Changeset - r5341:da1042f5c4c9
Parent rev.
Child rev.
[Not reviewed]
master
0 1 0
rubidium - 17 years ago 2006-12-18 17:29:59
rubidium@openttd.org
(svn r7507) -Fix (7505): the name of a GRF could be "", which causes a segmentation fault. So take the filename, which cannot be "", when the of the GRF name is "". Also check for "" length when receiving GRF names.
1 file changed with 13 insertions and 4 deletions:
network_udp.c
13
4
0 comments (0 inline, 0 general)
network_udp.c
Show inline comments
 
@@ -464,8 +464,10 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_CLIEN
 
		if (f == NULL) continue; // The GRF is unknown to this server
 

			




	
	
	
		
 
		/* If the reply might exceed the size of the packet, only reply

			




	
	
	
		
 
		 * the current list and do not send the other data */

			




	
	
	
		
 
		packet_len += sizeof(c.grfid) + sizeof(c.md5sum) + min(strlen(f->name) + 1, NETWORK_GRF_NAME_LENGTH);

			




	
	
	
		
 
		 * the current list and do not send the other data.

			




	
	
	
		
 
		 * The name could be an empty string, if so take the filename. */

			




	
	
	
		
 
		packet_len += sizeof(c.grfid) + sizeof(c.md5sum) +

			




	
	
	
		
 
				min(strlen((f->name != NULL && strlen(f->name) > 0) ? f->name : f->filename) + 1, NETWORK_GRF_NAME_LENGTH);

			




	
	
	
		
 
		if (packet_len > SEND_MTU - 4) { // 4 is 3 byte header + grf count in reply

			




	
	
	
		
 
			break;

			




	
	
	
		
 
		}

			




	
	
		
 
@@ -479,8 +481,11 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_CLIEN

			




	
	
	
		
 
	NetworkSend_uint8 (packet, in_reply_count);

			




	
	
	
		
 
	for (i = 0; i < in_reply_count; i++) {

			




	
	
	
		
 
		char name[NETWORK_GRF_NAME_LENGTH];

			




	
	
	
		
 
		ttd_strlcpy(name, in_reply[i]->name, sizeof(name));

			




	
	
	
		
 
		NetworkSend_GRFIdentifier(packet, in_reply[i]);

			




	
	
	
		
 

			




	
	
	
		
 
		/* The name could be an empty string, if so take the filename */

			




	
	
	
		
 
		ttd_strlcpy(name, (in_reply[i]->name != NULL && strlen(in_reply[i]->name) > 0) ?

			




	
	
	
		
 
				in_reply[i]->name : in_reply[i]->filename, sizeof(name));

			




	
	
	
		
 
	 	NetworkSend_GRFIdentifier(packet, in_reply[i]);

			




	
	
	
		
 
		NetworkSend_string(packet, name);

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
		
 
@@ -510,6 +515,10 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_SERVE

			




	
	
	
		
 
		NetworkRecv_GRFIdentifier(p, &c);

			




	
	
	
		
 
		NetworkRecv_string(&_udp_cs, p, name, sizeof(name));

			




	
	
	
		
 

			




	
	
	
		
 
		/* An empty name is not possible under normal circumstances

			




	
	
	
		
 
		 * and causes problems when showing the NewGRF list. */

			




	
	
	
		
 
		if (strlen(name) == 0) continue;

			




	
	
	
		
 

			




	
	
	
		
 
		/* Finds the fake GRFConfig for the just read GRF ID and MD5sum tuple.

			




	
	
	
		
 
		 * If it exists and not resolved yet, then name of the fake GRF is

			




	
	
	
		
 
		 * overwritten with the name from the reply. */

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: code.theleruby.com-48
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2022 by various authors & licensed under GPLv3.
            – Support