From 6765daf13f27924282acbeed84f4481c04338596 Mon Sep 17 00:00:00 2001 From: FlavioJS Date: Fri, 20 Feb 2009 05:53:50 +0000 Subject: * Modified WFIFOSET to trigger a fatal error when trying to send a packet that is too big. git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13539 54d463be-8e91-2dee-dedb-b68131a5f0ec --- src/common/socket.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/common/socket.c b/src/common/socket.c index 11493fef4..deba0e97b 100644 --- a/src/common/socket.c +++ b/src/common/socket.c @@ -630,11 +630,19 @@ int WFIFOSET(int fd, size_t len) { // actually there was a buffer overflow already uint32 ip = s->client_addr; ShowFatalError("WFIFOSET: Write Buffer Overflow. Connection %d (%d.%d.%d.%d) has written %u bytes on a %u/%u bytes buffer.\n", fd, CONVIP(ip), (unsigned int)len, (unsigned int)s->wdata_size, (unsigned int)s->max_wdata); - ShowDebug("Likely command that caused it: 0x%x\n", (*(unsigned short*)(s->wdata + s->wdata_size))); + ShowDebug("Likely command that caused it: 0x%x\n", (*(uint16*)(s->wdata + s->wdata_size))); // no other chance, make a better fifo model exit(EXIT_FAILURE); } + if( len > 0xFFFF ) + { + // dynamic packets allow up to UINT16_MAX bytes (.W .W ...) + // all known fixed-size packets are within this limit, so use the same limit + ShowFatalError("WFIFOSET: Packet 0x%x is too big. (len=%u, max=%u)\n", (*(uint16*)(s->wdata + s->wdata_size)), (unsigned int)len, 0xFFFF); + exit(EXIT_FAILURE); + } + if( !s->flag.server && s->wdata_size+len > WFIFO_MAX ) {// reached maximum write fifo size set_eof(fd); -- cgit v1.2.3-60-g2f50