mirror of
https://github.com/EQEmu/Server.git
synced 2025-12-12 09:31:30 +00:00
Fixed vulnerability in handling of OP_CrystalCreate
This commit is contained in:
Drajor
parent
471d7ec42d
commit
73e91be281
@ -5004,38 +5004,49 @@ void Client::Handle_OP_CrystalCreate(const EQApplicationPacket *app)
|
|||||||
VERIFY_PACKET_LENGTH(OP_CrystalCreate, app, CrystalReclaim_Struct);
|
VERIFY_PACKET_LENGTH(OP_CrystalCreate, app, CrystalReclaim_Struct);
|
||||||
CrystalReclaim_Struct *cr = (CrystalReclaim_Struct*)app->pBuffer;
|
CrystalReclaim_Struct *cr = (CrystalReclaim_Struct*)app->pBuffer;
|
||||||
|
|
||||||
if (cr->type == 5) {
|
const uint32 requestQty = cr->amount;
|
||||||
if (cr->amount > GetEbonCrystals()) {
|
const bool isRadiant = cr->type == 4;
|
||||||
SummonItem(RuleI(Zone, EbonCrystalItemID), GetEbonCrystals());
|
const bool isEbon = cr->type == 5;
|
||||||
m_pp.currentEbonCrystals = 0;
|
|
||||||
m_pp.careerEbonCrystals = 0;
|
// Check: Valid type requested.
|
||||||
SaveCurrency();
|
if (!isRadiant && !isEbon) {
|
||||||
SendCrystalCounts();
|
return;
|
||||||
}
|
|
||||||
else {
|
|
||||||
SummonItem(RuleI(Zone, EbonCrystalItemID), cr->amount);
|
|
||||||
m_pp.currentEbonCrystals -= cr->amount;
|
|
||||||
m_pp.careerEbonCrystals -= cr->amount;
|
|
||||||
SaveCurrency();
|
|
||||||
SendCrystalCounts();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if (cr->type == 4) {
|
// Check: Valid quantity requested.
|
||||||
if (cr->amount > GetRadiantCrystals()) {
|
if (requestQty < 1) {
|
||||||
SummonItem(RuleI(Zone, RadiantCrystalItemID), GetRadiantCrystals());
|
return;
|
||||||
m_pp.currentRadCrystals = 0;
|
|
||||||
m_pp.careerRadCrystals = 0;
|
|
||||||
SaveCurrency();
|
|
||||||
SendCrystalCounts();
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
SummonItem(RuleI(Zone, RadiantCrystalItemID), cr->amount);
|
|
||||||
m_pp.currentRadCrystals -= cr->amount;
|
|
||||||
m_pp.careerRadCrystals -= cr->amount;
|
|
||||||
SaveCurrency();
|
|
||||||
SendCrystalCounts();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check: Valid client state to make request.
|
||||||
|
// In this situation the client is either desynced or attempting an exploit.
|
||||||
|
const uint32 currentQty = isRadiant ? GetRadiantCrystals() : GetEbonCrystals();
|
||||||
|
if (currentQty == 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prevent the client from creating more than they have.
|
||||||
|
const uint32 amount = EQEmu::ClampUpper(requestQty, currentQty);
|
||||||
|
const uint32 itemID = isRadiant ? RuleI(Zone, RadiantCrystalItemID) : RuleI(Zone, EbonCrystalItemID);
|
||||||
|
|
||||||
|
// Summon crystals for player.
|
||||||
|
const bool success = SummonItem(itemID, amount);
|
||||||
|
|
||||||
|
if (!success) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deduct crystals from client and update them.
|
||||||
|
if (isRadiant) {
|
||||||
|
m_pp.currentRadCrystals -= amount;
|
||||||
|
m_pp.careerRadCrystals -= amount;
|
||||||
|
}
|
||||||
|
else if (isEbon) {
|
||||||
|
m_pp.currentEbonCrystals -= amount;
|
||||||
|
m_pp.careerEbonCrystals -= amount;
|
||||||
|
}
|
||||||
|
|
||||||
|
SaveCurrency();
|
||||||
|
SendCrystalCounts();
|
||||||
}
|
}
|
||||||
|
|
||||||
void Client::Handle_OP_CrystalReclaim(const EQApplicationPacket *app)
|
void Client::Handle_OP_CrystalReclaim(const EQApplicationPacket *app)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user