pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2025-12-12 09:31:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Exploit fixes

Browse Source 
Bind Wound was spammable via packet sending. You could buy a larger
stack than the max StackSize of an item from merchants that had
unlimited of those stackable items.
This commit is contained in:
JohnsonAskot 2015-02-07 12:34:50 -05:00
parent d5047da637
commit 63810d5c1b
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
zone/client.cpp
View File

@ -2471,11 +2471,13 @@ void Client::LogMerchant(Client* player, Mob* merchant, uint32 quantity, uint32
bool Client::BindWound(Mob* bindmob, bool start, bool fail){ bool Client::BindWound(Mob* bindmob, bool start, bool fail){
EQApplicationPacket* outapp = 0; EQApplicationPacket* outapp = 0;
if(!fail) { if(!fail)
{
outapp = new EQApplicationPacket(OP_Bind_Wound, sizeof(BindWound_Struct)); outapp = new EQApplicationPacket(OP_Bind_Wound, sizeof(BindWound_Struct));
BindWound_Struct* bind_out = (BindWound_Struct*) outapp->pBuffer; BindWound_Struct* bind_out = (BindWound_Struct*) outapp->pBuffer;
// Start bind // Start bind
if(!bindwound_timer.Enabled()) { if(!bindwound_timer.Enabled())
{
//make sure we actually have a bandage... and consume it. //make sure we actually have a bandage... and consume it.
int16 bslot = m_inv.HasItemByUse(ItemTypeBandage, 1, invWhereWorn|invWherePersonal); int16 bslot = m_inv.HasItemByUse(ItemTypeBandage, 1, invWhereWorn|invWherePersonal);
if (bslot == INVALID_INDEX) { if (bslot == INVALID_INDEX) {
@ -2521,7 +2523,9 @@ bool Client::BindWound(Mob* bindmob, bool start, bool fail){
; // Binding self ; // Binding self
} }
} }
} else { }
else if (bindwound_timer.Check()) // Did the timer finish? No? Then why the hell do they get free hpz?! -Lecht
{
// finish bind // finish bind
// disable complete timer // disable complete timer
bindwound_timer.Disable(); bindwound_timer.Disable();

5
zone/client_packet.cpp
View File

@ -12145,6 +12145,10 @@ void Client::Handle_OP_ShopPlayerBuy(const EQApplicationPacket *app)
mp->quantity = prevcharges; mp->quantity = prevcharges;
} }
// Item's stackable, but the quantity they want to buy exceeds the max stackable quantity. -Lecht
if (item->Stackable && mp->quantity > item->StackSize)
mp->quantity = item->StackSize;
EQApplicationPacket* outapp = new EQApplicationPacket(OP_ShopPlayerBuy, sizeof(Merchant_Sell_Struct)); EQApplicationPacket* outapp = new EQApplicationPacket(OP_ShopPlayerBuy, sizeof(Merchant_Sell_Struct));
Merchant_Sell_Struct* mpo = (Merchant_Sell_Struct*)outapp->pBuffer; Merchant_Sell_Struct* mpo = (Merchant_Sell_Struct*)outapp->pBuffer;
mpo->quantity = mp->quantity; mpo->quantity = mp->quantity;
@ -12171,6 +12175,7 @@ void Client::Handle_OP_ShopPlayerBuy(const EQApplicationPacket *app)
mpo->price = SinglePrice; mpo->price = SinglePrice;
else else
mpo->price = SinglePrice * mp->quantity; mpo->price = SinglePrice * mp->quantity;
if (mpo->price < 0) if (mpo->price < 0)
{ {
safe_delete(outapp); safe_delete(outapp);

3
zone/client_process.cpp
View File

@ -239,7 +239,8 @@ bool Client::Process() {
if(IsAIControlled()) if(IsAIControlled())
AI_Process(); AI_Process();
if (bindwound_timer.Check() && bindwound_target != 0) { // Don't reset the bindwound timer so we can check it in BindWound as well. -Lecht
if (bindwound_timer.Check(false) && bindwound_target != 0) {
BindWound(bindwound_target, false); BindWound(bindwound_target, false);
} }