From d2f88f0450a23f8b9cd9579451059acb08f14f52 Mon Sep 17 00:00:00 2001 From: skotlex Date: Fri, 2 Feb 2007 19:59:39 +0000 Subject: - The define MESSAGE_SIZE was wrong! It is only used for input boxes. Therefore now it is only used for Vending, Talkie box and Graffiti - Added new define CHAT_SIZE which holds the max length that a client can send from the chat buffer. This value is NAME_LENGTH + 3 (the ' : ') + 70 (the actual text). - Added define msg_len_check which crops incoming client text if it's longer than CHAT_SIZE. Added cropping to all incoming messages except normal chatting which is already accounted for. - Removed variable talkie_mes, this is now handled by sd->message - Cleaned up parser functions for /b /lb, gm kick, /shift, /recall - Added crash protection to the logging functions when they receive a too long string. git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@9778 54d463be-8e91-2dee-dedb-b68131a5f0ec --- src/map/log.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src/map/log.c') diff --git a/src/map/log.c b/src/map/log.c index 9c937401f..7147d5aed 100644 --- a/src/map/log.c +++ b/src/map/log.c @@ -12,6 +12,7 @@ #include "itemdb.h" #include "map.h" #include "log.h" +#include "battle.h" #ifndef SQL_DEBUG #define mysql_query(_x, _y) mysql_real_query(_x, _y, strlen(_y)) //supports ' in names and runs faster [Kevin] @@ -273,7 +274,7 @@ int log_atcommand(struct map_session_data *sd, const char *message) FILE *logfp; #ifndef TXT_ONLY char t_name[NAME_LENGTH*2]; - char t_msg[MESSAGE_SIZE*2+1]; //These are the contents of an @ call, so there shouldn't be overflow danger here? + char t_msg[CHAT_SIZE*2+1]; //These are the contents of an @ call, so there shouldn't be overflow danger here? #endif if(!log_config.enable_logs) @@ -282,6 +283,12 @@ int log_atcommand(struct map_session_data *sd, const char *message) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { + if (strlen(message) > CHAT_SIZE) { + if (battle_config.error_log) + ShowError("log atcommand: Received message too long from player %s (%d:%d)!\n", + sd->status.name, sd->status.account_id, sd->status.char_id); + return 0; + } sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_gm_db, sd->status.account_id, sd->status.char_id, jstrescapecpy(t_name, sd->status.name), mapindex_id2name(sd->mapindex), jstrescapecpy(t_msg, (char *)message)); if(mysql_query(&logmysql_handle, tmp_sql)) @@ -358,7 +365,7 @@ int log_chat(char *type, int type_id, int src_charid, int src_accid, char *map, FILE *logfp; #ifndef TXT_ONLY char t_charname[NAME_LENGTH*2]; - char t_msg[MESSAGE_SIZE*2+1]; //Chat line fully escaped, with an extra space just in case. + char t_msg[CHAT_SIZE*2+1]; //Chat line fully escaped, with an extra space just in case. #endif //Check ON/OFF @@ -367,6 +374,12 @@ int log_chat(char *type, int type_id, int src_charid, int src_accid, char *map, #ifndef TXT_ONLY if(log_config.sql_logs > 0){ + if (strlen(message) > CHAT_SIZE) { + if (battle_config.error_log) + ShowError("log chat: Received message too long from type %d (%d:%d)!\n", + type_id, src_accid, src_charid); + return 0; + } sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`time`, `type`, `type_id`, `src_charid`, `src_accountid`, `src_map`, `src_map_x`, `src_map_y`, `dst_charname`, `message`) VALUES (NOW(), '%s', '%d', '%d', '%d', '%s', '%d', '%d', '%s', '%s')", log_config.log_chat_db, type, type_id, src_charid, src_accid, map, x, y, jstrescapecpy(t_charname, dst_charname), jstrescapecpy(t_msg, message)); -- cgit v1.2.3-70-g09d2