13 changes: 4 additions & 9 deletions src/network/networkpacket.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,21 +111,16 @@ class NetworkPacket
// Temp, we remove SharedBuffer when migration finished
Buffer<u8> oldForgePacket();
private:
void checkReadOffset(u32 from_offset);
void checkReadOffset(u32 from_offset, u32 field_size);

template<typename T> void checkDataSize()
inline void checkDataSize(u32 field_size)
{
if (m_read_offset + sizeof(T) > m_datasize) {
m_datasize = m_read_offset + sizeof(T);
if (m_read_offset + field_size > m_datasize) {
m_datasize = m_read_offset + field_size;
m_data.resize(m_datasize);
}
}

template<typename T> void incrOffset()

This comment has been minimized.

Sign in to view

Copy link
@nerzhul

nerzhul Aug 6, 2015

Member

Why remove this function which is strictly identical to your manual increments ?

This comment has been minimized.

Sign in to view

Copy link
@kwolekr

kwolekr Aug 6, 2015

Author Contributor

It ABSOLUTELY is not identical. This was the cause of the biggest security vulnerability.

This comment has been minimized.

Sign in to view

Copy link
@nerzhul

nerzhul Aug 6, 2015

Member

what is the difference between sizeof(u8) and 1 ? If this wasn't working packet won't work because we read outside of packets, and it's not the case.

This comment has been minimized.

Sign in to view

Copy link
@kwolekr

kwolekr Aug 6, 2015

Author Contributor

nerzhul, run this code:
printf("%lu %lu\n", sizeof(v3s16), sizeof(v3s32));
and then remind me what the serialized size of those two data structures are supposed to be.
{
m_read_offset += sizeof(T);
}

std::vector<u8> m_data;
u32 m_datasize;
u32 m_read_offset;
Expand Down