[C++] Parsing SID_READUSERDATA

Okee · July 28, 2005, 06:16 PM

Hey guys, I've sent SID_READUSERDATA correctly, and can see the data in my packet logs. I'm just working on extracting this. Looks to me like my code should display the profile correctly, but I'll let ya'll look at it and see if you can tell me why it isn't printing it.

Code Select


#define PACKET_HEAD 4

...

void HandleReadUserData(char *data) {
 unsigned long Accounts = *(unsigned long*)(data + PACKET_HEAD);
 unsigned long Keys = *(unsigned long*)(data + PACKET_HEAD + 4);
 
 strcpy(szProfileData.szAge, data + PACKET_HEAD + 12);
 strcpy(szProfileData.szSex, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge));
 strcpy(szProfileData.szLocation, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex));
 strcpy(szProfileData.szDescription, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex) + strlen(szProfileData.szLocation));

 AppendText(hBNChat, GRAY, "Age: %s\nSex: %s\nLocation: %s\nDescription: %s\n", szProfileData.szAge, szProfileData.szSex, szProfileData.szLocation, szProfileData.szDescription);
 return;
}

data contains the entire packets contents. I use + PACKET_HEAD to read past the header, and the + 12 reads past the first 3 DWORDS. The rest should be as easy as I have it done here, but it's printing blank lines when I call my AppendText function.

Anyone know why possibly?

UserLoser. · July 28, 2005, 07:12 PM

Age can't be set/requested anymore, so toss that out. And it should probably be:

Code Select


 strcpy(szProfileData.szSex, data + PACKET_HEAD + 13 + strlen(szProfileData.szAge));
 strcpy(szProfileData.szLocation, data + PACKET_HEAD + 14 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex));
 strcpy(szProfileData.szDescription, data + PACKET_HEAD + 15 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex) + strlen(szProfileData.szLocation));

Assuming 12 is right position, you will always be copying an empty string into each of your variables. Why you ask? Because age can't be requested, so it'll just be an empty value there, with null terminator behind it. Then for the rest of the variables you're doing 12 + len(age), so you're really just grabbing the age again [which doesn't exist]. I'd prefer using a system like this.

Kp · July 28, 2005, 09:25 PM

Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it. Learn to use length-checked copy operations.

warz · July 28, 2005, 10:40 PM

Quote from: Kp on July 28, 2005, 09:25 PM
Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it. Learn to use length-checked copy operations.

I'm pretty interested in that. What do you mean by length checked?

Eric · July 28, 2005, 10:51 PM

Quote from: warz on July 28, 2005, 10:40 PM
Quote from: Kp on July 28, 2005, 09:25 PM
Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it. Learn to use length-checked copy operations.

I'm pretty interested in that. What do you mean by length checked?

strncpy(), for example.

Valhalla Legends Archive

[C++] Parsing SID_READUSERDATA

Okee

UserLoser.

Kp

warz

Eric