fix STOC_CHAT, CTOS_CHAT handling (#2836)

gframe/duelclient.cpp

@@ -775,8 +775,12 @@ void DuelClient::HandleSTOCPacketLan(unsigned char* data, int len) {
 		break;
 	}
 	case STOC_CHAT: {
+		if (len < 1 + sizeof(uint16_t) + sizeof(uint16_t) * 1)
+			return;
+		if (len > 1 + sizeof(uint16_t) + sizeof(uint16_t) * LEN_CHAT_MSG)
+			return;
 		const int chat_msg_size = len - 1 - sizeof(uint16_t);
-		if (!check_msg_size(chat_msg_size))
+		if (chat_msg_size % sizeof(uint16_t))
 			return;
 		uint16_t chat_player_type = buffer_read<uint16_t>(pdata);
 		uint16_t chat_msg[LEN_CHAT_MSG];

gframe/netserver.cpp

@@ -206,7 +206,11 @@ void NetServer::HandleCTOSPacket(DuelPlayer* dp, unsigned char* data, int len) {
 	case CTOS_CHAT: {
 		if(!dp->game)
 			return;
-		if (len < 1 + (int)sizeof(unsigned char))
+		if (len < 1 + sizeof(uint16_t) * 1)
+			return;
+		if (len > 1 + sizeof(uint16_t) * LEN_CHAT_MSG)
+			return;
+		if ((len - 1) % sizeof(uint16_t))
 			return;
 		duel_mode->Chat(dp, pdata, len - 1);
 		break;
@@ -360,8 +364,6 @@ void NetServer::HandleCTOSPacket(DuelPlayer* dp, unsigned char* data, int len) {
 	}
 }
 size_t NetServer::CreateChatPacket(unsigned char* src, int src_size, unsigned char* dst, uint16_t dst_player_type) {
-	if (!check_msg_size(src_size))
-		return 0;
 	uint16_t src_msg[LEN_CHAT_MSG];
 	std::memcpy(src_msg, src, src_size);
 	const int src_len = src_size / sizeof(uint16_t);

gframe/network.h

@@ -196,17 +196,6 @@ struct DuelPlayer {
 	bufferevent* bev{};
 };
 
-inline bool check_msg_size(int size) {
-	// empty string is not allowed
-	if (size < 2 * sizeof(uint16_t))
-		return false;
-	if (size > LEN_CHAT_MSG * sizeof(uint16_t))
-		return false;
-	if (size % sizeof(uint16_t) != 0)
-		return false;
-	return true;
-}
-
 inline unsigned int GetPosition(unsigned char* qbuf, size_t offset) {
 	unsigned int info = 0;
 	std::memcpy(&info, qbuf + offset, sizeof info);