[Freeciv-Dev] Re: (PR#8457) No assertion in post_receive_packet_player_a
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://rt.freeciv.org/Ticket/Display.html?id=8457 >
On Tue, Apr 06, 2004 at 07:57:55AM -0700, Raimar Falke wrote:
> The first the checking for a well-formed packet. Is the packet too
> short, too long, does it contain too arrays and so on.
The pre-delta code checked partly for incorrect array sizes given. The
delta code didn't do this at all. The attached patch fixed this. I'm
not sure about the way to react if such a case is found. Feel free to
change.
Raimar
--
email: rf13@xxxxxxxxxxxxxxxxx
"Windows is the one true OS. MS invented the GUI. MS invented
the 32 bit OS. MS is open and standard. MS loves you. We have
always been at war with Oceana."
Index: common/generate_packets.py
===================================================================
RCS file: /home/freeciv/CVS/freeciv/common/generate_packets.py,v
retrieving revision 1.8
diff -u -u -r1.8 generate_packets.py
--- common/generate_packets.py 19 Mar 2004 18:47:22 -0000 1.8
+++ common/generate_packets.py 6 Apr 2004 15:33:41 -0000
@@ -449,26 +449,42 @@
c="dio_get_%(dataio_type)s(&din, (int *)
&real_packet->%(name)s[i]);"%self.__dict__
if self.is_array==2:
array_size_u=self.array_size1_u
+ array_size_d=self.array_size1_d
+ else:
+ array_size_u=self.array_size_u
+ array_size_d=self.array_size_d
if not self.diff:
+ if array_size_u != array_size_d:
+ extra='''
+ if(%(array_size_u)s > %(array_size_d)s) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ %(array_size_u)s = %(array_size_d)s;
+ }'''%self.get_dict(vars())
+ else:
+ extra=""
return '''
{
int i;
-
+%(extra)s
for (i = 0; i < %(array_size_u)s; i++) {
%(c)s
}
}'''%self.get_dict(vars())
else:
return '''
-for(;;) {
+for (;;) {
int i;
dio_get_uint8(&din, &i);
if(i == 255) {
break;
}
- %(c)s
+ if(i > %(array_size_u)s) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: ignoring intra array diff");
+ } else {
+ %(c)s
+ }
}'''%self.get_dict(vars())
#'''
Index: common/packets_gen.c
===================================================================
RCS file: /home/freeciv/CVS/freeciv/common/packets_gen.c,v
retrieving revision 1.16
diff -u -u -r1.16 packets_gen.c
--- common/packets_gen.c 1 Apr 2004 23:46:26 -0000 1.16
+++ common/packets_gen.c 6 Apr 2004 15:33:45 -0000
@@ -1502,6 +1502,10 @@
{
int i;
+ if(real_packet->num_nations_used > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->num_nations_used = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->num_nations_used; i++) {
dio_get_uint16(&din, (int *) &real_packet->nations_used[i]);
}
@@ -2101,6 +2105,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint8(&din, (int *) &real_packet->id[i]);
}
@@ -2111,6 +2119,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->score[i]);
}
@@ -2121,6 +2133,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint32(&din, (int *) &real_packet->pop[i]);
}
@@ -2131,6 +2147,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->bnp[i]);
}
@@ -2141,6 +2161,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->mfg[i]);
}
@@ -2151,6 +2175,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->cities[i]);
}
@@ -2161,6 +2189,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->techs[i]);
}
@@ -2171,6 +2203,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->mil_service[i]);
}
@@ -2181,6 +2217,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint8(&din, (int *) &real_packet->wonders[i]);
}
@@ -2191,6 +2231,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->research[i]);
}
@@ -2201,6 +2245,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint32(&din, (int *) &real_packet->landarea[i]);
}
@@ -2211,6 +2259,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint32(&din, (int *) &real_packet->settledarea[i]);
}
@@ -2221,6 +2273,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint16(&din, (int *) &real_packet->literacy[i]);
}
@@ -2231,6 +2287,10 @@
{
int i;
+ if(real_packet->nscores > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->nscores = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->nscores; i++) {
dio_get_uint32(&din, (int *) &real_packet->spaceship[i]);
}
@@ -3055,26 +3115,34 @@
real_packet->spacerace = BV_ISSET(fields, 27);
if (BV_ISSET(fields, 28)) {
- for(;;) {
+ for (;;) {
int i;
dio_get_uint8(&din, &i);
if(i == 255) {
break;
}
- dio_get_uint8(&din, (int *) &real_packet->global_advances[i]);
+ if(i > A_LAST) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: ignoring intra array
diff");
+ } else {
+ dio_get_uint8(&din, (int *) &real_packet->global_advances[i]);
+ }
}
}
if (BV_ISSET(fields, 29)) {
- for(;;) {
+ for (;;) {
int i;
dio_get_uint8(&din, &i);
if(i == 255) {
break;
}
- dio_get_uint16(&din, (int *) &real_packet->global_wonders[i]);
+ if(i > B_LAST) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: ignoring intra array
diff");
+ } else {
+ dio_get_uint16(&din, (int *) &real_packet->global_wonders[i]);
+ }
}
}
@@ -10022,6 +10090,10 @@
{
int i;
+ if(real_packet->orders_length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->orders_length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->orders_length; i++) {
dio_get_uint8(&din, (int *) &real_packet->orders[i]);
}
@@ -10032,6 +10104,10 @@
{
int i;
+ if(real_packet->orders_length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->orders_length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->orders_length; i++) {
dio_get_uint8(&din, (int *) &real_packet->orders_dirs[i]);
}
@@ -10464,6 +10540,10 @@
{
int i;
+ if(real_packet->orders_length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->orders_length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->orders_length; i++) {
dio_get_uint8(&din, (int *) &real_packet->orders[i]);
}
@@ -10474,6 +10554,10 @@
{
int i;
+ if(real_packet->orders_length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->orders_length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->orders_length; i++) {
dio_get_uint8(&din, (int *) &real_packet->orders_dirs[i]);
}
@@ -12704,6 +12788,10 @@
{
int i;
+ if(real_packet->length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->length; i++) {
dio_get_uint8(&din, (int *) &real_packet->orders[i]);
}
@@ -12714,6 +12802,10 @@
{
int i;
+ if(real_packet->length > MAX_LEN_ROUTE) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->length = MAX_LEN_ROUTE;
+ }
for (i = 0; i < real_packet->length; i++) {
dio_get_uint8(&din, (int *) &real_packet->dir[i]);
}
@@ -17703,6 +17795,10 @@
{
int i;
+ if(real_packet->connections > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->connections = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->connections; i++) {
dio_get_uint8(&din, (int *) &real_packet->conn_id[i]);
}
@@ -17713,6 +17809,10 @@
{
int i;
+ if(real_packet->connections > MAX_NUM_PLAYERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->connections = MAX_NUM_PLAYERS;
+ }
for (i = 0; i < real_packet->connections; i++) {
int tmp;
@@ -22008,6 +22108,10 @@
{
int i;
+ if(real_packet->leader_count > MAX_NUM_LEADERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->leader_count = MAX_NUM_LEADERS;
+ }
for (i = 0; i < real_packet->leader_count; i++) {
dio_get_string(&din, real_packet->leader_name[i],
sizeof(real_packet->leader_name[i]));
}
@@ -22018,6 +22122,10 @@
{
int i;
+ if(real_packet->leader_count > MAX_NUM_LEADERS) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->leader_count = MAX_NUM_LEADERS;
+ }
for (i = 0; i < real_packet->leader_count; i++) {
dio_get_bool8(&din, &real_packet->leader_sex[i]);
}
@@ -22569,6 +22677,10 @@
{
int i;
+ if(real_packet->terr_gate_count > 255) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->terr_gate_count = 255;
+ }
for (i = 0; i < real_packet->terr_gate_count; i++) {
dio_get_uint8(&din, (int *) &real_packet->terr_gate[i]);
}
@@ -22582,6 +22694,10 @@
{
int i;
+ if(real_packet->spec_gate_count > 255) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->spec_gate_count = 255;
+ }
for (i = 0; i < real_packet->spec_gate_count; i++) {
dio_get_uint16(&din, (int *) &real_packet->spec_gate[i]);
}
@@ -22595,6 +22711,10 @@
{
int i;
+ if(real_packet->equiv_dupl_count > 255) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->equiv_dupl_count = 255;
+ }
for (i = 0; i < real_packet->equiv_dupl_count; i++) {
dio_get_uint8(&din, (int *) &real_packet->equiv_dupl[i]);
}
@@ -22608,6 +22728,10 @@
{
int i;
+ if(real_packet->equiv_repl_count > 255) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->equiv_repl_count = 255;
+ }
for (i = 0; i < real_packet->equiv_repl_count; i++) {
dio_get_uint8(&din, (int *) &real_packet->equiv_repl[i]);
}
@@ -22621,6 +22745,10 @@
{
int i;
+ if(real_packet->effect_count > 255) {
+ freelog(LOG_ERROR, "packets_gen.c: WARNING: truncation array");
+ real_packet->effect_count = 255;
+ }
for (i = 0; i < real_packet->effect_count; i++) {
dio_get_effect(&din, &real_packet->effect[i]);
}
|
|
