1 | /* |
1 | /* |
2 | * static char *rcsid_init_c = |
2 | * static char *rcsid_init_c = |
3 | * "$Id: request.c,v 1.7 2006/04/21 05:13:28 root Exp $"; |
3 | * "$Id: request.c,v 1.8 2006/05/01 12:22:03 root Exp $"; |
4 | */ |
4 | */ |
5 | |
5 | |
6 | /* |
6 | /* |
7 | CrossFire, A Multiplayer game for X-windows |
7 | CrossFire, A Multiplayer game for X-windows |
8 | |
8 | |
… | |
… | |
2052 | for (i=1; i< NUM_SKILLS; i++) { |
2052 | for (i=1; i< NUM_SKILLS; i++) { |
2053 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
2053 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
2054 | skill_names[i]); |
2054 | skill_names[i]); |
2055 | } |
2055 | } |
2056 | sl.len = strlen((char*)sl.buf); |
2056 | sl.len = strlen((char*)sl.buf); |
2057 | if (sl.len > MAXSOCKBUF) { |
2057 | if (sl.len >= MAXSOCKBUF) { |
2058 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
2058 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
2059 | fatal(0); |
2059 | fatal(0); |
2060 | } |
2060 | } |
2061 | Send_With_Handling(ns, &sl); |
2061 | Send_With_Handling(ns, &sl); |
2062 | free(sl.buf); |
2062 | free(sl.buf); |
… | |
… | |
2073 | sl.buf = malloc(MAXSOCKBUF); |
2073 | sl.buf = malloc(MAXSOCKBUF); |
2074 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
2074 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
2075 | for(i=0; i<NRSPELLPATHS; i++) |
2075 | for(i=0; i<NRSPELLPATHS; i++) |
2076 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
2076 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
2077 | sl.len = strlen((char*)sl.buf); |
2077 | sl.len = strlen((char*)sl.buf); |
2078 | if (sl.len > MAXSOCKBUF) { |
2078 | if (sl.len >= MAXSOCKBUF) { |
2079 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
2079 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
2080 | fatal(0); |
2080 | fatal(0); |
2081 | } |
2081 | } |
2082 | Send_With_Handling(ns, &sl); |
2082 | Send_With_Handling(ns, &sl); |
2083 | free(sl.buf); |
2083 | free(sl.buf); |
… | |
… | |
2217 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
2217 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
2218 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
2218 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
2219 | * like it will fix this |
2219 | * like it will fix this |
2220 | */ |
2220 | */ |
2221 | if (spell->type != SPELL) continue; |
2221 | if (spell->type != SPELL) continue; |
2222 | if (sl.len > (MAXSOCKBUF - (26 + strlen(spell->name) + |
2222 | if (sl.len >= (MAXSOCKBUF - (26 + strlen(spell->name) + |
2223 | (spell->msg?strlen(spell->msg):0)))) { |
2223 | (spell->msg?strlen(spell->msg):0)))) { |
2224 | Send_With_Handling(&pl->socket, &sl); |
2224 | Send_With_Handling(&pl->socket, &sl); |
2225 | strcpy((char*)sl.buf,"addspell "); |
2225 | strcpy((char*)sl.buf,"addspell "); |
2226 | sl.len=strlen((char*)sl.buf); |
2226 | sl.len=strlen((char*)sl.buf); |
2227 | } |
2227 | } |
… | |
… | |
2231 | else if (spell->type != SPELL) { |
2231 | else if (spell->type != SPELL) { |
2232 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
2232 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
2233 | return; |
2233 | return; |
2234 | } |
2234 | } |
2235 | else append_spell(pl, &sl, spell); |
2235 | else append_spell(pl, &sl, spell); |
2236 | if (sl.len > MAXSOCKBUF) { |
2236 | if (sl.len >= MAXSOCKBUF) { |
2237 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
2237 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
2238 | fatal(0); |
2238 | fatal(0); |
2239 | } |
2239 | } |
2240 | /* finally, we can send the packet */ |
2240 | /* finally, we can send the packet */ |
2241 | Send_With_Handling(&pl->socket, &sl); |
2241 | Send_With_Handling(&pl->socket, &sl); |