Merge pull request #42 from dongresource/bugfix

Fixed a use-after-free and a memory leak.

src/CNProtocol.cpp

@@ -200,7 +200,7 @@ void CNSocket::step() {
 
     if (activelyReading && readBufferIndex - readSize <= 0) {            
         // decrypt readBuffer and copy to CNPacketData
-        CNSocketEncryption::decryptData(readBuffer, (uint8_t*)(&EKey), readSize);
+        CNSocketEncryption::decryptData((uint8_t*)&readBuffer, (uint8_t*)(&EKey), readSize);
 
         void* tmpBuf = xmalloc(readSize-sizeof(int32_t));
         memcpy(tmpBuf, readBuffer+sizeof(uint32_t), readSize-sizeof(int32_t));

src/CNProtocol.hpp

@@ -104,7 +104,7 @@ private:
     uint64_t EKey;
     uint64_t FEKey;
     int32_t readSize = 0;
-    uint8_t* readBuffer = new uint8_t[MAX_PACKETSIZE];
+    uint8_t readBuffer[MAX_PACKETSIZE];
     int readBufferIndex = 0;
     bool activelyReading = false;
     bool alive = true;

src/PlayerManager.cpp

@@ -55,18 +55,18 @@ void PlayerManager::removePlayer(CNSocket* key) {
     for (CNSocket* otherSock : players[key].viewable) {
         players[otherSock].viewable.remove(key); // gone
 
-        // now sent PC_EXIT packet
+        // now send PC_EXIT packet
         sP_FE2CL_PC_EXIT exitPacket;
         exitPacket.iID = players[key].plr->iID;
 
         otherSock->sendPacket((void*)&exitPacket, P_FE2CL_PC_EXIT, sizeof(sP_FE2CL_PC_EXIT));
     }
 
-    delete cachedView.plr;
-    players.erase(key);
-
     std::cout << U16toU8(cachedView.plr->PCStyle.szFirstName) << U16toU8(cachedView.plr->PCStyle.szLastName) << " has left!" << std::endl;
     std::cout << players.size() << " players" << std::endl;
+
+    delete cachedView.plr;
+    players.erase(key);
 }
 
 void PlayerManager::updatePlayerPosition(CNSocket* sock, int X, int Y, int Z) {