pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2026-03-01 05:02:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better sanity checking in Client::BuyTraderItem to prevent potential exploits

Browse Source
This commit is contained in:
Michael Cook (mackal) 2015-02-07 12:39:46 -05:00
parent d5047da637
commit 67ee327f5b
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
zone/trading.cpp
View File

@ -1479,8 +1479,6 @@ static void BazaarAuditTrail(const char *seller, const char *buyer, const char *
database.QueryDatabase(query); database.QueryDatabase(query);
} }
void Client::BuyTraderItem(TraderBuy_Struct* tbs,Client* Trader,const EQApplicationPacket* app){ void Client::BuyTraderItem(TraderBuy_Struct* tbs,Client* Trader,const EQApplicationPacket* app){
if(!Trader) return; if(!Trader) return;
@ -1509,15 +1507,15 @@ void Client::BuyTraderItem(TraderBuy_Struct* tbs,Client* Trader,const EQApplicat
BuyItem->GetItem()->Name, BuyItem->IsStackable(), tbs->Quantity, BuyItem->GetCharges()); BuyItem->GetItem()->Name, BuyItem->IsStackable(), tbs->Quantity, BuyItem->GetCharges());
// If the item is not stackable, then we can only be buying one of them. // If the item is not stackable, then we can only be buying one of them.
if(!BuyItem->IsStackable()) if(!BuyItem->IsStackable())
outtbs->Quantity = tbs->Quantity; outtbs->Quantity = 1; // normally you can't send more than 1 here
else { else {
// Stackable items, arrows, diamonds, etc // Stackable items, arrows, diamonds, etc
int ItemCharges = BuyItem->GetCharges(); int32 ItemCharges = BuyItem->GetCharges();
// ItemCharges for stackables should not be <= 0 // ItemCharges for stackables should not be <= 0
if(ItemCharges <= 0) if(ItemCharges <= 0)
outtbs->Quantity = 1; outtbs->Quantity = 1;
// If the purchaser requested more than is in the stack, just sell them how many are actually in the stack. // If the purchaser requested more than is in the stack, just sell them how many are actually in the stack.
else if(ItemCharges < (int16)tbs->Quantity) else if(static_cast<uint32>(ItemCharges) < tbs->Quantity)
outtbs->Quantity = ItemCharges; outtbs->Quantity = ItemCharges;
else else
outtbs->Quantity = tbs->Quantity; outtbs->Quantity = tbs->Quantity;
@ -1609,7 +1607,6 @@ void Client::BuyTraderItem(TraderBuy_Struct* tbs,Client* Trader,const EQApplicat
safe_delete(outapp); safe_delete(outapp);
safe_delete(outapp2); safe_delete(outapp2);
} }
void Client::SendBazaarWelcome() void Client::SendBazaarWelcome()