Permalink
Browse files

Duplicate player name for database entry.

Not doing so can lead to player name being freed later on, crashing the
server.
  • Loading branch information...
skittles1 committed Dec 29, 2015
1 parent f2fc00a commit dd24bea1d3ec99940ac07d5f59e21c4dc040dc8f
Showing with 12 additions and 10 deletions.
  1. +3 −1 blakserv/database.c
  2. +9 −9 blakserv/synched.c
View
@@ -593,6 +593,8 @@ BOOL MySQLRecordPlayer(int account_id, char* name, char* home, char* bind, char*
{
free(record->name);
free(record->guild);
+ free(record->home);
+ free(record->bind);
free(record);
free(node);
@@ -616,7 +618,7 @@ BOOL MySQLRecordPlayerSuicide(int account_id, char* name)
// set values
record->account_id = account_id;
- record->name = name;
+ record->name = _strdup(name);
// attach to node
node->type = STAT_PLAYERSUICIDE;
View
@@ -194,21 +194,21 @@ void SynchedProtocolParse(session_node *s,client_msg *msg)
// The following line was commented out because I added support for the 3 4-byte integers
// index += 12; /* 12 bytes future expansion space */
- len = *(short *)(msg->data+index);
+ len = *(short *)(msg->data + index);
if (index + 2 + len > msg->len) /* 2 = length word len */
- break;
+ break;
if (len > sizeof(name))
- break;
- memcpy(name,msg->data+index+2,len);
+ break;
+ memcpy(name, msg->data + index + 2, len);
name[len] = 0; /* null terminate string */
index += 2 + len;
- len = *(short *)(msg->data+index);
+ len = *(short *)(msg->data + index);
if (index + 2 + len > msg->len)
- break;
- if (len > sizeof(name))
- break;
- memcpy(password,msg->data+index+2,len);
+ break;
+ if (len > sizeof(password))
+ break;
+ memcpy(password, msg->data + index + 2, len);
password[len] = 0; /* null terminate string */
index += 2 + len;

0 comments on commit dd24bea

Please sign in to comment.