ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/deliantra/server/socket/request.C
(Generate patch)

Comparing deliantra/server/socket/request.C (file contents):
Revision 1.117 by root, Sun Jul 29 18:34:46 2007 UTC vs.
Revision 1.118 by root, Sun Jul 29 19:11:47 2007 UTC

1388 sl << "replyinfo skill_info\n"; 1388 sl << "replyinfo skill_info\n";
1389 1389
1390 for (int i = 1; i < NUM_SKILLS; i++) 1390 for (int i = 1; i < NUM_SKILLS; i++)
1391 sl.printf ("%d:%s\n", i + CS_STAT_SKILLINFO, &skill_names[i]); 1391 sl.printf ("%d:%s\n", i + CS_STAT_SKILLINFO, &skill_names[i]);
1392 1392
1393 if (sl.length () >= MAXSOCKBUF) 1393 if (sl.length () > MAXSOCKBUF)
1394 { 1394 {
1395 LOG (llevError, "Buffer overflow in send_skill_info!\n"); 1395 LOG (llevError, "Buffer overflow in send_skill_info!\n");
1396 fatal (0); 1396 fatal (0);
1397 } 1397 }
1398 1398
1411 sl << "replyinfo spell_paths\n"; 1411 sl << "replyinfo spell_paths\n";
1412 1412
1413 for (int i = 0; i < NRSPELLPATHS; i++) 1413 for (int i = 0; i < NRSPELLPATHS; i++)
1414 sl.printf ("%d:%s\n", 1 << i, spellpathnames[i]); 1414 sl.printf ("%d:%s\n", 1 << i, spellpathnames[i]);
1415 1415
1416 if (sl.length () >= MAXSOCKBUF) 1416 if (sl.length () > MAXSOCKBUF)
1417 { 1417 {
1418 LOG (llevError, "Buffer overflow in send_spell_paths!\n"); 1418 LOG (llevError, "Buffer overflow in send_spell_paths!\n");
1419 fatal (0); 1419 fatal (0);
1420 } 1420 }
1421 1421
1584 /* Seeing crashes by overflowed buffers. Quick arithemetic seems 1584 /* Seeing crashes by overflowed buffers. Quick arithemetic seems
1585 * to show add_spell is 26 bytes + 2 strings. However, the overun 1585 * to show add_spell is 26 bytes + 2 strings. However, the overun
1586 * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem 1586 * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem
1587 * like it will fix this 1587 * like it will fix this
1588 */ 1588 */
1589 if (sl.length () >= (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0)))) 1589 if (sl.length () > (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0))))
1590 { 1590 {
1591 pl->ns->flush_fx (); 1591 pl->ns->flush_fx ();
1592 pl->ns->send_packet (sl); 1592 pl->ns->send_packet (sl);
1593 1593
1594 sl.reset (); 1594 sl.reset ();
1604 return; 1604 return;
1605 } 1605 }
1606 else 1606 else
1607 append_spell (pl, sl, spell); 1607 append_spell (pl, sl, spell);
1608 1608
1609 if (sl.length () >= MAXSOCKBUF) 1609 if (sl.length () > MAXSOCKBUF)
1610 { 1610 {
1611 LOG (llevError, "Buffer overflow in esrv_add_spells!\n"); 1611 LOG (llevError, "Buffer overflow in esrv_add_spells!\n");
1612 fatal (0); 1612 fatal (0);
1613 } 1613 }
1614 1614

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines