = 0x8d; - WBUFW(buf,2) = len_mes + 8; // len of message + 8 (command+len+id) + WBUFW(buf,2) = mes_len + 8; // len of message + 8 (command+len+id) WBUFL(buf,4) = bl->id; - safestrncpy(WBUFP(buf,8), mes, len_mes); + safestrncpy(WBUFP(buf,8), mes, mes_len); clif->send(buf, WBUFW(buf,2), bl, AREA_CHAT_WOC); // send back message to the speaker - if( bl->type == BL_PC ) { + if (bl->type == BL_PC) { WBUFW(buf,0) = 0x8e; - WBUFW(buf, 2) = len_mes + 4; - safestrncpy(WBUFP(buf,4), mes, len_mes); + WBUFW(buf, 2) = mes_len + 4; + safestrncpy(WBUFP(buf,4), mes, mes_len); clif->send(buf, WBUFW(buf,2), bl, SELF); } - } /*========================== @@ -9005,14 +9019,15 @@ void clif_channel_msg(struct channel_data *chan, struct map_session_data *sd, ch { struct DBIterator *iter; struct map_session_data *user; - unsigned short msg_len; + int msg_len; uint32 color; nullpo_retv(chan); nullpo_retv(sd); nullpo_retv(msg); iter = db_iterator(chan->users); - msg_len = strlen(msg) + 1; + msg_len = (int)strlen(msg) + 1; + Assert_retv(msg_len <= INT16_MAX - 12); color = channel->config->colors[chan->color]; WFIFOHEAD(sd->fd,msg_len + 12); @@ -9040,13 +9055,14 @@ void clif_channel_msg2(struct channel_data *chan, char *msg) struct DBIterator *iter; struct map_session_data *user; unsigned char buf[210]; - unsigned short msg_len; + int msg_len; uint32 color; nullpo_retv(chan); nullpo_retv(msg); iter = db_iterator(chan->users); - msg_len = strlen(msg) + 1; + msg_len = (int)strlen(msg) + 1; + Assert_retv(msg_len <= INT16_MAX - 12); color = channel->config->colors[chan->color]; WBUFW(buf,0) = 0x2C1; @@ -14681,11 +14697,16 @@ void clif_Mail_read(struct map_session_data *sd, int mail_id) struct mail_message *msg = &sd->mail.inbox.msg[i]; struct item *item = &msg->item; struct item_data *data; - size_t msg_len = strlen(msg->body), len; + int msg_len = (int)strlen(msg->body), len; - if( msg_len == 0 ) { + if (msg_len == 0) { strcpy(msg->body, "(no message)"); - msg_len = strlen(msg->body); + msg_len = (int)strlen(msg->body); + } + + if (msg_len > UINT8_MAX) { + Assert_report(msg_len > UINT8_MAX); + msg_len = UINT8_MAX; } len = 101 + msg_len; @@ -14713,7 +14734,7 @@ void clif_Mail_read(struct map_session_data *sd, int mail_id) } else // no item, set all to zero memset(WFIFOP(fd,80), 0x00, 19); - WFIFOB(fd,99) = (unsigned char)msg_len; + WFIFOB(fd,99) = (uint8)msg_len; safestrncpy(WFIFOP(fd,100), msg->body, msg_len + 1); WFIFOSET(fd,len); @@ -17657,26 +17678,27 @@ void clif_partytickack(struct map_session_data* sd, bool flag) { WFIFOSET(sd->fd, packet_len(0x2c9)); } -void clif_ShowScript(struct block_list* bl, const char* message) { +void clif_ShowScript(struct block_list *bl, const char *message) +{ char buf[256]; - size_t len; + int len; nullpo_retv(bl); - if(!message) + if (message == NULL) return; - len = strlen(message)+1; + len = (int)strlen(message)+1; - if (len > sizeof(buf)-8) { - ShowWarning("clif_ShowScript: Truncating too long message '%s' (len=%"PRIuS").\n", message, len); - len = sizeof(buf)-8; + if (len > (int)sizeof(buf)-8) { + ShowWarning("clif_ShowScript: Truncating too long message '%s' (len=%d).\n", message, len); + len = (int)sizeof(buf)-8; } - WBUFW(buf,0)=0x8b3; - WBUFW(buf,2)=len+8; - WBUFL(buf,4)=bl->id; + WBUFW(buf,0) = 0x8b3; + WBUFW(buf,2) = len+8; + WBUFL(buf,4) = bl->id; safestrncpy(WBUFP(buf,8),message,len); - clif->send((unsigned char *) buf,WBUFW(buf,2),bl,ALL_CLIENT); + clif->send(buf,WBUFW(buf,2),bl,ALL_CLIENT); } void clif_status_change_end(struct block_list *bl, int tid, enum send_target target, int type) { diff --git a/src/map/intif.c b/src/map/intif.c index ec0251dad..e71f3df48 100644 --- a/src/map/intif.c +++ b/src/map/intif.c @@ -279,12 +279,14 @@ int intif_wis_replay(int id, int flag) // The transmission of GM only Wisp/Page from server to inter-server int intif_wis_message_to_gm(char *wisp_name, int permission, char *mes) { - size_t mes_len; + int mes_len; if (intif->CheckForCharServer()) return 0; nullpo_ret(wisp_name); nullpo_ret(mes); - mes_len = strlen(mes) + 1; // + null + mes_len = (int)strlen(mes) + 1; // + null + Assert_ret(mes_len > 0 && mes_len <= INT16_MAX - 32); + WFIFOHEAD(inter_fd, mes_len + 32); WFIFOW(inter_fd,0) = 0x3003; WFIFOW(inter_fd,2) = mes_len + 32; |