Skip to content
Snippets Groups Projects
Commit c4b41efb authored by Yukita Mayako's avatar Yukita Mayako
Browse files

Fix buffer overflow by using shared buffer for networking.

parent 7b6328a2
No related branches found
No related tags found
No related merge requests found
...@@ -22,6 +22,7 @@ boolean nodeingame[MAXNETNODES]; // set false as nodes leave game ...@@ -22,6 +22,7 @@ boolean nodeingame[MAXNETNODES]; // set false as nodes leave game
#define MAX_SERVER_MESSAGE 320 #define MAX_SERVER_MESSAGE 320
static UINT8 *net_buffer = NULL;
static UINT16 portnum = 5029; static UINT16 portnum = 5029;
static tic_t lastMove; static tic_t lastMove;
static ticcmd_t lastCmd; static ticcmd_t lastCmd;
...@@ -417,6 +418,9 @@ void D_NetOpen(void) ...@@ -417,6 +418,9 @@ void D_NetOpen(void)
if (!ServerHost) if (!ServerHost)
I_Error("ENet failed to open server host. (Check if the port is in use?)"); I_Error("ENet failed to open server host. (Check if the port is in use?)");
if (!net_buffer)
net_buffer = ZZ_Alloc(4096);
servernode = 0; servernode = 0;
nodeingame[servernode] = true; nodeingame[servernode] = true;
net_nodecount = 1; net_nodecount = 1;
...@@ -433,6 +437,9 @@ boolean D_NetConnect(const char *hostname, const char *port) ...@@ -433,6 +437,9 @@ boolean D_NetConnect(const char *hostname, const char *port)
if (!ClientHost) if (!ClientHost)
I_Error("ENet failed to initialize client host.\n"); I_Error("ENet failed to initialize client host.\n");
if (!net_buffer)
net_buffer = ZZ_Alloc(4096);
netgame = multiplayer = true; netgame = multiplayer = true;
servernode = 1; servernode = 1;
lastMove = I_GetTime(); lastMove = I_GetTime();
...@@ -470,7 +477,10 @@ void D_CheckNetGame(void) ...@@ -470,7 +477,10 @@ void D_CheckNetGame(void)
I_Error("Failed to initialize ENet.\n"); I_Error("Failed to initialize ENet.\n");
if ((M_CheckParm("-port") || M_CheckParm("-udpport")) && M_IsNextParm()) if ((M_CheckParm("-port") || M_CheckParm("-udpport")) && M_IsNextParm())
{
portnum = (UINT16)atoi(M_GetNextParm()); portnum = (UINT16)atoi(M_GetNextParm());
CONS_Printf("Port number changed to %u\n", portnum);
}
D_ClientServerInit(); D_ClientServerInit();
} }
...@@ -563,38 +573,35 @@ void Net_CloseConnection(INT32 node) ...@@ -563,38 +573,35 @@ void Net_CloseConnection(INT32 node)
void Net_SendJoin(void) void Net_SendJoin(void)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[5+MAXPLAYERNAME]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
WRITEUINT8(buf, CLIENT_JOIN); WRITEUINT8(buf, CLIENT_JOIN);
WRITEUINT16(buf, VERSION); WRITEUINT16(buf, VERSION);
WRITEUINT16(buf, SUBVERSION); WRITEUINT16(buf, SUBVERSION);
WRITESTRINGN(buf, cv_playername.string, MAXPLAYERNAME); WRITESTRINGN(buf, cv_playername.string, MAXPLAYERNAME);
packet = enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE); packet = enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE);
enet_peer_send(nodetopeer[servernode], CHANNEL_GENERAL, packet); enet_peer_send(nodetopeer[servernode], CHANNEL_GENERAL, packet);
} }
static void ServerSendMapInfo(UINT8 node) static void ServerSendMapInfo(UINT8 node)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[5]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
WRITEUINT8(buf, SERVER_MAPINFO); WRITEUINT8(buf, SERVER_MAPINFO);
WRITEUINT8(buf, node); WRITEUINT8(buf, node);
WRITEINT16(buf, gamemap); WRITEINT16(buf, gamemap);
WRITEINT16(buf, gametype); WRITEINT16(buf, gametype);
packet = enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE); packet = enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE);
enet_peer_send(nodetopeer[node], CHANNEL_GENERAL, packet); enet_peer_send(nodetopeer[node], CHANNEL_GENERAL, packet);
} }
void Net_ServerMessage(const char *fmt, ...) void Net_ServerMessage(const char *fmt, ...)
{ {
va_list argptr; va_list argptr;
UINT8 data[1+MAX_SERVER_MESSAGE]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
WRITEUINT8(buf, SERVER_MESSAGE); WRITEUINT8(buf, SERVER_MESSAGE);
va_start(argptr, fmt); va_start(argptr, fmt);
...@@ -602,22 +609,21 @@ void Net_ServerMessage(const char *fmt, ...) ...@@ -602,22 +609,21 @@ void Net_ServerMessage(const char *fmt, ...)
va_end(argptr); va_end(argptr);
buf += strlen((char *)buf)+1; buf += strlen((char *)buf)+1;
CONS_Printf("%s\n", data+1); CONS_Printf("%s\n", net_buffer+1);
enet_host_broadcast(ServerHost, 0, enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE)); enet_host_broadcast(ServerHost, 0, enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE));
} }
void Net_SendChat(char *line) void Net_SendChat(char *line)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[MAX_SERVER_MESSAGE]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
if (server) if (server)
{ {
WRITEUINT8(buf, SERVER_MESSAGE); WRITEUINT8(buf, SERVER_MESSAGE);
sprintf((char *)buf, "\3<~%s> %s", cv_playername.string, line); sprintf((char *)buf, "\3<~%s> %s", cv_playername.string, line);
buf += strlen((char *)buf)+1; buf += strlen((char *)buf)+1;
CONS_Printf("%s\n", data+1); CONS_Printf("%s\n", net_buffer+1);
} }
else else
{ {
...@@ -625,7 +631,7 @@ void Net_SendChat(char *line) ...@@ -625,7 +631,7 @@ void Net_SendChat(char *line)
WRITESTRINGN(buf, line, 256); WRITESTRINGN(buf, line, 256);
} }
packet = enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE); packet = enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE);
if (server) if (server)
enet_host_broadcast(ServerHost, CHANNEL_CHAT, packet); enet_host_broadcast(ServerHost, CHANNEL_CHAT, packet);
else else
...@@ -635,8 +641,7 @@ void Net_SendChat(char *line) ...@@ -635,8 +641,7 @@ void Net_SendChat(char *line)
void Net_SendCharacter(void) void Net_SendCharacter(void)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[1+SKINNAMESIZE+1]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
if (server) if (server)
return; return;
...@@ -645,15 +650,14 @@ void Net_SendCharacter(void) ...@@ -645,15 +650,14 @@ void Net_SendCharacter(void)
WRITESTRINGN(buf, cv_skin.string, SKINNAMESIZE); WRITESTRINGN(buf, cv_skin.string, SKINNAMESIZE);
WRITEUINT8(buf, cv_playercolor.value); WRITEUINT8(buf, cv_playercolor.value);
packet = enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE); packet = enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE);
enet_peer_send(nodetopeer[servernode], CHANNEL_GENERAL, packet); enet_peer_send(nodetopeer[servernode], CHANNEL_GENERAL, packet);
} }
static void Net_SendMove(void) static void Net_SendMove(void)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[15]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
if (server || !addedtogame || !players[consoleplayer].mo) if (server || !addedtogame || !players[consoleplayer].mo)
return; return;
...@@ -674,15 +678,14 @@ static void Net_SendMove(void) ...@@ -674,15 +678,14 @@ static void Net_SendMove(void)
WRITEINT16(buf, players[consoleplayer].mo->y >> 16); WRITEINT16(buf, players[consoleplayer].mo->y >> 16);
WRITEINT16(buf, players[consoleplayer].mo->z >> 16); WRITEINT16(buf, players[consoleplayer].mo->z >> 16);
packet = enet_packet_create(data, buf-data, 0); packet = enet_packet_create(net_buffer, buf-net_buffer, 0);
enet_peer_send(nodetopeer[servernode], CHANNEL_MOVE, packet); enet_peer_send(nodetopeer[servernode], CHANNEL_MOVE, packet);
} }
void Net_SpawnPlayer(UINT8 pnum, UINT8 node) void Net_SpawnPlayer(UINT8 pnum, UINT8 node)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[12]; UINT8 *buf = net_buffer;
UINT8 *buf = data;
WRITEUINT8(buf, SERVER_SPAWN); WRITEUINT8(buf, SERVER_SPAWN);
WRITEUINT16(buf, pnum+1); WRITEUINT16(buf, pnum+1);
...@@ -693,7 +696,7 @@ void Net_SpawnPlayer(UINT8 pnum, UINT8 node) ...@@ -693,7 +696,7 @@ void Net_SpawnPlayer(UINT8 pnum, UINT8 node)
WRITEUINT8(buf, players[pnum].skin); WRITEUINT8(buf, players[pnum].skin);
WRITEUINT8(buf, players[pnum].skincolor); WRITEUINT8(buf, players[pnum].skincolor);
packet = enet_packet_create(data, buf-data, ENET_PACKET_FLAG_RELIABLE); packet = enet_packet_create(net_buffer, buf-net_buffer, ENET_PACKET_FLAG_RELIABLE);
if (node == 0) if (node == 0)
enet_host_broadcast(ServerHost, CHANNEL_MOVE, packet); enet_host_broadcast(ServerHost, CHANNEL_MOVE, packet);
else else
...@@ -703,7 +706,7 @@ void Net_SpawnPlayer(UINT8 pnum, UINT8 node) ...@@ -703,7 +706,7 @@ void Net_SpawnPlayer(UINT8 pnum, UINT8 node)
static void Net_MovePlayers(void) static void Net_MovePlayers(void)
{ {
ENetPacket *packet; ENetPacket *packet;
UINT8 data[18], *buf, i; UINT8 *buf, i;
if (!server || lastMove == I_GetTime()) if (!server || lastMove == I_GetTime())
return; return;
...@@ -715,7 +718,7 @@ static void Net_MovePlayers(void) ...@@ -715,7 +718,7 @@ static void Net_MovePlayers(void)
if (!playeringame[i] || !players[i].mo) if (!playeringame[i] || !players[i].mo)
continue; continue;
buf = data; buf = net_buffer;
WRITEUINT8(buf, SERVER_MOVE); WRITEUINT8(buf, SERVER_MOVE);
WRITEUINT16(buf, i+1); WRITEUINT16(buf, i+1);
WRITEINT16(buf, players[i].mo->x >> 16); WRITEINT16(buf, players[i].mo->x >> 16);
...@@ -731,7 +734,7 @@ static void Net_MovePlayers(void) ...@@ -731,7 +734,7 @@ static void Net_MovePlayers(void)
WRITEUINT8(buf, SPR2_STND); WRITEUINT8(buf, SPR2_STND);
WRITEUINT8(buf, players[i].mo->frame); WRITEUINT8(buf, players[i].mo->frame);
packet = enet_packet_create(data, buf-data, 0); packet = enet_packet_create(net_buffer, buf-net_buffer, 0);
enet_host_broadcast(ServerHost, CHANNEL_MOVE, packet); enet_host_broadcast(ServerHost, CHANNEL_MOVE, packet);
} }
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment