pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2025-12-12 17:51:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed vulnerability in handling of OP_CrystalCreate

Browse Source
This commit is contained in:
Drajor 2016-06-11 19:53:19 +10:00
parent 471d7ec42d
commit 73e91be281
1 changed files with 41 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
zone/client_packet.cpp
View File

@ -5004,39 +5004,50 @@ void Client::Handle_OP_CrystalCreate(const EQApplicationPacket *app)
VERIFY_PACKET_LENGTH(OP_CrystalCreate, app, CrystalReclaim_Struct); VERIFY_PACKET_LENGTH(OP_CrystalCreate, app, CrystalReclaim_Struct);
CrystalReclaim_Struct *cr = (CrystalReclaim_Struct*)app->pBuffer; CrystalReclaim_Struct *cr = (CrystalReclaim_Struct*)app->pBuffer;
if (cr->type == 5) { const uint32 requestQty = cr->amount;
if (cr->amount > GetEbonCrystals()) { const bool isRadiant = cr->type == 4;
SummonItem(RuleI(Zone, EbonCrystalItemID), GetEbonCrystals()); const bool isEbon = cr->type == 5;
m_pp.currentEbonCrystals = 0;
m_pp.careerEbonCrystals = 0; // Check: Valid type requested.
if (!isRadiant && !isEbon) {
return;
}
// Check: Valid quantity requested.
if (requestQty < 1) {
return;
}
// Check: Valid client state to make request.
// In this situation the client is either desynced or attempting an exploit.
const uint32 currentQty = isRadiant ? GetRadiantCrystals() : GetEbonCrystals();
if (currentQty == 0) {
return;
}
// Prevent the client from creating more than they have.
const uint32 amount = EQEmu::ClampUpper(requestQty, currentQty);
const uint32 itemID = isRadiant ? RuleI(Zone, RadiantCrystalItemID) : RuleI(Zone, EbonCrystalItemID);
// Summon crystals for player.
const bool success = SummonItem(itemID, amount);
if (!success) {
return;
}
// Deduct crystals from client and update them.
if (isRadiant) {
m_pp.currentRadCrystals -= amount;
m_pp.careerRadCrystals -= amount;
}
else if (isEbon) {
m_pp.currentEbonCrystals -= amount;
m_pp.careerEbonCrystals -= amount;
}
SaveCurrency(); SaveCurrency();
SendCrystalCounts(); SendCrystalCounts();
} }
else {
SummonItem(RuleI(Zone, EbonCrystalItemID), cr->amount);
m_pp.currentEbonCrystals -= cr->amount;
m_pp.careerEbonCrystals -= cr->amount;
SaveCurrency();
SendCrystalCounts();
}
}
else if (cr->type == 4) {
if (cr->amount > GetRadiantCrystals()) {
SummonItem(RuleI(Zone, RadiantCrystalItemID), GetRadiantCrystals());
m_pp.currentRadCrystals = 0;
m_pp.careerRadCrystals = 0;
SaveCurrency();
SendCrystalCounts();
}
else {
SummonItem(RuleI(Zone, RadiantCrystalItemID), cr->amount);
m_pp.currentRadCrystals -= cr->amount;
m_pp.careerRadCrystals -= cr->amount;
SaveCurrency();
SendCrystalCounts();
}
}
}
void Client::Handle_OP_CrystalReclaim(const EQApplicationPacket *app) void Client::Handle_OP_CrystalReclaim(const EQApplicationPacket *app)
{ {