mirror of
https://github.com/mangosfour/server.git
synced 2025-12-16 04:37:00 +00:00
[8378] Use exceptions instead of explicit size checking for each packet
CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd could crash due to the asserts in ByteBuffer.h. That was exploitable by malicious players. Furthermore, there were duplicate checks: Additionally to CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye on not exceeding the packet boundaries - just to crash the server for sure in such a case. To prevent memory leaks or other undesirable states, please read in every handler all variables _before_ doing any concrete handling.
This commit is contained in:
arrai
parent
c26c7395a1
commit
a24f39a36f
32 changed files with 129 additions and 741 deletions
|
|
@ -52,8 +52,6 @@ void MailItem::deleteItem( bool inDB )
|
|||
|
||||
void WorldSession::HandleSendMail(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+1+1+1+4+4+1+4+4+8+1);
|
||||
|
||||
uint64 mailbox, unk3;
|
||||
std::string receiver, subject, body;
|
||||
uint32 unk1, unk2, money, COD;
|
||||
|
|
@ -64,19 +62,10 @@ void WorldSession::HandleSendMail(WorldPacket & recv_data )
|
|||
if (!GetPlayer()->GetGameObjectIfCanInteractWith(mailbox, GAMEOBJECT_TYPE_MAILBOX))
|
||||
return;
|
||||
|
||||
// recheck
|
||||
CHECK_PACKET_SIZE(recv_data, 8+(receiver.size()+1)+1+1+4+4+1+4+4+8+1);
|
||||
|
||||
recv_data >> subject;
|
||||
|
||||
// recheck
|
||||
CHECK_PACKET_SIZE(recv_data, 8+(receiver.size()+1)+(subject.size()+1)+1+4+4+1+4+4+8+1);
|
||||
|
||||
recv_data >> body;
|
||||
|
||||
// recheck
|
||||
CHECK_PACKET_SIZE(recv_data, 8+(receiver.size()+1)+(subject.size()+1)+(body.size()+1)+4+4+1+4+4+8+1);
|
||||
|
||||
recv_data >> unk1; // stationery?
|
||||
recv_data >> unk2; // 0x00000000
|
||||
|
||||
|
|
@ -91,9 +80,6 @@ void WorldSession::HandleSendMail(WorldPacket & recv_data )
|
|||
return;
|
||||
}
|
||||
|
||||
// recheck
|
||||
CHECK_PACKET_SIZE(recv_data, 8+(receiver.size()+1)+(subject.size()+1)+(body.size()+1)+4+4+1+items_count*(1+8)+4+4+8+1);
|
||||
|
||||
if(items_count)
|
||||
{
|
||||
for(uint8 i = 0; i < items_count; ++i)
|
||||
|
|
@ -297,8 +283,6 @@ void WorldSession::HandleSendMail(WorldPacket & recv_data )
|
|||
//called when mail is read
|
||||
void WorldSession::HandleMailMarkAsRead(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
recv_data >> mailbox;
|
||||
|
|
@ -323,8 +307,6 @@ void WorldSession::HandleMailMarkAsRead(WorldPacket & recv_data )
|
|||
//called when client deletes mail
|
||||
void WorldSession::HandleMailDelete(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
recv_data >> mailbox;
|
||||
|
|
@ -343,8 +325,6 @@ void WorldSession::HandleMailDelete(WorldPacket & recv_data )
|
|||
|
||||
void WorldSession::HandleMailReturnToSender(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
recv_data >> mailbox;
|
||||
|
|
@ -443,8 +423,6 @@ void WorldSession::SendReturnToSender(uint8 messageType, uint32 sender_acc, uint
|
|||
//called when player takes item attached in mail
|
||||
void WorldSession::HandleMailTakeItem(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
uint32 itemId;
|
||||
|
|
@ -538,8 +516,6 @@ void WorldSession::HandleMailTakeItem(WorldPacket & recv_data )
|
|||
|
||||
void WorldSession::HandleMailTakeMoney(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
recv_data >> mailbox;
|
||||
|
|
@ -574,8 +550,6 @@ void WorldSession::HandleMailTakeMoney(WorldPacket & recv_data )
|
|||
//called when player lists his received mails
|
||||
void WorldSession::HandleGetMailList(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8);
|
||||
|
||||
uint64 mailbox;
|
||||
recv_data >> mailbox;
|
||||
|
||||
|
|
@ -696,8 +670,6 @@ void WorldSession::HandleGetMailList(WorldPacket & recv_data )
|
|||
///this function is called when client needs mail message body, or when player clicks on item which has ITEM_FIELD_ITEM_TEXT_ID > 0
|
||||
void WorldSession::HandleItemTextQuery(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,4+4+4);
|
||||
|
||||
uint32 itemTextId;
|
||||
uint32 mailId; //this value can be item id in bag, but it is also mail id
|
||||
uint32 unk; //maybe something like state - 0x70000000
|
||||
|
|
@ -717,8 +689,6 @@ void WorldSession::HandleItemTextQuery(WorldPacket & recv_data )
|
|||
//used when player copies mail body to his inventory
|
||||
void WorldSession::HandleMailCreateTextItem(WorldPacket & recv_data )
|
||||
{
|
||||
CHECK_PACKET_SIZE(recv_data,8+4);
|
||||
|
||||
uint64 mailbox;
|
||||
uint32 mailId;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue