16 سال پیش · 8326096602
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -3,8 +3,10 @@ Date	Added
 
				 AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO INTO TRUNK.
			
 
				 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
			
 
				 
			
 
				+2009/02/20
			
 
				+	* Modified WFIFOSET to trigger a fatal error when trying to send a packet that is too big. [FlavioJS]
			
 
				 2009/02/19
			
 
				-	* Fixed impropper filling of w4 in npc_parsesrcfile when there are less than 4 fields. (bugreport:1063) [FlavioJS]
			
 
				+	* Fixed improper filling of w4 in npc_parsesrcfile when there are less than 4 fields. (bugreport:1063) [FlavioJS]
			
 
				 	* Simplified atcommand_spiritball. (deprecated msg_txt 204 and 205)
			
 
				 2009/02/06
			
 
				 	* Follow up to r13485. (bugreport:2741) [FlavioJS]
			
@@ -3529,7 +3531,7 @@ IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
				 	* Added parse_console to the plugin API.
			
 
				 	* Added plugin for parsing the console. (working with cygwin)
			
 
				 	* Copied the parse_console code form login txt to login sql and char.
			
 
				-	* Added propper plugin version compatibility tests.
			
 
				+	* Added proper plugin version compatibility tests.
			
 
				 	* Better output when a plugin fails to load. [FlavioJS]
			
 
				 2007/01/07
			
 
				 	* Fixed the sleep timers not being removed when the an npc was being 
			
--- a/src/common/socket.c
+++ b/src/common/socket.c
@@ -630,11 +630,19 @@ int WFIFOSET(int fd, size_t len)
 
				 	{	// actually there was a buffer overflow already
			
 
				 		uint32 ip = s->client_addr;
			
 
				 		ShowFatalError("WFIFOSET: Write Buffer Overflow. Connection %d (%d.%d.%d.%d) has written %u bytes on a %u/%u bytes buffer.\n", fd, CONVIP(ip), (unsigned int)len, (unsigned int)s->wdata_size, (unsigned int)s->max_wdata);
			
 
				-		ShowDebug("Likely command that caused it: 0x%x\n", (*(unsigned short*)(s->wdata + s->wdata_size)));
			
 
				+		ShowDebug("Likely command that caused it: 0x%x\n", (*(uint16*)(s->wdata + s->wdata_size)));
			
 
				 		// no other chance, make a better fifo model
			
 
				 		exit(EXIT_FAILURE);
			
 
				 	}
			
 
				 
			
 
				+	if( len > 0xFFFF )
			
 
				+	{
			
 
				+		// dynamic packets allow up to UINT16_MAX bytes (<packet_id>.W <packet_len>.W ...)
			
 
				+		// all known fixed-size packets are within this limit, so use the same limit
			
 
				+		ShowFatalError("WFIFOSET: Packet 0x%x is too big. (len=%u, max=%u)\n", (*(uint16*)(s->wdata + s->wdata_size)), (unsigned int)len, 0xFFFF);
			
 
				+		exit(EXIT_FAILURE);
			
 
				+	}
			
 
				+
			
 
				 	if( !s->flag.server && s->wdata_size+len > WFIFO_MAX )
			
 
				 	{// reached maximum write fifo size
			
 
				 		set_eof(fd);