| 1 | /* |
1 | /* |
| 2 | * static char *rcsid_init_c = |
2 | * static char *rcsid_init_c = |
| 3 | * "$Id: request.c,v 1.7 2006/04/21 05:13:28 root Exp $"; |
3 | * "$Id: request.c,v 1.8 2006/05/01 12:22:03 root Exp $"; |
| 4 | */ |
4 | */ |
| 5 | |
5 | |
| 6 | /* |
6 | /* |
| 7 | CrossFire, A Multiplayer game for X-windows |
7 | CrossFire, A Multiplayer game for X-windows |
| 8 | |
8 | |
| … | |
… | |
| 2052 | for (i=1; i< NUM_SKILLS; i++) { |
2052 | for (i=1; i< NUM_SKILLS; i++) { |
| 2053 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
2053 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", i + CS_STAT_SKILLINFO, |
| 2054 | skill_names[i]); |
2054 | skill_names[i]); |
| 2055 | } |
2055 | } |
| 2056 | sl.len = strlen((char*)sl.buf); |
2056 | sl.len = strlen((char*)sl.buf); |
| 2057 | if (sl.len > MAXSOCKBUF) { |
2057 | if (sl.len >= MAXSOCKBUF) { |
| 2058 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
2058 | LOG(llevError,"Buffer overflow in send_skill_info!\n"); |
| 2059 | fatal(0); |
2059 | fatal(0); |
| 2060 | } |
2060 | } |
| 2061 | Send_With_Handling(ns, &sl); |
2061 | Send_With_Handling(ns, &sl); |
| 2062 | free(sl.buf); |
2062 | free(sl.buf); |
| … | |
… | |
| 2073 | sl.buf = malloc(MAXSOCKBUF); |
2073 | sl.buf = malloc(MAXSOCKBUF); |
| 2074 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
2074 | strcpy((char*)sl.buf,"replyinfo spell_paths\n"); |
| 2075 | for(i=0; i<NRSPELLPATHS; i++) |
2075 | for(i=0; i<NRSPELLPATHS; i++) |
| 2076 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
2076 | sprintf((char*)sl.buf + strlen((char*)sl.buf), "%d:%s\n", 1<<i, spellpathnames[i]); |
| 2077 | sl.len = strlen((char*)sl.buf); |
2077 | sl.len = strlen((char*)sl.buf); |
| 2078 | if (sl.len > MAXSOCKBUF) { |
2078 | if (sl.len >= MAXSOCKBUF) { |
| 2079 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
2079 | LOG(llevError,"Buffer overflow in send_spell_paths!\n"); |
| 2080 | fatal(0); |
2080 | fatal(0); |
| 2081 | } |
2081 | } |
| 2082 | Send_With_Handling(ns, &sl); |
2082 | Send_With_Handling(ns, &sl); |
| 2083 | free(sl.buf); |
2083 | free(sl.buf); |
| … | |
… | |
| 2217 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
2217 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
| 2218 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
2218 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
| 2219 | * like it will fix this |
2219 | * like it will fix this |
| 2220 | */ |
2220 | */ |
| 2221 | if (spell->type != SPELL) continue; |
2221 | if (spell->type != SPELL) continue; |
| 2222 | if (sl.len > (MAXSOCKBUF - (26 + strlen(spell->name) + |
2222 | if (sl.len >= (MAXSOCKBUF - (26 + strlen(spell->name) + |
| 2223 | (spell->msg?strlen(spell->msg):0)))) { |
2223 | (spell->msg?strlen(spell->msg):0)))) { |
| 2224 | Send_With_Handling(&pl->socket, &sl); |
2224 | Send_With_Handling(&pl->socket, &sl); |
| 2225 | strcpy((char*)sl.buf,"addspell "); |
2225 | strcpy((char*)sl.buf,"addspell "); |
| 2226 | sl.len=strlen((char*)sl.buf); |
2226 | sl.len=strlen((char*)sl.buf); |
| 2227 | } |
2227 | } |
| … | |
… | |
| 2231 | else if (spell->type != SPELL) { |
2231 | else if (spell->type != SPELL) { |
| 2232 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
2232 | LOG(llevError, "Asked to send a non-spell object as a spell"); |
| 2233 | return; |
2233 | return; |
| 2234 | } |
2234 | } |
| 2235 | else append_spell(pl, &sl, spell); |
2235 | else append_spell(pl, &sl, spell); |
| 2236 | if (sl.len > MAXSOCKBUF) { |
2236 | if (sl.len >= MAXSOCKBUF) { |
| 2237 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
2237 | LOG(llevError,"Buffer overflow in esrv_add_spells!\n"); |
| 2238 | fatal(0); |
2238 | fatal(0); |
| 2239 | } |
2239 | } |
| 2240 | /* finally, we can send the packet */ |
2240 | /* finally, we can send the packet */ |
| 2241 | Send_With_Handling(&pl->socket, &sl); |
2241 | Send_With_Handling(&pl->socket, &sl); |
