Make NetworkPacket respect serialized string size limits

kwolekr · kwolekr · commit 1c408c4f1df2 · 2015-08-10T02:16:55.000-04:00
diff --git a/src/network/networkpacket.cpp b/src/network/networkpacket.cpp
@@ -85,7 +85,7 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)
 {
 	checkReadOffset(m_read_offset, 2);
 	u16 strLen = readU16(&m_data[m_read_offset]);
-	m_read_offset += sizeof(u16);
+	m_read_offset += 2;
 
 	dst.clear();
 
@@ -105,8 +105,8 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)
 NetworkPacket& NetworkPacket::operator<<(std::string src)
 {
 	u16 msgsize = src.size();
-	if (msgsize > 0xFFFF) {
-		msgsize = 0xFFFF;
+	if (msgsize > STRING_MAX_LEN) {
+		throw PacketError("String too long");
 	}
 
 	*this << msgsize;
@@ -119,8 +119,8 @@ NetworkPacket& NetworkPacket::operator<<(std::string src)
 void NetworkPacket::putLongString(std::string src)
 {
 	u32 msgsize = src.size();
-	if (msgsize > 0xFFFFFFFF) {
-		msgsize = 0xFFFFFFFF;
+	if (msgsize > LONG_STRING_MAX_LEN) {
+		throw PacketError("String too long");
 	}
 
 	*this << msgsize;
@@ -155,8 +155,8 @@ NetworkPacket& NetworkPacket::operator>>(std::wstring& dst)
 NetworkPacket& NetworkPacket::operator<<(std::wstring src)
 {
 	u16 msgsize = src.size();
-	if (msgsize > 0xFFFF) {
-		msgsize = 0xFFFF;
+	if (msgsize > WIDE_STRING_MAX_LEN) {
+		throw PacketError("String too long");
 	}
 
 	*this << msgsize;
@@ -179,6 +179,10 @@ std::string NetworkPacket::readLongString()
 		return "";
 	}
 
+	if (strLen > LONG_STRING_MAX_LEN) {
+		throw PacketError("String too long");
+	}
+
 	checkReadOffset(m_read_offset, strLen);
 
 	std::string dst;

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)`
`85`	`85`	`{`
`86`	`86`	`checkReadOffset(m_read_offset, 2);`
`87`	`87`	`u16 strLen = readU16(&m_data[m_read_offset]);`
`88`		`- m_read_offset += sizeof(u16);`
	`88`	`+ m_read_offset += 2;`
`89`	`89`
`90`	`90`	`dst.clear();`
`91`	`91`
`@@ -105,8 +105,8 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)`
`105`	`105`	`NetworkPacket& NetworkPacket::operator<<(std::string src)`
`106`	`106`	`{`
`107`	`107`	`u16 msgsize = src.size();`
`108`		`- if (msgsize > 0xFFFF) {`
`109`		`- msgsize = 0xFFFF;`
	`108`	`+ if (msgsize > STRING_MAX_LEN) {`
	`109`	`+ throw PacketError("String too long");`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`*this << msgsize;`
`@@ -119,8 +119,8 @@ NetworkPacket& NetworkPacket::operator<<(std::string src)`
`119`	`119`	`void NetworkPacket::putLongString(std::string src)`
`120`	`120`	`{`
`121`	`121`	`u32 msgsize = src.size();`
`122`		`- if (msgsize > 0xFFFFFFFF) {`
`123`		`- msgsize = 0xFFFFFFFF;`
	`122`	`+ if (msgsize > LONG_STRING_MAX_LEN) {`
	`123`	`+ throw PacketError("String too long");`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`*this << msgsize;`
`@@ -155,8 +155,8 @@ NetworkPacket& NetworkPacket::operator>>(std::wstring& dst)`
`155`	`155`	`NetworkPacket& NetworkPacket::operator<<(std::wstring src)`
`156`	`156`	`{`
`157`	`157`	`u16 msgsize = src.size();`
`158`		`- if (msgsize > 0xFFFF) {`
`159`		`- msgsize = 0xFFFF;`
	`158`	`+ if (msgsize > WIDE_STRING_MAX_LEN) {`
	`159`	`+ throw PacketError("String too long");`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`*this << msgsize;`
`@@ -179,6 +179,10 @@ std::string NetworkPacket::readLongString()`
`179`	`179`	`return "";`
`180`	`180`	`}`
`181`	`181`
	`182`	`+ if (strLen > LONG_STRING_MAX_LEN) {`
	`183`	`+ throw PacketError("String too long");`
	`184`	`+ }`
	`185`	`+`
`182`	`186`	`checkReadOffset(m_read_offset, strLen);`
`183`	`187`
`184`	`188`	`std::string dst;`