diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/char/char.c | 2 | ||||
-rw-r--r-- | src/char/int_homun.c | 8 | ||||
-rw-r--r-- | src/char/int_pet.c | 2 | ||||
-rw-r--r-- | src/char/inter.c | 3 | ||||
-rw-r--r-- | src/common/socket.c | 3 | ||||
-rw-r--r-- | src/common/socket.h | 3 | ||||
-rw-r--r-- | src/ladmin/ladmin.c | 38 | ||||
-rw-r--r-- | src/login/login.c | 1 | ||||
-rw-r--r-- | src/map/chrif.c | 10 | ||||
-rw-r--r-- | src/map/clif.c | 26 | ||||
-rw-r--r-- | src/map/irc.c | 1 |
11 files changed, 72 insertions, 25 deletions
diff --git a/src/char/char.c b/src/char/char.c index d1ed13596..b043809aa 100644 --- a/src/char/char.c +++ b/src/char/char.c @@ -2433,6 +2433,7 @@ int parse_tologin(int fd) { new_ip = resolve_hostbyname(char_ip_str, NULL, NULL);
if (new_ip && new_ip != char_ip)
{ //Update ip.
+ WFIFOHEAD(fd,6);
char_ip = new_ip;
ShowInfo("Updating IP for [%s].\n",char_ip_str);
WFIFOW(fd,0) = 0x2736;
@@ -2454,6 +2455,7 @@ int parse_tologin(int fd) { int request_accreg2(int account_id, int char_id) {
if (login_fd > 0) {
+ WFIFOHEAD(login_fd, 10);
WFIFOW(login_fd, 0) = 0x272e;
WFIFOL(login_fd, 2) = account_id;
WFIFOL(login_fd, 6) = char_id;
diff --git a/src/char/int_homun.c b/src/char/int_homun.c index c71cd7792..3de472d74 100644 --- a/src/char/int_homun.c +++ b/src/char/int_homun.c @@ -241,6 +241,7 @@ int mapif_delete_homun_ack(int fd,int flag) }
int mapif_rename_homun_ack(int fd, int account_id, int char_id, int flag, char *name){
+ WFIFOHEAD(fd, NAME_LENGTH+12);
WFIFOW(fd, 0) =0x3894;
WFIFOL(fd, 2) =account_id;
WFIFOL(fd, 6) =char_id;
@@ -254,6 +255,7 @@ int mapif_rename_homun_ack(int fd, int account_id, int char_id, int flag, char * int mapif_create_homun(int fd)
{
struct s_homunculus *p;
+ RFIFOHEAD(fd);
p= (struct s_homunculus *) aCalloc(sizeof(struct s_homunculus), 1);
if(p==NULL){
ShowFatalError("int_homun: out of memory !\n");
@@ -271,7 +273,9 @@ int mapif_create_homun(int fd) int mapif_load_homun(int fd)
{
struct s_homunculus *p;
- int account_id = RFIFOL(fd,2);
+ int account_id;
+ RFIFOHEAD(fd);
+ account_id = RFIFOL(fd,2);
p= idb_get(homun_db,RFIFOL(fd,6));
if(p==NULL) {
@@ -292,7 +296,6 @@ int mapif_save_homun(int fd,int account_id,struct s_homunculus *data) {
struct s_homunculus *p;
int hom_id;
- RFIFOHEAD(fd);
if (data->hom_id == 0)
data->hom_id = homun_newid++;
@@ -346,6 +349,7 @@ int mapif_parse_DeleteHomun(int fd) }
int mapif_parse_RenameHomun(int fd){
+ RFIFOHEAD(fd);
mapif_rename_homun(fd, RFIFOL(fd, 2), RFIFOL(fd, 6), RFIFOP(fd, 10));
return 0;
}
diff --git a/src/char/int_pet.c b/src/char/int_pet.c index 6e1b8ad83..3ab48c8ae 100644 --- a/src/char/int_pet.c +++ b/src/char/int_pet.c @@ -222,6 +222,7 @@ int mapif_delete_pet_ack(int fd,int flag) }
int mapif_rename_pet_ack(int fd, int account_id, int char_id, int flag, char *name){
+ WFIFOHEAD(fd, NAME_LENGTH+12);
WFIFOW(fd, 0) =0x3884;
WFIFOL(fd, 2) =account_id;
WFIFOL(fd, 6) =char_id;
@@ -394,6 +395,7 @@ int mapif_parse_DeletePet(int fd) }
int mapif_parse_RenamePet(int fd){
+ RFIFOHEAD(fd);
mapif_rename_pet(fd, RFIFOL(fd, 2), RFIFOL(fd, 6), RFIFOP(fd, 10));
return 0;
}
diff --git a/src/char/inter.c b/src/char/inter.c index 74ea3a956..ab97c6512 100644 --- a/src/char/inter.c +++ b/src/char/inter.c @@ -614,7 +614,8 @@ int mapif_parse_Registry(int fd) { // Request the value of all registries.
int mapif_parse_RegistryRequest(int fd)
-{
+{
+ RFIFOHEAD(fd);
//Load Char Registry
if (RFIFOB(fd,12))
char_account_reg_reply(fd,RFIFOL(fd,2),RFIFOL(fd,6));
diff --git a/src/common/socket.c b/src/common/socket.c index 2e52b079f..f7cb5d33b 100644 --- a/src/common/socket.c +++ b/src/common/socket.c @@ -701,7 +701,8 @@ int WFIFOSET(int fd,int len) unsigned char *sin_addr = (unsigned char *)&s->client_addr.sin_addr;
ShowFatalError("socket: Buffer Overflow. Connection %d (%d.%d.%d.%d) has written %d byteson a %d/%d bytes buffer.\n", fd,
sin_addr[0], sin_addr[1], sin_addr[2], sin_addr[3], len, s->wdata_size, s->max_wdata);
- ShowDebug("Likely command that caused it: 0x%x\n", WFIFOW(fd,0));
+ ShowDebug("Likely command that caused it: 0x%x\n",
+ (*(unsigned short*)(s->wdata+s->wdata_size)));
// no other chance, make a better fifo model
exit(1);
}
diff --git a/src/common/socket.h b/src/common/socket.h index 2774b9c7f..02badae3f 100644 --- a/src/common/socket.h +++ b/src/common/socket.h @@ -58,7 +58,8 @@ extern time_t stall_time; #define WFIFOHEAD(fd, x) char *wbPtr = session[fd]->wdata+session[fd]->wdata_size;
#define WFIFOP(fd,pos) (&wbPtr[pos])
#else
-#define WFIFOHEAD(fd, x) ;
+#define WFIFOHEAD(fd, size) { if((fd) && session[fd]->wdata_size + (size) > session[fd]->max_wdata ) realloc_writefifo(fd, size); }
+
#define WFIFOP(fd,pos) (session[fd]->wdata+session[fd]->wdata_size+(pos))
#endif
#define WFIFOB(fd,pos) (*(unsigned char*)WFIFOP(fd,pos))
diff --git a/src/ladmin/ladmin.c b/src/ladmin/ladmin.c index 27a95e171..64214f352 100644 --- a/src/ladmin/ladmin.c +++ b/src/ladmin/ladmin.c @@ -1134,6 +1134,7 @@ void display_help(char* param, int language) { int addaccount(char* param, int emailflag) {
char name[1023], sex[1023], email[1023], password[1023];
// int i;
+ WFIFOHEAD(login_fd,91);
memset(name, '\0', sizeof(name));
memset(sex, '\0', sizeof(sex));
@@ -1264,6 +1265,7 @@ int banaddaccount(char* param) { int year, month, day, hour, minute, second;
char * p_modif;
int value, i;
+ WFIFOHEAD(login_fd,38);
memset(name, '\0', sizeof(name));
memset(modif, '\0', sizeof(modif));
@@ -1466,6 +1468,7 @@ int bansetaccountsub(char* name, char* date, char* time) { int year, month, day, hour, minute, second;
time_t ban_until_time; // # of seconds 1/1/1970 (timestamp): ban time limit of the account (0 = no ban)
struct tm *tmtime;
+ WFIFOHEAD(login_fd,30);
year = month = day = hour = minute = second = 0;
ban_until_time = 0;
@@ -1719,6 +1722,7 @@ int unbanaccount(char* param) { //---------------------------------------------------------
int checkaccount(char* param) {
char name[1023], password[1023];
+ WFIFOHEAD(login_fd,50);
memset(name, '\0', sizeof(name));
memset(password, '\0', sizeof(password));
@@ -1772,6 +1776,7 @@ int delaccount(char* param) { char letter;
char confirm[1023];
int i;
+ WFIFOHEAD(login_fd,26);
memset(name, '\0', sizeof(name));
@@ -1839,6 +1844,7 @@ int delaccount(char* param) { //----------------------------------------------------------
int changeemail(char* param) {
char name[1023], email[1023];
+ WFIFOHEAD(login_fd,66);
memset(name, '\0', sizeof(name));
memset(email, '\0', sizeof(email));
@@ -1912,6 +1918,7 @@ int changeemail(char* param) { // Sub-function: Asking of the number of online players
//-----------------------------------------------------
int getlogincount(void) {
+ WFIFOHEAD(login_fd,2);
if (defaultlanguage == 'F') {
ladmin_log("Envoi d'un requête au serveur de logins pour obtenir le nombre de joueurs en jeu." RETCODE);
} else {
@@ -1931,6 +1938,7 @@ int getlogincount(void) { int changegmlevel(char* param) {
char name[1023];
int GM_level;
+ WFIFOHEAD(login_fd,27);
memset(name, '\0', sizeof(name));
GM_level = 0;
@@ -1985,6 +1993,7 @@ int changegmlevel(char* param) { //---------------------------------------------
int idaccount(char* param) {
char name[1023];
+ WFIFOHEAD(login_fd,26);
memset(name, '\0', sizeof(name));
@@ -2027,6 +2036,7 @@ int idaccount(char* param) { // Sub-function: Asking to displaying information about an account (by its id)
//----------------------------------------------------------------------------
int infoaccount(int account_id) {
+ WFIFOHEAD(login_fd,6);
if (account_id < 0) {
if (defaultlanguage == 'F') {
printf("Entrez un id ayant une valeur positive svp.\n");
@@ -2056,7 +2066,9 @@ int infoaccount(int account_id) { // Sub-function: Send a broadcast message
//---------------------------------------
int sendbroadcast(short type, char* message) {
- if (strlen(message) == 0) {
+ int len = strlen(message);
+ WFIFOHEAD(login_fd,9+len);
+ if (len == 0) {
if (defaultlanguage == 'F') {
printf("Entrez un message svp.\n");
if (type == 0) {
@@ -2076,12 +2088,12 @@ int sendbroadcast(short type, char* message) { }
return 136;
}
-
+ len++; //+'\0'
WFIFOW(login_fd,0) = 0x794e;
WFIFOW(login_fd,2) = type;
- WFIFOL(login_fd,4) = strlen(message)+1;
- memcpy(WFIFOP(login_fd,8), message, strlen(message)+1);
- WFIFOSET(login_fd,8+strlen(message)+1);
+ WFIFOL(login_fd,4) = len;
+ memcpy(WFIFOP(login_fd,8), message, len);
+ WFIFOSET(login_fd,8+len);
bytes_to_read = 1;
return 0;
@@ -2135,6 +2147,7 @@ int changelanguage(char* language) { int listaccount(char* param, int type) {
//int list_first, list_last, list_type; // parameter to display a list of accounts
int i;
+ WFIFOHEAD(login_fd,10);
list_type = type;
@@ -2198,6 +2211,7 @@ int listaccount(char* param, int type) { //--------------------------------------------
int changememo(char* param) {
char name[1023], memo[1023];
+ WFIFOHEAD(login_fd,28+255);
memset(name, '\0', sizeof(name));
memset(memo, '\0', sizeof(memo));
@@ -2255,6 +2269,7 @@ int changememo(char* param) { // Sub-function: Asking to obtain an account name
//-----------------------------------------------
int nameaccount(int id) {
+ WFIFOHEAD(login_fd,6);
if (id < 0) {
if (defaultlanguage == 'F') {
printf("Entrez un id ayant une valeur positive svp.\n");
@@ -2285,6 +2300,7 @@ int nameaccount(int id) { //------------------------------------------
int changepasswd(char* param) {
char name[1023], password[1023];
+ WFIFOHEAD(login_fd,50);
memset(name, '\0', sizeof(name));
memset(password, '\0', sizeof(password));
@@ -2335,6 +2351,7 @@ int changepasswd(char* param) { // this function have no answer
//----------------------------------------------------------------------
int reloadGM(void) {
+ WFIFOHEAD(login_fd,2);
WFIFOW(login_fd,0) = 0x7955;
WFIFOSET(login_fd,2);
bytes_to_read = 0;
@@ -2358,6 +2375,7 @@ int reloadGM(void) { //-----------------------------------------------------
int changesex(char* param) {
char name[1023], sex[1023];
+ WFIFOHEAD(login_fd,27);
memset(name, '\0', sizeof(name));
memset(sex, '\0', sizeof(sex));
@@ -2414,6 +2432,7 @@ int changesex(char* param) { //-------------------------------------------------------------------------
int changestatesub(char* name, int state, char* error_message7) {
char error_message[1023]; // need to use, because we can modify error_message7
+ WFIFOHEAD(login_fd,50);
memset(error_message, '\0', sizeof(error_message));
strncpy(error_message, error_message7, sizeof(error_message)-1);
@@ -2602,6 +2621,7 @@ int timeaddaccount(char* param) { int year, month, day, hour, minute, second;
char * p_modif;
int value, i;
+ WFIFOHEAD(login_fd,38);
memset(name, '\0', sizeof(name));
memset(modif, '\0', sizeof(modif));
@@ -2804,6 +2824,7 @@ int timesetaccount(char* param) { int year, month, day, hour, minute, second;
time_t connect_until_time; // # of seconds 1/1/1970 (timestamp): Validity limit of the account (0 = unlimited)
struct tm *tmtime;
+ WFIFOHEAD(login_fd,30);
memset(name, '\0', sizeof(name));
memset(date, '\0', sizeof(date));
@@ -2966,6 +2987,7 @@ int timesetaccount(char* param) { //------------------------------------------------------------------------------
int whoaccount(char* param) {
char name[1023];
+ WFIFOHEAD(login_fd,26);
memset(name, '\0', sizeof(name));
@@ -3007,6 +3029,7 @@ int whoaccount(char* param) { // Sub-function: Asking of the version of the login-server
//--------------------------------------------------------
int checkloginversion(void) {
+ WFIFOHEAD(login_fd,2);
if (defaultlanguage == 'F')
ladmin_log("Envoi d'un requête au serveur de logins pour obtenir sa version." RETCODE);
else
@@ -3235,6 +3258,7 @@ int prompt(void) { int parse_fromlogin(int fd) {
struct char_session_data *sd;
int id;
+ RFIFOHEAD(fd);
if (session[fd]->eof) {
if (defaultlanguage == 'F') {
printf("Impossible de se connecter au serveur de login [%s:%d] !\n", loginserverip, loginserverport);
@@ -3296,6 +3320,7 @@ int parse_fromlogin(int fd) { return 0;
{
char md5str[64] = "", md5bin[32];
+ WFIFOHEAD(login_fd, 20);
if (passenc == 1) {
strncpy(md5str, (const char*)RFIFOP(fd,4), RFIFOW(fd,2) - 4);
strcat(md5str, loginserveradminpassword);
@@ -3368,6 +3393,7 @@ int parse_fromlogin(int fd) { bytes_to_read = 0;
} else {
int i;
+ WFIFOHEAD(login_fd,10);
if (defaultlanguage == 'F')
ladmin_log(" Réception d'une liste des comptes." RETCODE);
else
@@ -4199,6 +4225,7 @@ int Connect_login_server(void) { #ifdef PASSWORDENC
if (passenc == 0) {
#endif
+ WFIFOHEAD(login_fd,28);
WFIFOW(login_fd,0) = 0x7918; // Request for administation login
WFIFOW(login_fd,2) = 0; // no encrypted
memcpy(WFIFOP(login_fd,4), loginserveradminpassword, 24);
@@ -4213,6 +4240,7 @@ int Connect_login_server(void) { }
#ifdef PASSWORDENC
} else {
+ WFIFOHEAD(login_fd,2);
WFIFOW(login_fd,0) = 0x791a; // Sending request about the coding key
WFIFOSET(login_fd,2);
bytes_to_read = 1;
diff --git a/src/login/login.c b/src/login/login.c index 038cff89b..34f2f401a 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -1472,6 +1472,7 @@ int parse_fromchar(int fd) { unsigned int k;
time_t connect_until_time = 0;
char email[40] = "";
+ WFIFOHEAD(fd,51);
auth_fifo[i].delflag = 1;
login_log("Char-server '%s': authentification of the account %d accepted (ip: %s)." RETCODE,
server[id].name, acc, ip);
diff --git a/src/map/chrif.c b/src/map/chrif.c index 7039a8d71..e08ee8cdf 100644 --- a/src/map/chrif.c +++ b/src/map/chrif.c @@ -319,9 +319,11 @@ int chrif_removemap(int fd){ }
int chrif_save_ack(int fd) {
- int aid = RFIFOL(fd,2), cid = RFIFOL(fd,6);
- struct map_session_data *sd = map_id2sd(aid);
- if (sd && sd->status.char_id == cid)
+ struct map_session_data *sd;
+ RFIFOHEAD(fd);
+ sd = map_id2sd(RFIFOL(fd,2));
+
+ if (sd && sd->status.char_id == RFIFOL(fd,6))
map_quit_ack(sd);
return 0;
}
@@ -1410,7 +1412,7 @@ int chrif_disconnect(int fd) { void chrif_update_ip(int fd){
unsigned long new_ip;
-
+ WFIFOHEAD(fd, 6);
new_ip = resolve_hostbyname(char_ip_str, NULL, NULL);
if (new_ip && new_ip != char_ip)
char_ip = new_ip; //Update char_ip
diff --git a/src/map/clif.c b/src/map/clif.c index c221f5e8c..3b2f02634 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -1541,7 +1541,7 @@ int clif_hominfo(struct map_session_data *sd, struct homun_data *hd, int flag) void clif_send_homdata(struct map_session_data *sd, int type, int param) { //[orn]
int fd;
-
+ WFIFOHEAD(fd, packet_len_table[0x230]);
nullpo_retv(sd);
nullpo_retv(sd->hd);
@@ -1559,7 +1559,7 @@ int clif_homskillinfoblock(struct map_session_data *sd) { //[orn] struct homun_data *hd;
int fd;
int i,j,len=4,id;
-
+ WFIFOHEAD(fd, 4+37*MAX_HOMUNSKILL);
nullpo_retr(0, sd);
hd = sd->hd;
@@ -1591,7 +1591,7 @@ int clif_homskillinfoblock(struct map_session_data *sd) { //[orn] void clif_homskillup(struct map_session_data *sd, int skill_num) { //[orn]
struct homun_data *hd;
int fd,skillid;
-
+ WFIFOHEAD(sd->fd, packet_len_table[0x239]);
nullpo_retv(sd);
skillid = skill_num - HM_SKILLBASE - 1;
@@ -1611,12 +1611,12 @@ void clif_homskillup(struct map_session_data *sd, int skill_num) { //[orn] void clif_parse_ChangeHomunculusName(int fd, struct map_session_data *sd) { //[orn]
struct homun_data *hd;
+ RFIFOHEAD(fd);
nullpo_retv(sd);
if((hd=sd->hd) == NULL)
return;
- RFIFOHEAD(fd);
memcpy(hd->homunculus.name,RFIFOP(fd,2),24);
hd->homunculus.rename_flag = 1;
clif_hominfo(sd,hd,0);
@@ -1637,7 +1637,7 @@ void clif_parse_HomMoveToMaster(int fd, struct map_session_data *sd) { //[orn] void clif_parse_HomMoveTo(int fd,struct map_session_data *sd) { //[orn]
int x,y,cmd;
-
+ RFIFOHEAD(fd);
nullpo_retv(sd);
if(!merc_is_hom_active(sd->hd))
@@ -1657,7 +1657,7 @@ void clif_parse_HomMoveTo(int fd,struct map_session_data *sd) { //[orn] void clif_parse_HomAttack(int fd,struct map_session_data *sd) { //[orn]
struct block_list *target;
-
+ RFIFOHEAD(fd);
nullpo_retv(sd);
if(!merc_is_hom_active(sd->hd))
@@ -1686,11 +1686,11 @@ void clif_parse_HomMenu(int fd, struct map_session_data *sd) { //[orn] int clif_hom_food(struct map_session_data *sd,int foodid,int fail) //[orn]
{
int fd;
+ WFIFOHEAD(sd->fd,packet_len_table[0x22f]);
nullpo_retr(0, sd);
fd=sd->fd;
- WFIFOHEAD(fd,packet_len_table[0x22f]);
WFIFOW(fd,0)=0x22f;
WFIFOB(fd,2)=fail;
WFIFOW(fd,3)=foodid;
@@ -1706,11 +1706,11 @@ int clif_hom_food(struct map_session_data *sd,int foodid,int fail) //[orn] int clif_walkok(struct map_session_data *sd)
{
int fd;
+ WFIFOHEAD(sd->fd, packet_len_table[0x87]);
nullpo_retr(0, sd);
fd=sd->fd;
- WFIFOHEAD(fd, packet_len_table[0x87]);
WFIFOW(fd,0)=0x87;
WFIFOL(fd,2)=gettick();
WFIFOPOS2(fd,6,sd->bl.x,sd->bl.y,sd->ud.to_x,sd->ud.to_y);
@@ -2088,7 +2088,7 @@ int clif_scriptclose(struct map_session_data *sd, int npcid) { */
void clif_sendfakenpc(struct map_session_data *sd, int npcid) {
int fd = sd->fd;
- //sd->npc_id = npcid;
+ WFIFOHEAD(fd, packet_len_table[0x78]);
sd->state.using_fake_npc = 1;
malloc_set(WFIFOP(fd,0), 0, packet_len_table[0x78]);
WFIFOW(fd,0)=0x78;
@@ -9026,6 +9026,7 @@ void clif_parse_ActionRequest_sub(struct map_session_data *sd, int action_type, *------------------------------------------
*/
void clif_parse_ActionRequest(int fd, struct map_session_data *sd) {
+ RFIFOHEAD(fd);
clif_parse_ActionRequest_sub(sd,
RFIFOB(fd,packet_db[sd->packet_ver][RFIFOW(fd,0)].pos[1]),
RFIFOL(fd,packet_db[sd->packet_ver][RFIFOW(fd,0)].pos[0]),
@@ -10158,8 +10159,12 @@ void clif_parse_NpcAmountInput(int fd,struct map_session_data *sd) */
void clif_parse_NpcStringInput(int fd,struct map_session_data *sd)
{
- unsigned short message_len = RFIFOW(fd,2)-7;
+ short message_len;
RFIFOHEAD(fd);
+ message_len = RFIFOW(fd,2)-7;
+
+ if(message_len < 1)
+ return; //Blank message?
if(message_len >= sizeof(sd->npc_str)){
ShowWarning("clif: input string too long !\n");
@@ -10169,7 +10174,6 @@ void clif_parse_NpcStringInput(int fd,struct map_session_data *sd) // Exploit prevention if crafted packets (without null) is being sent. [Lance]
memcpy(sd->npc_str,RFIFOP(fd,8),message_len);
sd->npc_str[message_len-1]=0;
-
npc_scriptcont(sd,RFIFOL(fd,4));
}
diff --git a/src/map/irc.c b/src/map/irc.c index 498467ae7..4b9187107 100644 --- a/src/map/irc.c +++ b/src/map/irc.c @@ -144,6 +144,7 @@ int irc_parse(int fd) }
if(RFIFOREST(fd) > 0){
char *incoming_string=aMalloc(RFIFOREST(fd)*sizeof(char));
+ RFIFOHEAD(fd);
memcpy(incoming_string,RFIFOP(fd,0),RFIFOREST(fd));
send_to_parser(fd,incoming_string,"\n");
RFIFOSKIP(fd,RFIFOREST(fd));
|