fix: remove uses of insecure "reinterpret_cast"

opentibiabr · Sep 25, 2024 · 3cb75d8 · 3cb75d8
1 parent 4be4078
commit 3cb75d8
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/src/server/network/message/networkmessage.cpp b/src/server/network/message/networkmessage.cpp
@@ -24,18 +24,19 @@ std::string NetworkMessage::getString(uint16_t stringLen /* = 0*/) {
 	}
 
 	if (!canRead(stringLen)) {
-		g_logger().error("Not enough data to read string of length: {}", stringLen);
+		g_logger().error("[{}] not enough data to read string of length: {}", __METHOD_NAME__, stringLen);
 		return {};
 	}
 
 	if (stringLen > NETWORKMESSAGE_MAXSIZE) {
-		g_logger().error("[NetworkMessage::addString] - Exceded NetworkMessage max size: {}, actually size: {}", NETWORKMESSAGE_MAXSIZE, stringLen);
+		g_logger().error("[{}] exceded NetworkMessage max size: {}, actually size: {}", __METHOD_NAME__, NETWORKMESSAGE_MAXSIZE, stringLen);
 		return {};
 	}
 
-	const char* v = reinterpret_cast<const char*>(buffer.data() + info.position);
+	// Copy the string from the buffer
+	std::string result(buffer.begin() + info.position, buffer.begin() + info.position + stringLen);
 	info.position += stringLen;
-	return std::string(v, stringLen);
+	return result;
 }
 
 Position NetworkMessage::getPosition() {

diff --git a/src/server/network/message/networkmessage.hpp b/src/server/network/message/networkmessage.hpp
@@ -27,7 +27,8 @@ class NetworkMessage {
 	// 2 bytes for encrypted message size
 	static constexpr MsgSize_t INITIAL_BUFFER_POSITION = 8;
 
-	NetworkMessage() : buffer(NETWORKMESSAGE_MAXSIZE, 0) {}
+	NetworkMessage() :
+		buffer(NETWORKMESSAGE_MAXSIZE, 0) { }
 
 	void reset() {
 		info = {};