mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-14 16:37:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[8378] Use exceptions instead of explicit size checking for each packet

Browse source 
CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd
could crash due to the asserts in ByteBuffer.h. That was exploitable by
malicious players.
Furthermore, there were duplicate checks: Additionally to
CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye
on not exceeding the packet boundaries - just to crash the server for
sure in such a case.
To prevent memory leaks or other undesirable states, please read in
every handler all variables _before_ doing any concrete handling.
This commit is contained in:
arrai 2009-08-15 22:06:35 +02:00
parent c26c7395a1
commit a24f39a36f
32 changed files with 129 additions and 741 deletions
Download patch file Download diff file Expand all files Collapse all files

45
src/game/ItemHandler.cpp
View file

@ -29,8 +29,6 @@
void WorldSession::HandleSplitItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1+1+1+1);
//sLog.outDebug("WORLD: CMSG_SPLIT_ITEM");
uint8 srcbag, srcslot, dstbag, dstslot, count;
@ -63,8 +61,6 @@ void WorldSession::HandleSplitItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleSwapInvItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1);
//sLog.outDebug("WORLD: CMSG_SWAP_INV_ITEM");
uint8 srcslot, dstslot;
@ -95,7 +91,6 @@ void WorldSession::HandleSwapInvItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleAutoEquipItemSlotOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8+1);
uint64 itemguid;
uint8 dstslot;
recv_data >> itemguid >> dstslot;
@ -115,8 +110,6 @@ void WorldSession::HandleAutoEquipItemSlotOpcode( WorldPacket & recv_data )
void WorldSession::HandleSwapItem( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1+1+1);
//sLog.outDebug("WORLD: CMSG_SWAP_ITEM");
uint8 dstbag, dstslot, srcbag, srcslot;
@ -147,8 +140,6 @@ void WorldSession::HandleSwapItem( WorldPacket & recv_data )
void WorldSession::HandleAutoEquipItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1);
//sLog.outDebug("WORLD: CMSG_AUTOEQUIP_ITEM");
uint8 srcbag, srcslot;
@ -250,8 +241,6 @@ void WorldSession::HandleAutoEquipItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleDestroyItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1+1+1+1+1);
//sLog.outDebug("WORLD: CMSG_DESTROYITEM");
uint8 bag, slot, count, data1, data2, data3;
@ -290,8 +279,6 @@ void WorldSession::HandleDestroyItemOpcode( WorldPacket & recv_data )
// Only _static_ data send in this packet !!!
void WorldSession::HandleItemQuerySingleOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
//sLog.outDebug("WORLD: CMSG_ITEM_QUERY_SINGLE");
uint32 item;
recv_data >> item;
@ -453,8 +440,6 @@ void WorldSession::HandleItemQuerySingleOpcode( WorldPacket & recv_data )
void WorldSession::HandleReadItem( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1);
//sLog.outDebug( "WORLD: CMSG_READ_ITEM");
uint8 bag, slot;
@ -488,8 +473,6 @@ void WorldSession::HandleReadItem( WorldPacket & recv_data )
void WorldSession::HandlePageQuerySkippedOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4+8);
sLog.outDebug( "WORLD: Received CMSG_PAGE_TEXT_QUERY" );
uint32 itemid;
@ -503,8 +486,6 @@ void WorldSession::HandlePageQuerySkippedOpcode( WorldPacket & recv_data )
void WorldSession::HandleSellItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8+8+1);
sLog.outDebug( "WORLD: Received CMSG_SELL_ITEM" );
uint64 vendorguid, itemguid;
uint8 _count;
@ -614,8 +595,6 @@ void WorldSession::HandleSellItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleBuybackItem(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,8+4);
sLog.outDebug( "WORLD: Received CMSG_BUYBACK_ITEM" );
uint64 vendorguid;
uint32 slot;
@ -663,8 +642,6 @@ void WorldSession::HandleBuybackItem(WorldPacket & recv_data)
void WorldSession::HandleBuyItemInSlotOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8+4+4+8+1+4);
sLog.outDebug( "WORLD: Received CMSG_BUY_ITEM_IN_SLOT" );
uint64 vendorguid, bagguid;
uint32 item, slot, count;
@ -701,8 +678,6 @@ void WorldSession::HandleBuyItemInSlotOpcode( WorldPacket & recv_data )
void WorldSession::HandleBuyItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8+4+4+4+1);
sLog.outDebug( "WORLD: Received CMSG_BUY_ITEM" );
uint64 vendorguid;
uint32 item, slot, count;
@ -715,8 +690,6 @@ void WorldSession::HandleBuyItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleListInventoryOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8);
uint64 guid;
recv_data >> guid;
@ -799,8 +772,6 @@ void WorldSession::SendListInventory( uint64 vendorguid )
void WorldSession::HandleAutoStoreBagItemOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1+1+1);
//sLog.outDebug("WORLD: CMSG_AUTOSTORE_BAG_ITEM");
uint8 srcbag, srcslot, dstbag;
@ -852,8 +823,6 @@ void WorldSession::HandleAutoStoreBagItemOpcode( WorldPacket & recv_data )
void WorldSession::HandleBuyBankSlotOpcode(WorldPacket& recvPacket)
{
CHECK_PACKET_SIZE(recvPacket, 8);
sLog.outDebug("WORLD: CMSG_BUY_BANK_SLOT");
uint64 guid;
@ -893,8 +862,6 @@ void WorldSession::HandleBuyBankSlotOpcode(WorldPacket& recvPacket)
void WorldSession::HandleAutoBankItemOpcode(WorldPacket& recvPacket)
{
CHECK_PACKET_SIZE(recvPacket,1+1);
sLog.outDebug("WORLD: CMSG_AUTOBANK_ITEM");
uint8 srcbag, srcslot;
@ -919,8 +886,6 @@ void WorldSession::HandleAutoBankItemOpcode(WorldPacket& recvPacket)
void WorldSession::HandleAutoStoreBankItemOpcode(WorldPacket& recvPacket)
{
CHECK_PACKET_SIZE(recvPacket,1+1);
sLog.outDebug("WORLD: CMSG_AUTOSTORE_BANK_ITEM");
uint8 srcbag, srcslot;
@ -961,8 +926,6 @@ void WorldSession::HandleAutoStoreBankItemOpcode(WorldPacket& recvPacket)
void WorldSession::HandleSetAmmoOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,4);
if(!GetPlayer()->isAlive())
{
GetPlayer()->SendEquipError( EQUIP_ERR_YOU_ARE_DEAD, NULL, NULL );
@ -1004,8 +967,6 @@ void WorldSession::SendItemEnchantTimeUpdate(uint64 Playerguid, uint64 Itemguid,
void WorldSession::HandleItemNameQueryOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,4);
uint32 itemid;
recv_data >> itemid;
sLog.outDebug("WORLD: CMSG_ITEM_NAME_QUERY %u", itemid);
@ -1045,8 +1006,6 @@ void WorldSession::HandleItemNameQueryOpcode(WorldPacket & recv_data)
void WorldSession::HandleWrapItemOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data,1+1+1+1);
sLog.outDebug("Received opcode CMSG_WRAP_ITEM");
uint8 gift_bag, gift_slot, item_bag, item_slot;
@ -1154,8 +1113,6 @@ void WorldSession::HandleSocketOpcode(WorldPacket& recv_data)
{
sLog.outDebug("WORLD: CMSG_SOCKET_GEMS");
CHECK_PACKET_SIZE(recv_data,8+8*MAX_GEM_SOCKETS);
uint64 item_guid;
uint64 gem_guids[MAX_GEM_SOCKETS];
@ -1356,8 +1313,6 @@ void WorldSession::HandleCancelTempEnchantmentOpcode(WorldPacket& recv_data)
{
sLog.outDebug("WORLD: CMSG_CANCEL_TEMP_ENCHANTMENT");
CHECK_PACKET_SIZE(recv_data,4);
uint32 eslot;
recv_data >> eslot;