From e954904e6d0f026254d4ab93c6b4d051cc7253c6 Mon Sep 17 00:00:00 2001 From: megamage Date: Wed, 19 Aug 2009 16:26:22 -0500 Subject: [8378] Use exceptions instead of explicit size checking for each packet Author: arrai CHECK_PACKET_SIZE was pretty error prone; once it was forgotten mangosd could crash due to the asserts in ByteBuffer.h. That was exploitable by malicious players. Furthermore, there were duplicate checks: Additionally to CHECK_PACKET_SIZE, the ByteBuffer assertions keept an eye on not exceeding the packet boundaries - just to crash the server for sure in such a case. To prevent memory leaks or other undesirable states, please read in every handler all variables _before_ doing any concrete handling. --HG-- branch : trunk --- src/game/MiscHandler.cpp | 98 +----------------------------------------------- 1 file changed, 2 insertions(+), 96 deletions(-) (limited to 'src/game/MiscHandler.cpp') diff --git a/src/game/MiscHandler.cpp b/src/game/MiscHandler.cpp index 48fdda872e9..066ef3d1fd5 100644 --- a/src/game/MiscHandler.cpp +++ b/src/game/MiscHandler.cpp @@ -74,8 +74,6 @@ void WorldSession::HandleRepopRequestOpcode( WorldPacket & /*recv_data*/ ) void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,8+4+4); - sLog.outDebug("WORLD: CMSG_GOSSIP_SELECT_OPTION"); uint32 option; @@ -88,7 +86,6 @@ void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data ) if(_player->PlayerTalkClass->GossipOptionCoded( option )) { // recheck - CHECK_PACKET_SIZE(recv_data,8+4+1); sLog.outBasic("reading string"); recv_data >> code; sLog.outBasic("string read: %s", code.c_str()); @@ -148,8 +145,6 @@ void WorldSession::HandleGossipSelectOptionOpcode( WorldPacket & recv_data ) void WorldSession::HandleWhoOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,4+4+1+1+4+4+4+4); - sLog.outDebug( "WORLD: Recvd CMSG_WHO Message" ); //recv_data.hexlike(); @@ -163,14 +158,8 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data ) recv_data >> level_max; // minimal player level, default 100 (MAX_LEVEL) recv_data >> player_name; // player name, case sensitive... - // recheck - CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+1+4+4+4+4); - recv_data >> guild_name; // guild name, case sensitive... - // recheck - CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+4); - recv_data >> racemask; // race mask recv_data >> classmask; // class mask recv_data >> zones_count; // zones count, client limit=10 (2.0.10) @@ -178,9 +167,6 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data ) if(zones_count > 10) return; // can't be received from real client or broken packet - // recheck - CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+(4*zones_count)+4); - for(uint32 i = 0; i < zones_count; ++i) { uint32 temp; @@ -194,17 +180,11 @@ void WorldSession::HandleWhoOpcode( WorldPacket & recv_data ) if(str_count > 4) return; // can't be received from real client or broken packet - // recheck - CHECK_PACKET_SIZE(recv_data,4+4+(player_name.size()+1)+(guild_name.size()+1)+4+4+4+(4*zones_count)+4+(1*str_count)); - sLog.outDebug("Minlvl %u, maxlvl %u, name %s, guild %s, racemask %u, classmask %u, zones %u, strings %u", level_min, level_max, player_name.c_str(), guild_name.c_str(), racemask, classmask, zones_count, str_count); std::wstring str[4]; // 4 is client limit for(uint32 i = 0; i < str_count; ++i) { - // recheck (have one more byte) - CHECK_PACKET_SIZE(recv_data,recv_data.rpos()); - std::string temp; recv_data >> temp; // user entered string, it used as universal search pattern(guild+player name)? @@ -468,8 +448,6 @@ void WorldSession::HandleTogglePvP( WorldPacket & recv_data ) void WorldSession::HandleZoneUpdateOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,4); - uint32 newZone; recv_data >> newZone; @@ -485,8 +463,6 @@ void WorldSession::HandleZoneUpdateOpcode( WorldPacket & recv_data ) void WorldSession::HandleSetTargetOpcode( WorldPacket & recv_data ) { // When this packet send? - CHECK_PACKET_SIZE(recv_data,8); - uint64 guid ; recv_data >> guid; @@ -503,8 +479,6 @@ void WorldSession::HandleSetTargetOpcode( WorldPacket & recv_data ) void WorldSession::HandleSetSelectionOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,8); - uint64 guid; recv_data >> guid; @@ -521,8 +495,6 @@ void WorldSession::HandleSetSelectionOpcode( WorldPacket & recv_data ) void WorldSession::HandleStandStateChangeOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,1); - sLog.outDebug( "WORLD: Received CMSG_STAND_STATE_CHANGE" ); uint8 animstate; recv_data >> animstate; @@ -532,7 +504,6 @@ void WorldSession::HandleStandStateChangeOpcode( WorldPacket & recv_data ) void WorldSession::HandleContactListOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 4); sLog.outDebug( "WORLD: Received CMSG_CONTACT_LIST" ); uint32 unk; recv_data >> unk; @@ -542,8 +513,6 @@ void WorldSession::HandleContactListOpcode( WorldPacket & recv_data ) void WorldSession::HandleAddFriendOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 1+1); - sLog.outDebug( "WORLD: Received CMSG_ADD_FRIEND" ); std::string friendName = GetTrinityString(LANG_FRIEND_IGNORE_UNKNOWN); @@ -551,9 +520,6 @@ void WorldSession::HandleAddFriendOpcode( WorldPacket & recv_data ) recv_data >> friendName; - // recheck - CHECK_PACKET_SIZE(recv_data, (friendName.size()+1)+1); - recv_data >> friendNote; if(!normalizePlayerName(friendName)) @@ -625,8 +591,6 @@ void WorldSession::HandleAddFriendOpcodeCallBack(QueryResult *result, uint32 acc void WorldSession::HandleDelFriendOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 8); - uint64 FriendGUID; sLog.outDebug( "WORLD: Received CMSG_DEL_FRIEND" ); @@ -642,8 +606,6 @@ void WorldSession::HandleDelFriendOpcode( WorldPacket & recv_data ) void WorldSession::HandleAddIgnoreOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,1); - sLog.outDebug( "WORLD: Received CMSG_ADD_IGNORE" ); std::string IgnoreName = GetTrinityString(LANG_FRIEND_IGNORE_UNKNOWN); @@ -704,8 +666,6 @@ void WorldSession::HandleAddIgnoreOpcodeCallBack(QueryResult *result, uint32 acc void WorldSession::HandleDelIgnoreOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 8); - uint64 IgnoreGUID; sLog.outDebug( "WORLD: Received CMSG_DEL_IGNORE" ); @@ -721,7 +681,6 @@ void WorldSession::HandleDelIgnoreOpcode( WorldPacket & recv_data ) void WorldSession::HandleSetContactNotesOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 8+1); sLog.outDebug("CMSG_SET_CONTACT_NOTES"); uint64 guid; std::string note; @@ -731,8 +690,6 @@ void WorldSession::HandleSetContactNotesOpcode( WorldPacket & recv_data ) void WorldSession::HandleBugOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data,4+4+1+4+1); - uint32 suggestion, contentlen; std::string content; uint32 typelen; @@ -740,9 +697,6 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data ) recv_data >> suggestion >> contentlen >> content; - //recheck - CHECK_PACKET_SIZE(recv_data,4+4+(content.size()+1)+4+1); - recv_data >> typelen >> type; if( suggestion == 0 ) @@ -750,8 +704,8 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data ) else sLog.outDebug( "WORLD: Received CMSG_BUG [Suggestion]" ); - sLog.outDebug( type.c_str( ) ); - sLog.outDebug( content.c_str( ) ); + sLog.outDebug("%s", type.c_str() ); + sLog.outDebug("%s", content.c_str() ); CharacterDatabase.escape_string(type); CharacterDatabase.escape_string(content); @@ -760,8 +714,6 @@ void WorldSession::HandleBugOpcode( WorldPacket & recv_data ) void WorldSession::HandleReclaimCorpseOpcode(WorldPacket &recv_data) { - CHECK_PACKET_SIZE(recv_data,8); - sLog.outDetail("WORLD: Received CMSG_RECLAIM_CORPSE"); if (GetPlayer()->isAlive()) return; @@ -800,8 +752,6 @@ void WorldSession::HandleReclaimCorpseOpcode(WorldPacket &recv_data) void WorldSession::HandleResurrectResponseOpcode(WorldPacket & recv_data) { - CHECK_PACKET_SIZE(recv_data,8+1); - sLog.outDetail("WORLD: Received CMSG_RESURRECT_RESPONSE"); if(GetPlayer()->isAlive()) @@ -827,8 +777,6 @@ void WorldSession::HandleResurrectResponseOpcode(WorldPacket & recv_data) void WorldSession::HandleAreaTriggerOpcode(WorldPacket & recv_data) { - CHECK_PACKET_SIZE(recv_data,4); - sLog.outDebug("WORLD: Received CMSG_AREATRIGGER"); uint32 Trigger_ID; @@ -951,8 +899,6 @@ void WorldSession::HandleUpdateAccountData(WorldPacket &recv_data) { sLog.outDetail("WORLD: Received CMSG_UPDATE_ACCOUNT_DATA"); - CHECK_PACKET_SIZE(recv_data, 4+4+4); - uint32 type, timestamp, decompressedSize; recv_data >> type >> timestamp >> decompressedSize; @@ -1004,8 +950,6 @@ void WorldSession::HandleRequestAccountData(WorldPacket& recv_data) { sLog.outDetail("WORLD: Received CMSG_REQUEST_ACCOUNT_DATA"); - CHECK_PACKET_SIZE(recv_data, 4); - uint32 type; recv_data >> type; @@ -1042,8 +986,6 @@ void WorldSession::HandleRequestAccountData(WorldPacket& recv_data) void WorldSession::HandleSetActionButtonOpcode(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data,1+2+1+1); - sLog.outDebug( "WORLD: Received CMSG_SET_ACTION_BUTTON" ); uint8 button; uint32 packetData; @@ -1099,7 +1041,6 @@ void WorldSession::HandleMoveTimeSkippedOpcode( WorldPacket & /*recv_data*/ ) DEBUG_LOG( "WORLD: Time Lag/Synchronization Resent/Update" ); /* - CHECK_PACKET_SIZE(recv_data,8+4); uint64 guid; uint32 time_skipped; recv_data >> guid; @@ -1122,7 +1063,6 @@ void WorldSession::HandleFeatherFallAck(WorldPacket &/*recv_data*/) void WorldSession::HandleMoveUnRootAck(WorldPacket&/* recv_data*/) { /* - CHECK_PACKET_SIZE(recv_data,8+8+4+4+4+4+4); sLog.outDebug( "WORLD: CMSG_FORCE_MOVE_UNROOT_ACK" ); recv_data.hexlike(); @@ -1156,8 +1096,6 @@ void WorldSession::HandleMoveUnRootAck(WorldPacket&/* recv_data*/) void WorldSession::HandleMoveRootAck(WorldPacket&/* recv_data*/) { /* - CHECK_PACKET_SIZE(recv_data,8+8+4+4+4+4+4); - sLog.outDebug( "WORLD: CMSG_FORCE_MOVE_ROOT_ACK" ); recv_data.hexlike(); uint64 guid; @@ -1189,8 +1127,6 @@ void WorldSession::HandleMoveRootAck(WorldPacket&/* recv_data*/) void WorldSession::HandleSetActionBarToggles(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data,1); - uint8 ActionBar; recv_data >> ActionBar; @@ -1208,8 +1144,6 @@ void WorldSession::HandleSetActionBarToggles(WorldPacket& recv_data) void WorldSession::HandleWardenDataOpcode(WorldPacket& /*recv_data*/) { /* - CHECK_PACKET_SIZE(recv_data,1); - uint8 tmp; recv_data >> tmp; sLog.outDebug("Received opcode CMSG_WARDEN_DATA, not resolve.uint8 = %u",tmp); @@ -1218,8 +1152,6 @@ void WorldSession::HandleWardenDataOpcode(WorldPacket& /*recv_data*/) void WorldSession::HandlePlayedTime(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data, 1); - uint8 unk1; recv_data >> unk1; // 0 or 1 expected @@ -1232,8 +1164,6 @@ void WorldSession::HandlePlayedTime(WorldPacket& recv_data) void WorldSession::HandleInspectOpcode(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data, 8); - uint64 guid; recv_data >> guid; DEBUG_LOG("Inspected guid is " UI64FMTD, guid); @@ -1267,8 +1197,6 @@ void WorldSession::HandleInspectOpcode(WorldPacket& recv_data) void WorldSession::HandleInspectHonorStatsOpcode(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data, 8); - uint64 guid; recv_data >> guid; @@ -1292,8 +1220,6 @@ void WorldSession::HandleInspectHonorStatsOpcode(WorldPacket& recv_data) void WorldSession::HandleWorldTeleportOpcode(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data,4+4+4+4+4+4); - // write in client console: worldport 469 452 6454 2536 180 or /console worldport 469 452 6454 2536 180 // Received opcode CMSG_WORLD_TELEPORT // Time is ***, map=469, x=452.000000, y=6454.000000, z=2536.000000, orient=3.141593 @@ -1330,8 +1256,6 @@ void WorldSession::HandleWorldTeleportOpcode(WorldPacket& recv_data) void WorldSession::HandleWhoisOpcode(WorldPacket& recv_data) { - CHECK_PACKET_SIZE(recv_data, 1); - sLog.outDebug("Received opcode CMSG_WHOIS"); std::string charname; recv_data >> charname; @@ -1389,7 +1313,6 @@ void WorldSession::HandleWhoisOpcode(WorldPacket& recv_data) void WorldSession::HandleComplainOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 1+8); sLog.outDebug("WORLD: CMSG_COMPLAIN"); recv_data.hexlike(); @@ -1405,13 +1328,11 @@ void WorldSession::HandleComplainOpcode( WorldPacket & recv_data ) switch(spam_type) { case 0: - CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+4+4+4); recv_data >> unk1; // const 0 recv_data >> unk2; // probably mail id recv_data >> unk3; // const 0 break; case 1: - CHECK_PACKET_SIZE(recv_data, recv_data.rpos()+4+4+4+4+1); recv_data >> unk1; // probably language recv_data >> unk2; // message type? recv_data >> unk3; // probably channel id @@ -1433,8 +1354,6 @@ void WorldSession::HandleComplainOpcode( WorldPacket & recv_data ) void WorldSession::HandleRealmSplitOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 4); - sLog.outDebug("CMSG_REALM_SPLIT"); uint32 unk; @@ -1455,8 +1374,6 @@ void WorldSession::HandleRealmSplitOpcode( WorldPacket & recv_data ) void WorldSession::HandleFarSightOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 1); - sLog.outDebug("WORLD: CMSG_FAR_SIGHT"); //recv_data.hexlike(); @@ -1488,8 +1405,6 @@ void WorldSession::HandleFarSightOpcode( WorldPacket & recv_data ) void WorldSession::HandleSetTitleOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 4); - sLog.outDebug("CMSG_SET_TITLE"); int32 title; @@ -1509,8 +1424,6 @@ void WorldSession::HandleSetTitleOpcode( WorldPacket & recv_data ) void WorldSession::HandleTimeSyncResp( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 4+4); - sLog.outDebug("CMSG_TIME_SYNC_RESP"); uint32 counter, time_; @@ -1537,8 +1450,6 @@ void WorldSession::HandleResetInstancesOpcode( WorldPacket & /*recv_data*/ ) void WorldSession::HandleSetDungeonDifficultyOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 4); - sLog.outDebug("MSG_SET_DUNGEON_DIFFICULTY"); uint32 mode; @@ -1605,8 +1516,6 @@ void WorldSession::HandleCancelMountAuraOpcode( WorldPacket & /*recv_data*/ ) void WorldSession::HandleMoveSetCanFlyAckOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 8+4+4); - // fly mode on/off sLog.outDebug("WORLD: CMSG_MOVE_SET_CAN_FLY_ACK"); //recv_data.hexlike(); @@ -1630,8 +1539,6 @@ void WorldSession::HandleRequestPetInfoOpcode( WorldPacket & /*recv_data */) void WorldSession::HandleSetTaxiBenchmarkOpcode( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 1); - uint8 mode; recv_data >> mode; @@ -1640,7 +1547,6 @@ void WorldSession::HandleSetTaxiBenchmarkOpcode( WorldPacket & recv_data ) void WorldSession::HandleQueryInspectAchievements( WorldPacket & recv_data ) { - CHECK_PACKET_SIZE(recv_data, 1); uint64 guid; if(!recv_data.readPackGUID(guid)) return; -- cgit v1.2.3