… | |
… | |
1388 | sl << "replyinfo skill_info\n"; |
1388 | sl << "replyinfo skill_info\n"; |
1389 | |
1389 | |
1390 | for (int i = 1; i < NUM_SKILLS; i++) |
1390 | for (int i = 1; i < NUM_SKILLS; i++) |
1391 | sl.printf ("%d:%s\n", i + CS_STAT_SKILLINFO, &skill_names[i]); |
1391 | sl.printf ("%d:%s\n", i + CS_STAT_SKILLINFO, &skill_names[i]); |
1392 | |
1392 | |
1393 | if (sl.length () >= MAXSOCKBUF) |
1393 | if (sl.length () > MAXSOCKBUF) |
1394 | { |
1394 | { |
1395 | LOG (llevError, "Buffer overflow in send_skill_info!\n"); |
1395 | LOG (llevError, "Buffer overflow in send_skill_info!\n"); |
1396 | fatal (0); |
1396 | fatal (0); |
1397 | } |
1397 | } |
1398 | |
1398 | |
… | |
… | |
1411 | sl << "replyinfo spell_paths\n"; |
1411 | sl << "replyinfo spell_paths\n"; |
1412 | |
1412 | |
1413 | for (int i = 0; i < NRSPELLPATHS; i++) |
1413 | for (int i = 0; i < NRSPELLPATHS; i++) |
1414 | sl.printf ("%d:%s\n", 1 << i, spellpathnames[i]); |
1414 | sl.printf ("%d:%s\n", 1 << i, spellpathnames[i]); |
1415 | |
1415 | |
1416 | if (sl.length () >= MAXSOCKBUF) |
1416 | if (sl.length () > MAXSOCKBUF) |
1417 | { |
1417 | { |
1418 | LOG (llevError, "Buffer overflow in send_spell_paths!\n"); |
1418 | LOG (llevError, "Buffer overflow in send_spell_paths!\n"); |
1419 | fatal (0); |
1419 | fatal (0); |
1420 | } |
1420 | } |
1421 | |
1421 | |
… | |
… | |
1529 | if (!spell->face) |
1529 | if (!spell->face) |
1530 | { |
1530 | { |
1531 | LOG (llevError, "%s: spell has no face, but face is mandatory.\n", &spell->name); |
1531 | LOG (llevError, "%s: spell has no face, but face is mandatory.\n", &spell->name); |
1532 | spell->face = face_find ("burnout.x11", blank_face); |
1532 | spell->face = face_find ("burnout.x11", blank_face); |
1533 | } |
1533 | } |
|
|
1534 | |
|
|
1535 | pl->ns->send_face (spell->face); |
1534 | |
1536 | |
1535 | /* send the current values */ |
1537 | /* send the current values */ |
1536 | sl << uint32 (spell->count) |
1538 | sl << uint32 (spell->count) |
1537 | << uint16 (spell->level) |
1539 | << uint16 (spell->level) |
1538 | << uint16 (spell->casting_time) |
1540 | << uint16 (spell->casting_time) |
… | |
… | |
1574 | * bytes and 3 strings (because that is the spec) so we need to |
1576 | * bytes and 3 strings (because that is the spec) so we need to |
1575 | * check that the length of those 3 strings, plus the 23 bytes, |
1577 | * check that the length of those 3 strings, plus the 23 bytes, |
1576 | * won't take us over the length limit for the socket, if it does, |
1578 | * won't take us over the length limit for the socket, if it does, |
1577 | * we need to send what we already have, and restart packet formation |
1579 | * we need to send what we already have, and restart packet formation |
1578 | */ |
1580 | */ |
|
|
1581 | if (spell->type != SPELL) |
|
|
1582 | continue; |
|
|
1583 | |
1579 | /* Seeing crashes by overflowed buffers. Quick arithemetic seems |
1584 | /* Seeing crashes by overflowed buffers. Quick arithemetic seems |
1580 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
1585 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
1581 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
1586 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
1582 | * like it will fix this |
1587 | * like it will fix this |
1583 | */ |
1588 | */ |
1584 | if (spell->type != SPELL) |
|
|
1585 | continue; |
|
|
1586 | |
|
|
1587 | if (sl.length () >= (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0)))) |
1589 | if (sl.length () > (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0)))) |
1588 | { |
1590 | { |
|
|
1591 | pl->ns->flush_fx (); |
1589 | pl->ns->send_packet (sl); |
1592 | pl->ns->send_packet (sl); |
1590 | |
1593 | |
1591 | sl.reset (); |
1594 | sl.reset (); |
1592 | sl << "addspell "; |
1595 | sl << "addspell "; |
1593 | } |
1596 | } |
… | |
… | |
1601 | return; |
1604 | return; |
1602 | } |
1605 | } |
1603 | else |
1606 | else |
1604 | append_spell (pl, sl, spell); |
1607 | append_spell (pl, sl, spell); |
1605 | |
1608 | |
1606 | if (sl.length () >= MAXSOCKBUF) |
1609 | if (sl.length () > MAXSOCKBUF) |
1607 | { |
1610 | { |
1608 | LOG (llevError, "Buffer overflow in esrv_add_spells!\n"); |
1611 | LOG (llevError, "Buffer overflow in esrv_add_spells!\n"); |
1609 | fatal (0); |
1612 | fatal (0); |
1610 | } |
1613 | } |
1611 | |
1614 | |
1612 | /* finally, we can send the packet */ |
1615 | /* finally, we can send the packet */ |
|
|
1616 | pl->ns->flush_fx (); |
1613 | pl->ns->send_packet (sl); |
1617 | pl->ns->send_packet (sl); |
1614 | } |
1618 | } |
1615 | |
1619 | |