Make NetworkPacket respect serialized string size limits

diff --git a/src/network/networkpacket.cpp b/src/network/networkpacket.cpp
index 0c56048729e3f60a22d8c95e8cec4dc304d7de9e..b5e451cdb0a0512146828952ce3b06f543dcf1ac 100644 (file)
--- a/src/network/networkpacket.cpp
+++ b/src/network/networkpacket.cpp
@@ -85,7 +85,7 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)
 {
        checkReadOffset(m_read_offset, 2);
        u16 strLen = readU16(&m_data[m_read_offset]);
-       m_read_offset += sizeof(u16);
+       m_read_offset += 2;
 
        dst.clear();
 
@@ -105,8 +105,8 @@ NetworkPacket& NetworkPacket::operator>>(std::string& dst)
 NetworkPacket& NetworkPacket::operator<<(std::string src)
 {
        u16 msgsize = src.size();
-       if (msgsize > 0xFFFF) {
-               msgsize = 0xFFFF;
+       if (msgsize > STRING_MAX_LEN) {
+               throw PacketError("String too long");
        }
 
        *this << msgsize;
@@ -119,8 +119,8 @@ NetworkPacket& NetworkPacket::operator<<(std::string src)
 void NetworkPacket::putLongString(std::string src)
 {
        u32 msgsize = src.size();
-       if (msgsize > 0xFFFFFFFF) {
-               msgsize = 0xFFFFFFFF;
+       if (msgsize > LONG_STRING_MAX_LEN) {
+               throw PacketError("String too long");
        }
 
        *this << msgsize;
@@ -155,8 +155,8 @@ NetworkPacket& NetworkPacket::operator>>(std::wstring& dst)
 NetworkPacket& NetworkPacket::operator<<(std::wstring src)
 {
        u16 msgsize = src.size();
-       if (msgsize > 0xFFFF) {
-               msgsize = 0xFFFF;
+       if (msgsize > WIDE_STRING_MAX_LEN) {
+               throw PacketError("String too long");
        }
 
        *this << msgsize;
@@ -179,6 +179,10 @@ std::string NetworkPacket::readLongString()
                return "";
        }
 
+       if (strLen > LONG_STRING_MAX_LEN) {
+               throw PacketError("String too long");
+       }
+
        checkReadOffset(m_read_offset, strLen);
 
        std::string dst;