diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/map/clif.c | 24 | ||||
-rw-r--r-- | src/map/pc.c | 4 |
2 files changed, 19 insertions, 9 deletions
diff --git a/src/map/clif.c b/src/map/clif.c index 93ff805..81a57f1 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -8178,7 +8178,9 @@ void clif_parse_NpcAmountInput (int fd, struct map_session_data *sd) } /*========================================== + * Process string-based input for an NPC. * + * (S 01d5 <len>.w <npc_ID>.l <message>.?B) *------------------------------------------ */ void clif_parse_NpcStringInput (int fd, struct map_session_data *sd) @@ -8186,16 +8188,25 @@ void clif_parse_NpcStringInput (int fd, struct map_session_data *sd) int len; nullpo_retv (sd); - len = RFIFOW (fd, 2) - 7; + len = RFIFOW (fd, 2) - 8; - if (len >= sizeof (sd->npc_str)-1) + /* + * If we check for equal to 0, too, we'll freeze clients that send (or + * claim to have sent) an "empty" message. + */ + if (len < 0) + return; + + if (len >= sizeof (sd->npc_str) - 1) { - printf ("clif: input string too long !\n"); - memcpy (sd->npc_str, RFIFOP (fd, 8), sizeof (sd->npc_str)); + printf ("clif_parse_NpcStringInput(): Input string too long!\n"); + len = sizeof (sd->npc_str) - 1; } - else + + if (len > 0) strncpy (sd->npc_str, RFIFOP (fd, 8), len); - sd->npc_str[sizeof (sd->npc_str) - 1] = 0; + sd->npc_str[len] = '\0'; + map_scriptcont (sd, RFIFOL (fd, 4)); } @@ -8756,7 +8767,6 @@ void clif_parse_GuildMessage (int fd, struct map_session_data *sd) return; } - guild_send_message (sd, message, RFIFOW (fd, 2) - 4); free (buf); } diff --git a/src/map/pc.c b/src/map/pc.c index 5814c08..869d479 100644 --- a/src/map/pc.c +++ b/src/map/pc.c @@ -6908,9 +6908,9 @@ int pc_setregstr (struct map_session_data *sd, int reg, char *str) nullpo_retr (0, sd); - if (strlen (str) + 1 >= sizeof (sd->regstr[0].data)) + if (strlen (str) + 1 > sizeof (sd->regstr[0].data)) { - printf ("pc_setregstr: string too long !\n"); + printf ("pc_setregstr(): String too long!\n"); return 0; } |