mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-13 22:37:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[8378] Use exceptions instead of explicit size checking for each packet

Browse source 
CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd
could crash due to the asserts in ByteBuffer.h. That was exploitable by
malicious players.
Furthermore, there were duplicate checks: Additionally to
CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye
on not exceeding the packet boundaries - just to crash the server for
sure in such a case.
To prevent memory leaks or other undesirable states, please read in
every handler all variables _before_ doing any concrete handling.
This commit is contained in:
arrai 2009-08-15 22:06:35 +02:00
parent c26c7395a1
commit a24f39a36f
32 changed files with 129 additions and 741 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/game/CharacterHandler.cpp
View file

@ -178,16 +178,11 @@ void WorldSession::HandleCharEnumOpcode( WorldPacket & /*recv_data*/ )
void WorldSession::HandleCharCreateOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1+1+1+1+1+1+1+1+1);
std::string name;
uint8 race_,class_;
recv_data >> name;
// recheck with known string size
CHECK_PACKET_SIZE(recv_data,(name.size()+1)+1+1+1+1+1+1+1+1+1);
recv_data >> race_;
recv_data >> class_;
@ -472,8 +467,6 @@ void WorldSession::HandleCharCreateOpcode( WorldPacket & recv_data )
void WorldSession::HandleCharDeleteOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8);
uint64 guid;
recv_data >> guid;
@ -534,8 +527,6 @@ void WorldSession::HandleCharDeleteOpcode( WorldPacket & recv_data )
void WorldSession::HandlePlayerLoginOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8);
if(PlayerLoading() || GetPlayer() != NULL)
{
sLog.outError("Player tryes to login again, AccountId = %d",GetAccountId());
@ -799,8 +790,6 @@ void WorldSession::HandlePlayerLogin(LoginQueryHolder * holder)
void WorldSession::HandleSetFactionAtWar( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4+1);
DEBUG_LOG( "WORLD: Received CMSG_SET_FACTION_ATWAR" );
uint32 repListID;
@ -815,8 +804,6 @@ void WorldSession::HandleSetFactionAtWar( WorldPacket & recv_data )
//I think this function is never used :/ I dunno, but i guess this opcode not exists
void WorldSession::HandleSetFactionCheat( WorldPacket & /*recv_data*/ )
{
//CHECK_PACKET_SIZE(recv_data,4+4);
sLog.outError("WORLD SESSION: HandleSetFactionCheat, not expected call, please report.");
/*
uint32 FactionID;
@ -849,8 +836,6 @@ void WorldSession::HandleMeetingStoneInfo( WorldPacket & /*recv_data*/ )
void WorldSession::HandleTutorialFlag( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4);
uint32 iFlag;
recv_data >> iFlag;
@ -883,8 +868,6 @@ void WorldSession::HandleTutorialReset( WorldPacket & /*recv_data*/ )
void WorldSession::HandleSetWatchedFactionOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,4);
DEBUG_LOG("WORLD: Received CMSG_SET_WATCHED_FACTION");
uint32 fact;
recv_data >> fact;
@ -893,8 +876,6 @@ void WorldSession::HandleSetWatchedFactionOpcode(WorldPacket & recv_data)
void WorldSession::HandleSetFactionInactiveOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,4+1);
DEBUG_LOG("WORLD: Received CMSG_SET_FACTION_INACTIVE");
uint32 replistid;
uint8 inactive;
@ -917,8 +898,6 @@ void WorldSession::HandleShowingCloakOpcode( WorldPacket & /*recv_data*/ )
void WorldSession::HandleCharRenameOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 8+1);
uint64 guid;
std::string newname;
@ -1003,7 +982,6 @@ void WorldSession::HandleSetPlayerDeclinedNames(WorldPacket& recv_data)
{
uint64 guid;
CHECK_PACKET_SIZE(recv_data, 8);
recv_data >> guid;
// not accept declined names for unsupported languages
@ -1039,7 +1017,6 @@ void WorldSession::HandleSetPlayerDeclinedNames(WorldPacket& recv_data)
std::string name2;
DeclinedName declinedname;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos() + 1);
recv_data >> name2;
if(name2 != name) // character have different name
@ -1053,7 +1030,6 @@ void WorldSession::HandleSetPlayerDeclinedNames(WorldPacket& recv_data)
for(int i = 0; i < MAX_DECLINED_NAME_CASES; ++i)
{
CHECK_PACKET_SIZE(recv_data, recv_data.rpos() + 1);
recv_data >> declinedname.name[i];
if(!normalizePlayerName(declinedname.name[i]))
{
@ -1093,8 +1069,6 @@ void WorldSession::HandleAlterAppearance( WorldPacket & recv_data )
{
sLog.outDebug("CMSG_ALTER_APPEARANCE");
CHECK_PACKET_SIZE(recv_data, 4+4+4);
uint32 Hair, Color, FacialHair;
recv_data >> Hair >> Color >> FacialHair;
@ -1141,8 +1115,6 @@ void WorldSession::HandleAlterAppearance( WorldPacket & recv_data )
void WorldSession::HandleRemoveGlyph( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
uint32 slot;
recv_data >> slot;
@ -1165,16 +1137,12 @@ void WorldSession::HandleRemoveGlyph( WorldPacket & recv_data )
void WorldSession::HandleCharCustomize(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 8+1);
uint64 guid;
std::string newname;
recv_data >> guid;
recv_data >> newname;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+1+1+1+1+1+1);
uint8 gender, skin, face, hairStyle, hairColor, facialHair;
recv_data >> gender >> skin >> hairColor >> hairStyle >> facialHair >> face;
@ -1267,18 +1235,14 @@ void WorldSession::HandleEquipmentSetSave(WorldPacket &recv_data)
if(!recv_data.readPackGUID(setGuid))
return;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos() + 4);
uint32 index;
recv_data >> index;
if(index >= MAX_EQUIPMENT_SET_INDEX) // client set slots amount
return;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos() + 1);
std::string name;
recv_data >> name;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos() + 1);
std::string iconName;
recv_data >> iconName;
@ -1331,8 +1295,6 @@ void WorldSession::HandleEquipmentSetUse(WorldPacket &recv_data)
if(!recv_data.readPackGUID(itemGuid))
return;
CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+1+1);
uint8 srcbag, srcslot;
recv_data >> srcbag >> srcslot;