| 1 | /* |
1 | /* |
| 2 | * static char *rcsid_init_c = |
2 | * static char *rcsid_init_c = |
| 3 | * "$Id: request.c,v 1.5 2006/04/17 06:11:41 root Exp $"; |
3 | * "$Id: request.c,v 1.8 2006/05/01 12:22:03 root Exp $"; |
| 4 | */ |
4 | */ |
| 5 | |
5 | |
| 6 | /* |
6 | /* |
| 7 | CrossFire, A Multiplayer game for X-windows |
7 | CrossFire, A Multiplayer game for X-windows |
| 8 | |
8 | |
| … | |
… | |
| 586 | short packet; |
586 | short packet; |
| 587 | char command[MAX_BUF]; |
587 | char command[MAX_BUF]; |
| 588 | SockList sl; |
588 | SockList sl; |
| 589 | |
589 | |
| 590 | if (len < 7) { |
590 | if (len < 7) { |
| 591 | LOG(llevDebug,"Corrupt ncom command - not long enough - discarding\n"); |
591 | LOG(llevDebug,"Corrupt ncom command <%s> not long enough - discarding\n", buf); |
| 592 | return; |
592 | return; |
| 593 | } |
593 | } |
| 594 | |
594 | |
| 595 | packet = GetShort_String(buf); |
595 | packet = GetShort_String(buf); |
| 596 | repeat = GetInt_String(buf+2); |
596 | repeat = GetInt_String(buf+2); |
| … | |
… | |
| 787 | { |
787 | { |
| 788 | if( pl->socket.newmapcmd == 1) { |
788 | if( pl->socket.newmapcmd == 1) { |
| 789 | memset(&pl->socket.lastmap, 0, sizeof(pl->socket.lastmap)); |
789 | memset(&pl->socket.lastmap, 0, sizeof(pl->socket.lastmap)); |
| 790 | Write_String_To_Socket( &pl->socket, "newmap", 6); |
790 | Write_String_To_Socket( &pl->socket, "newmap", 6); |
| 791 | } |
791 | } |
|
|
792 | pl->socket.current_map = 0; |
| 792 | } |
793 | } |
| 793 | |
794 | |
| 794 | |
795 | |
| 795 | |
796 | |
| 796 | /** |
797 | /** |
| … | |
… | |
| 2051 | for (i=1; i< NUM_SKILLS; i++) { |
2052 | for (i=1; i< NUM_SKILLS; i++) { |
| 2052 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
2053 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
| 2053 | skill_names[i]); |
2054 | skill_names[i]); |
| 2054 | } |
2055 | } |
| 2055 | sl.len = strlen((char*)sl.buf); |
2056 | sl.len = strlen((char*)sl.buf); |
| 2056 | if (sl.len > MAXSOCKBUF) { |
2057 | if (sl.len >= MAXSOCKBUF) { |
| 2057 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
2058 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
| 2058 | fatal(0); |
2059 | fatal(0); |
| 2059 | } |
2060 | } |
| 2060 | Send_With_Handling(ns, &sl); |
2061 | Send_With_Handling(ns, &sl); |
| 2061 | free(sl.buf); |
2062 | free(sl.buf); |
| … | |
… | |
| 2072 | sl.buf = malloc(MAXSOCKBUF); |
2073 | sl.buf = malloc(MAXSOCKBUF); |
| 2073 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
2074 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
| 2074 | for(i=0; i<NRSPELLPATHS; i++) |
2075 | for(i=0; i<NRSPELLPATHS; i++) |
| 2075 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
2076 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
| 2076 | sl.len = strlen((char*)sl.buf); |
2077 | sl.len = strlen((char*)sl.buf); |
| 2077 | if (sl.len > MAXSOCKBUF) { |
2078 | if (sl.len >= MAXSOCKBUF) { |
| 2078 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
2079 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
| 2079 | fatal(0); |
2080 | fatal(0); |
| 2080 | } |
2081 | } |
| 2081 | Send_With_Handling(ns, &sl); |
2082 | Send_With_Handling(ns, &sl); |
| 2082 | free(sl.buf); |
2083 | free(sl.buf); |
| … | |
… | |
| 2216 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
2217 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
| 2217 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
2218 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
| 2218 | * like it will fix this |
2219 | * like it will fix this |
| 2219 | */ |
2220 | */ |
| 2220 | if (spell->type != SPELL) continue; |
2221 | if (spell->type != SPELL) continue; |
| 2221 | if (sl.len > (MAXSOCKBUF - (26 + strlen(spell->name) + |
2222 | if (sl.len >= (MAXSOCKBUF - (26 + strlen(spell->name) + |
| 2222 | (spell->msg?strlen(spell->msg):0)))) { |
2223 | (spell->msg?strlen(spell->msg):0)))) { |
| 2223 | Send_With_Handling(&pl->socket, &sl); |
2224 | Send_With_Handling(&pl->socket, &sl); |
| 2224 | strcpy((char*)sl.buf,"addspell "); |
2225 | strcpy((char*)sl.buf,"addspell "); |
| 2225 | sl.len=strlen((char*)sl.buf); |
2226 | sl.len=strlen((char*)sl.buf); |
| 2226 | } |
2227 | } |
| … | |
… | |
| 2230 | else if (spell->type != SPELL) { |
2231 | else if (spell->type != SPELL) { |
| 2231 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
2232 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
| 2232 | return; |
2233 | return; |
| 2233 | } |
2234 | } |
| 2234 | else append_spell(pl, &sl, spell); |
2235 | else append_spell(pl, &sl, spell); |
| 2235 | if (sl.len > MAXSOCKBUF) { |
2236 | if (sl.len >= MAXSOCKBUF) { |
| 2236 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
2237 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
| 2237 | fatal(0); |
2238 | fatal(0); |
| 2238 | } |
2239 | } |
| 2239 | /* finally, we can send the packet */ |
2240 | /* finally, we can send the packet */ |
| 2240 | Send_With_Handling(&pl->socket, &sl); |
2241 | Send_With_Handling(&pl->socket, &sl); |
