fix: check response size before writing (#2514)

* update DuelClient::response_buf[] * fix: check response size before writing

fix: check response size before writing (#2514)
* update DuelClient::response_buf[] * fix: check response size before writing
e3155746 · Chen Bill · GitHub · 05da015f · e3155746 · e3155746
Commit e3155746 authored Feb 14, 2024 by Chen Bill Committed by GitHub Feb 14, 2024
9 changed files
--- a/gframe/duelclient.cpp
+++ b/gframe/duelclient.cpp
@@ -12,8 +12,8 @@
 namespace ygo {

 unsigned DuelClient::connect_state = 0;
-unsigned char DuelClient::response_buf[64];
-unsigned char DuelClient::response_len = 0;
+unsigned char DuelClient::response_buf[SIZE_RETURN_VALUE];
+unsigned int DuelClient::response_len = 0;
 unsigned int DuelClient::watching = 0;
 unsigned char DuelClient::selftype = 0;
 bool DuelClient::is_host = false;
@@ -1748,7 +1748,7 @@ int DuelClient::ClientAnalyze(unsigned char* msg, unsigned int len) {
 		if(selecting_player == mainGame->LocalPlayer(1))
 			mainGame->dField.selectable_field = (mainGame->dField.selectable_field >> 16) | (mainGame->dField.selectable_field << 16);
 		mainGame->dField.selected_field = 0;
-		unsigned char respbuf[64];
+		unsigned char respbuf[SIZE_RETURN_VALUE];
 		int pzone = 0;
 		if (mainGame->dInfo.curMsg == MSG_SELECT_PLACE) {
 			if (select_hint) {
@@ -3935,7 +3935,9 @@ void DuelClient::SetResponseI(int respI) {
 	*((int*)response_buf) = respI;
 	response_len = 4;
 }
-void DuelClient::SetResponseB(void* respB, unsigned char len) {
+void DuelClient::SetResponseB(void* respB, unsigned int len) {
+	if (len > SIZE_RETURN_VALUE)
+		len = SIZE_RETURN_VALUE;
 	memcpy(response_buf, respB, len);
 	response_len = len;
 }

--- a/gframe/duelclient.h
+++ b/gframe/duelclient.h
@@ -20,8 +20,8 @@ namespace ygo {
 class DuelClient {
 private:
 	static unsigned int connect_state;
-	static unsigned char response_buf[64];
-	static unsigned char response_len;
+	static unsigned char response_buf[SIZE_RETURN_VALUE];
+	static unsigned int response_len;
 	static unsigned int watching;
 	static unsigned char selftype;
 	static bool is_host;
@@ -49,7 +49,7 @@ public:
 	static int ClientAnalyze(unsigned char* msg, unsigned int len);
 	static void SwapField();
 	static void SetResponseI(int respI);
-	static void SetResponseB(void* respB, unsigned char len);
+	static void SetResponseB(void* respB, unsigned int len);
 	static void SendResponse();
 	static void SendPacketToServer(unsigned char proto) {
 		auto p = duel_client_write;

--- a/gframe/event_handler.cpp
+++ b/gframe/event_handler.cpp
@@ -771,7 +771,7 @@ bool ClientField::OnEvent(const irr::SEvent& event) {
 						myswprintf(formatBuffer, L"%d", select_min);
 						mainGame->stCardPos[id - BUTTON_CARD_0]->setText(formatBuffer);
 						if(select_min == select_max) {
-							unsigned char respbuf[64];
+							unsigned char respbuf[SIZE_RETURN_VALUE];
 							for(int i = 0; i < select_max; ++i)
 								respbuf[i] = sort_list[i] - 1;
 							DuelClient::SetResponseB(respbuf, select_max);
@@ -2477,7 +2477,7 @@ void ClientField::ShowCardInfoInList(ClientCard* pcard, irr::gui::IGUIElement* e
 	}
 }
 void ClientField::SetResponseSelectedCards() const {
-	unsigned char respbuf[64];
+	unsigned char respbuf[SIZE_RETURN_VALUE];
 	respbuf[0] = selected_cards.size();
 	for (size_t i = 0; i < selected_cards.size(); ++i)
 		respbuf[i + 1] = selected_cards[i]->select_seq;

--- a/gframe/netserver.cpp
+++ b/gframe/netserver.cpp
@@ -180,7 +180,7 @@ void NetServer::HandleCTOSPacket(DuelPlayer* dp, unsigned char* data, unsigned i
 	case CTOS_RESPONSE: {
 		if(!dp->game || !duel_mode->pduel)
 			return;
-		duel_mode->GetResponse(dp, pdata, len > 64 ? 64 : len - 1);
+		duel_mode->GetResponse(dp, pdata, len - 1);
 		break;
 	}
 	case CTOS_TIME_CONFIRM: {

--- a/gframe/replay.cpp
+++ b/gframe/replay.cpp
@@ -260,11 +260,11 @@ bool Replay::RenameReplay(const wchar_t* oldname, const wchar_t* newname) {
 	return result == 0;
 #endif
 }
-bool Replay::ReadNextResponse(unsigned char resp[64]) {
+bool Replay::ReadNextResponse(unsigned char resp[]) {
 	if(pdata - replay_data >= (int)replay_size)
 		return false;
 	int len = *pdata++;
-	if(len > 64)
+	if(len > SIZE_RETURN_VALUE)
 		return false;
 	memcpy(resp, pdata, len);
 	pdata += len;

--- a/gframe/replay.h
+++ b/gframe/replay.h
@@ -50,7 +50,7 @@ public:
 	static bool CheckReplay(const wchar_t* name);
 	static bool DeleteReplay(const wchar_t* name);
 	static bool RenameReplay(const wchar_t* oldname, const wchar_t* newname);
-	bool ReadNextResponse(unsigned char resp[64]);
+	bool ReadNextResponse(unsigned char resp[]);
 	void ReadName(wchar_t* data);
 	//void ReadHeader(ReplayHeader& header);
 	void ReadData(void* data, int length);

--- a/gframe/replay_mode.cpp
+++ b/gframe/replay_mode.cpp
@@ -49,7 +49,7 @@ void ReplayMode::Pause(bool is_pause, bool is_step) {
 	}
 }
 bool ReplayMode::ReadReplayResponse() {
-	unsigned char resp[64];
+	unsigned char resp[SIZE_RETURN_VALUE];
 	bool result = cur_replay.ReadNextResponse(resp);
 	if(result)
 		set_responseb(pduel, resp);

--- a/gframe/single_duel.cpp
+++ b/gframe/single_duel.cpp
@@ -1405,7 +1405,9 @@ int SingleDuel::Analyze(unsigned char* msgbuffer, unsigned int len) {
 	return 0;
 }
 void SingleDuel::GetResponse(DuelPlayer* dp, void* pdata, unsigned int len) {
-	byte resb[64];
+	byte resb[SIZE_RETURN_VALUE];
+	if (len > SIZE_RETURN_VALUE)
+		len = SIZE_RETURN_VALUE;
 	memcpy(resb, pdata, len);
 	last_replay.WriteInt8(len);
 	last_replay.WriteData(resb, len);

--- a/gframe/tag_duel.cpp
+++ b/gframe/tag_duel.cpp
@@ -1490,7 +1490,9 @@ int TagDuel::Analyze(unsigned char* msgbuffer, unsigned int len) {
 	return 0;
 }
 void TagDuel::GetResponse(DuelPlayer* dp, void* pdata, unsigned int len) {
-	byte resb[64];
+	byte resb[SIZE_RETURN_VALUE];
+	if (len > SIZE_RETURN_VALUE)
+		len = SIZE_RETURN_VALUE;
 	memcpy(resb, pdata, len);
 	last_replay.WriteInt8(len);
 	last_replay.WriteData(resb, len);