Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-27 12:22:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

[8378] Use exceptions instead of explicit size checking for each packet Author: arrai

Browse Source 
CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd
    could crash due to the asserts in ByteBuffer.h. That was exploitable by
    malicious players.
    Furthermore, there were duplicate checks: Additionally to
    CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye
    on not exceeding the packet boundaries - just to crash the server for
    sure in such a case.
    To prevent memory leaks or other undesirable states, please read in
    every handler all variables _before_ doing any concrete handling.

--HG--
branch : trunk
This commit is contained in:
megamage
2009-08-19 16:26:22 -05:00
parent d9ed49749d
commit e954904e6d
30 changed files with 128 additions and 739 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
src/game/MiscHandler.cpp
View File

@@ -74,8 +74,6 @@ void WorldSession::HandleRepopRequestOpcode( WorldPacket & /*recv_data*/ )
void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8+4+4);
sLog.outDebug("WORLD: CMSG_GOSSIP_SELECT_OPTION");
uint32 option;
@@ -88,7 +86,6 @@ void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data )
if(_player->PlayerTalkClass->GossipOptionCoded( option ))
{
// recheck
CHECK_PACKET_SIZE(recv_data,8+4+1);
sLog.outBasic("reading string");
recv_data >> code;
sLog.outBasic("string read: %s", code.c_str());
@@ -148,8 +145,6 @@ void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data )
void WorldSession::HandleWhoOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4+4+1+1+4+4+4+4);
sLog.outDebug( "WORLD: Recvd CMSG_WHO Message" );
//recv_data.hexlike();
@@ -163,14 +158,8 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data )
recv_data >> level_max; // minimal player level, default 100 (MAX_LEVEL)
recv_data >> player_name; // player name, case sensitive...
// recheck
CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+1+4+4+4+4);
recv_data >> guild_name; // guild name, case sensitive...
// recheck
CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+4);
recv_data >> racemask; // race mask
recv_data >> classmask; // class mask
recv_data >> zones_count; // zones count, client limit=10 (2.0.10)
@@ -178,9 +167,6 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data )
if(zones_count > 10)
return; // can't be received from real client or broken packet
// recheck
CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+(4*zones_count)+4);
for(uint32 i = 0; i < zones_count; ++i)
{
uint32 temp;
@@ -194,17 +180,11 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data )
if(str_count > 4)
return; // can't be received from real client or broken packet
// recheck
CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+(4*zones_count)+4+(1*str_count));
sLog.outDebug("Minlvl %u, maxlvl %u, name %s, guild %s, racemask %u, classmask %u, zones %u, strings %u", level_min, level_max, player_name.c_str(), guild_name.c_str(), racemask, classmask, zones_count, str_count);
std::wstring str[4]; // 4 is client limit
for(uint32 i = 0; i < str_count; ++i)
{
// recheck (have one more byte)
CHECK_PACKET_SIZE(recv_data,recv_data.rpos());
std::string temp;
recv_data >> temp; // user entered string, it used as universal search pattern(guild+player name)?
@@ -468,8 +448,6 @@ void WorldSession::HandleTogglePvP( WorldPacket & recv_data )
void WorldSession::HandleZoneUpdateOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4);
uint32 newZone;
recv_data >> newZone;
@@ -485,8 +463,6 @@ void WorldSession::HandleZoneUpdateOpcode( WorldPacket & recv_data )
void WorldSession::HandleSetTargetOpcode( WorldPacket & recv_data )
{
// When this packet send?
CHECK_PACKET_SIZE(recv_data,8);
uint64 guid ;
recv_data >> guid;
@@ -503,8 +479,6 @@ void WorldSession::HandleSetTargetOpcode( WorldPacket & recv_data )
void WorldSession::HandleSetSelectionOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,8);
uint64 guid;
recv_data >> guid;
@@ -521,8 +495,6 @@ void WorldSession::HandleSetSelectionOpcode( WorldPacket & recv_data )
void WorldSession::HandleStandStateChangeOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1);
sLog.outDebug( "WORLD: Received CMSG_STAND_STATE_CHANGE" );
uint8 animstate;
recv_data >> animstate;
@@ -532,7 +504,6 @@ void WorldSession::HandleStandStateChangeOpcode( WorldPacket & recv_data )
void WorldSession::HandleContactListOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
sLog.outDebug( "WORLD: Received CMSG_CONTACT_LIST" );
uint32 unk;
recv_data >> unk;
@@ -542,8 +513,6 @@ void WorldSession::HandleContactListOpcode( WorldPacket & recv_data )
void WorldSession::HandleAddFriendOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 1+1);
sLog.outDebug( "WORLD: Received CMSG_ADD_FRIEND" );
std::string friendName = GetTrinityString(LANG_FRIEND_IGNORE_UNKNOWN);
@@ -551,9 +520,6 @@ void WorldSession::HandleAddFriendOpcode( WorldPacket & recv_data )
recv_data >> friendName;
// recheck
CHECK_PACKET_SIZE(recv_data, (friendName.size()+1)+1);
recv_data >> friendNote;
if(!normalizePlayerName(friendName))
@@ -625,8 +591,6 @@ void WorldSession::HandleAddFriendOpcodeCallBack(QueryResult *result, uint32 acc
void WorldSession::HandleDelFriendOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 8);
uint64 FriendGUID;
sLog.outDebug( "WORLD: Received CMSG_DEL_FRIEND" );
@@ -642,8 +606,6 @@ void WorldSession::HandleDelFriendOpcode( WorldPacket & recv_data )
void WorldSession::HandleAddIgnoreOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,1);
sLog.outDebug( "WORLD: Received CMSG_ADD_IGNORE" );
std::string IgnoreName = GetTrinityString(LANG_FRIEND_IGNORE_UNKNOWN);
@@ -704,8 +666,6 @@ void WorldSession::HandleAddIgnoreOpcodeCallBack(QueryResult *result, uint32 acc
void WorldSession::HandleDelIgnoreOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 8);
uint64 IgnoreGUID;
sLog.outDebug( "WORLD: Received CMSG_DEL_IGNORE" );
@@ -721,7 +681,6 @@ void WorldSession::HandleDelIgnoreOpcode( WorldPacket & recv_data )
void WorldSession::HandleSetContactNotesOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 8+1);
sLog.outDebug("CMSG_SET_CONTACT_NOTES");
uint64 guid;
std::string note;
@@ -731,8 +690,6 @@ void WorldSession::HandleSetContactNotesOpcode( WorldPacket & recv_data )
void WorldSession::HandleBugOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data,4+4+1+4+1);
uint32 suggestion, contentlen;
std::string content;
uint32 typelen;
@@ -740,9 +697,6 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data )
recv_data >> suggestion >> contentlen >> content;
//recheck
CHECK_PACKET_SIZE(recv_data,4+4+(content.size()+1)+4+1);
recv_data >> typelen >> type;
if( suggestion == 0 )
@@ -750,8 +704,8 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data )
else
sLog.outDebug( "WORLD: Received CMSG_BUG [Suggestion]" );
sLog.outDebug( type.c_str( ) );
sLog.outDebug( content.c_str( ) );
sLog.outDebug("%s", type.c_str() );
sLog.outDebug("%s", content.c_str() );
CharacterDatabase.escape_string(type);
CharacterDatabase.escape_string(content);
@@ -760,8 +714,6 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data )
void WorldSession::HandleReclaimCorpseOpcode(WorldPacket &recv_data)
{
CHECK_PACKET_SIZE(recv_data,8);
sLog.outDetail("WORLD: Received CMSG_RECLAIM_CORPSE");
if (GetPlayer()->isAlive())
return;
@@ -800,8 +752,6 @@ void WorldSession::HandleReclaimCorpseOpcode(WorldPacket &recv_data)
void WorldSession::HandleResurrectResponseOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,8+1);
sLog.outDetail("WORLD: Received CMSG_RESURRECT_RESPONSE");
if(GetPlayer()->isAlive())
@@ -827,8 +777,6 @@ void WorldSession::HandleResurrectResponseOpcode(WorldPacket & recv_data)
void WorldSession::HandleAreaTriggerOpcode(WorldPacket & recv_data)
{
CHECK_PACKET_SIZE(recv_data,4);
sLog.outDebug("WORLD: Received CMSG_AREATRIGGER");
uint32 Trigger_ID;
@@ -951,8 +899,6 @@ void WorldSession::HandleUpdateAccountData(WorldPacket &recv_data)
{
sLog.outDetail("WORLD: Received CMSG_UPDATE_ACCOUNT_DATA");
CHECK_PACKET_SIZE(recv_data, 4+4+4);
uint32 type, timestamp, decompressedSize;
recv_data >> type >> timestamp >> decompressedSize;
@@ -1004,8 +950,6 @@ void WorldSession::HandleRequestAccountData(WorldPacket& recv_data)
{
sLog.outDetail("WORLD: Received CMSG_REQUEST_ACCOUNT_DATA");
CHECK_PACKET_SIZE(recv_data, 4);
uint32 type;
recv_data >> type;
@@ -1042,8 +986,6 @@ void WorldSession::HandleRequestAccountData(WorldPacket& recv_data)
void WorldSession::HandleSetActionButtonOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data,1+2+1+1);
sLog.outDebug( "WORLD: Received CMSG_SET_ACTION_BUTTON" );
uint8 button;
uint32 packetData;
@@ -1099,7 +1041,6 @@ void WorldSession::HandleMoveTimeSkippedOpcode( WorldPacket & /*recv_data*/ )
DEBUG_LOG( "WORLD: Time Lag/Synchronization Resent/Update" );
/*
CHECK_PACKET_SIZE(recv_data,8+4);
uint64 guid;
uint32 time_skipped;
recv_data >> guid;
@@ -1122,7 +1063,6 @@ void WorldSession::HandleFeatherFallAck(WorldPacket &/*recv_data*/)
void WorldSession::HandleMoveUnRootAck(WorldPacket&/* recv_data*/)
{
/*
CHECK_PACKET_SIZE(recv_data,8+8+4+4+4+4+4);
sLog.outDebug( "WORLD: CMSG_FORCE_MOVE_UNROOT_ACK" );
recv_data.hexlike();
@@ -1156,8 +1096,6 @@ void WorldSession::HandleMoveUnRootAck(WorldPacket&/* recv_data*/)
void WorldSession::HandleMoveRootAck(WorldPacket&/* recv_data*/)
{
/*
CHECK_PACKET_SIZE(recv_data,8+8+4+4+4+4+4);
sLog.outDebug( "WORLD: CMSG_FORCE_MOVE_ROOT_ACK" );
recv_data.hexlike();
uint64 guid;
@@ -1189,8 +1127,6 @@ void WorldSession::HandleMoveRootAck(WorldPacket&/* recv_data*/)
void WorldSession::HandleSetActionBarToggles(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data,1);
uint8 ActionBar;
recv_data >> ActionBar;
@@ -1208,8 +1144,6 @@ void WorldSession::HandleSetActionBarToggles(WorldPacket& recv_data)
void WorldSession::HandleWardenDataOpcode(WorldPacket& /*recv_data*/)
{
/*
CHECK_PACKET_SIZE(recv_data,1);
uint8 tmp;
recv_data >> tmp;
sLog.outDebug("Received opcode CMSG_WARDEN_DATA, not resolve.uint8 = %u",tmp);
@@ -1218,8 +1152,6 @@ void WorldSession::HandleWardenDataOpcode(WorldPacket& /*recv_data*/)
void WorldSession::HandlePlayedTime(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 1);
uint8 unk1;
recv_data >> unk1; // 0 or 1 expected
@@ -1232,8 +1164,6 @@ void WorldSession::HandlePlayedTime(WorldPacket& recv_data)
void WorldSession::HandleInspectOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 8);
uint64 guid;
recv_data >> guid;
DEBUG_LOG("Inspected guid is " UI64FMTD, guid);
@@ -1267,8 +1197,6 @@ void WorldSession::HandleInspectOpcode(WorldPacket& recv_data)
void WorldSession::HandleInspectHonorStatsOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 8);
uint64 guid;
recv_data >> guid;
@@ -1292,8 +1220,6 @@ void WorldSession::HandleInspectHonorStatsOpcode(WorldPacket& recv_data)
void WorldSession::HandleWorldTeleportOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data,4+4+4+4+4+4);
// write in client console: worldport 469 452 6454 2536 180 or /console worldport 469 452 6454 2536 180
// Received opcode CMSG_WORLD_TELEPORT
// Time is ***, map=469, x=452.000000, y=6454.000000, z=2536.000000, orient=3.141593
@@ -1330,8 +1256,6 @@ void WorldSession::HandleWorldTeleportOpcode(WorldPacket& recv_data)
void WorldSession::HandleWhoisOpcode(WorldPacket& recv_data)
{
CHECK_PACKET_SIZE(recv_data, 1);
sLog.outDebug("Received opcode CMSG_WHOIS");
std::string charname;
recv_data >> charname;
@@ -1389,7 +1313,6 @@ void WorldSession::HandleWhoisOpcode(WorldPacket& recv_data)
void WorldSession::HandleComplainOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 1+8);
sLog.outDebug("WORLD: CMSG_COMPLAIN");
recv_data.hexlike();
@@ -1405,13 +1328,11 @@ void WorldSession::HandleComplainOpcode( WorldPacket & recv_data )
switch(spam_type)
{
case 0:
CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+4+4+4);
recv_data >> unk1; // const 0
recv_data >> unk2; // probably mail id
recv_data >> unk3; // const 0
break;
case 1:
CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+4+4+4+4+1);
recv_data >> unk1; // probably language
recv_data >> unk2; // message type?
recv_data >> unk3; // probably channel id
@@ -1433,8 +1354,6 @@ void WorldSession::HandleComplainOpcode( WorldPacket & recv_data )
void WorldSession::HandleRealmSplitOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
sLog.outDebug("CMSG_REALM_SPLIT");
uint32 unk;
@@ -1455,8 +1374,6 @@ void WorldSession::HandleRealmSplitOpcode( WorldPacket & recv_data )
void WorldSession::HandleFarSightOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 1);
sLog.outDebug("WORLD: CMSG_FAR_SIGHT");
//recv_data.hexlike();
@@ -1488,8 +1405,6 @@ void WorldSession::HandleFarSightOpcode( WorldPacket & recv_data )
void WorldSession::HandleSetTitleOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
sLog.outDebug("CMSG_SET_TITLE");
int32 title;
@@ -1509,8 +1424,6 @@ void WorldSession::HandleSetTitleOpcode( WorldPacket & recv_data )
void WorldSession::HandleTimeSyncResp( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4+4);
sLog.outDebug("CMSG_TIME_SYNC_RESP");
uint32 counter, time_;
@@ -1537,8 +1450,6 @@ void WorldSession::HandleResetInstancesOpcode( WorldPacket & /*recv_data*/ )
void WorldSession::HandleSetDungeonDifficultyOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 4);
sLog.outDebug("MSG_SET_DUNGEON_DIFFICULTY");
uint32 mode;
@@ -1605,8 +1516,6 @@ void WorldSession::HandleCancelMountAuraOpcode( WorldPacket & /*recv_data*/ )
void WorldSession::HandleMoveSetCanFlyAckOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 8+4+4);
// fly mode on/off
sLog.outDebug("WORLD: CMSG_MOVE_SET_CAN_FLY_ACK");
//recv_data.hexlike();
@@ -1630,8 +1539,6 @@ void WorldSession::HandleRequestPetInfoOpcode( WorldPacket & /*recv_data */)
void WorldSession::HandleSetTaxiBenchmarkOpcode( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 1);
uint8 mode;
recv_data >> mode;
@@ -1640,7 +1547,6 @@ void WorldSession::HandleSetTaxiBenchmarkOpcode( WorldPacket & recv_data )
void WorldSession::HandleQueryInspectAchievements( WorldPacket & recv_data )
{
CHECK_PACKET_SIZE(recv_data, 1);
uint64 guid;
if(!recv_data.readPackGUID(guid))
return;