Image fix for OP_CastSpell exploit.

2025-12-12 09:31:30 +00:00 · 2013-06-15 13:08:32 -07:00 · 2013-06-15 13:08:32 -07:00 · 91b01c2fcc
commit 91b01c2fcc
parent 28eb80e27f
2 changed files with 10 additions and 30 deletions
--- a/changelog.txt
+++ b/changelog.txt
@ -1,5 +1,8 @@
 EQEMu Changelog (Started on Sept 24, 2003 15:50)
 -------------------------------------------------------
 == 06/15/2013 ==
 KLS: (image) Potentially could bypass some spell checks by passing a specially crafted spell slot.  This has been addressed.
 == 06/12/2013 ==
 KLS: Merge Hateborne's hp cap stuff
 KLS: We haven't updated changelog in a while but there's been:
--- a/zone/client_packet.cpp
+++ b/zone/client_packet.cpp
@ -4577,7 +4577,7 @@ void Client::Handle_OP_CastSpell(const EQApplicationPacket *app)
 		LogFile->write(EQEMuLog::Debug, "cs_unknown2: 16 %p %u %u", &castspell->cs_unknown, *(uint16*) castspell->cs_unknown, *(uint16*) castspell->cs_unknown+sizeof(uint16) );
 		LogFile->write(EQEMuLog::Debug, "cs_unknown2: 16 %p %i %i", &castspell->cs_unknown, *(uint16*) castspell->cs_unknown, *(uint16*) castspell->cs_unknown+sizeof(uint16) );
 #endif
-LogFile->write(EQEMuLog::Debug, "OP CastSpell: slot=%d, spell=%d, target=%d, inv=%lx", castspell->slot, castspell->spell_id, castspell->target_id, (unsigned long)castspell->inventoryslot);
+	LogFile->write(EQEMuLog::Debug, "OP CastSpell: slot=%d, spell=%d, target=%d, inv=%lx", castspell->slot, castspell->spell_id, castspell->target_id, (unsigned long)castspell->inventoryslot);
 	if ((castspell->slot == USE_ITEM_SPELL_SLOT) || (castspell->slot == POTION_BELT_SPELL_SLOT))	// this means item
 	{
@ -4690,47 +4690,24 @@ LogFile->write(EQEMuLog::Debug, "OP CastSpell: slot=%d, spell=%d, target=%d, inv
 			else
 				spell_to_cast = SPELL_HARM_TOUCH2;
 			p_timers.Start(pTimerHarmTouch, HarmTouchReuseTime);
-		}
+		} else if(castspell->slot == DISCIPLINE_SPELL_SLOT) {
 		//handle disciplines, OLD, they keep changing this
 		if(castspell->slot == DISCIPLINE_SPELL_SLOT) {
 			if(!UseDiscipline(castspell->spell_id, castspell->target_id)) {
 				printf("Unknown ability being used by %s, spell being cast is: %i\n",GetName(),castspell->spell_id);
 				InterruptSpell(castspell->spell_id);
 			}
 			return;
-		}
+		} else if(castspell->slot < MAX_PP_MEMSPELL) {
 		if(castspell->slot < MAX_PP_MEMSPELL)
 		{
 			spell_to_cast = m_pp.mem_spells[castspell->slot];
 			if(spell_to_cast != castspell->spell_id)
 			{
 				InterruptSpell(castspell->spell_id); //CHEATER!!!
 				return;
 			}
 		} else {
 			//If we get to here this slot should be invalid invalid
 			InterruptSpell(castspell->spell_id);
 			return;
 		}
 		/*
 		these are coming through with slot 8 now...
 		else if(castspell->slot == 9)	//discipline, LoH, HT, etc
 		{
 			if(GetClass() == PALADIN && castspell->spell_id == SPELL_LAY_ON_HANDS)
 			{
 				spell_to_cast = SPELL_LAY_ON_HANDS;
 				p_timers.Start(pTimerLayHands, LayOnHandsReuseTime);
 				CastSpell(spell_to_cast, castspell->target_id, castspell->slot);
 			}
 			else if(GetClass() == SHADOWKNIGHT
 				&& (castspell->spell_id == SPELL_HARM_TOUCH || castspell->spell_id == SPELL_HARM_TOUCH2))
 			{
 				if(GetLevel() < 40)
 					spell_to_cast = SPELL_HARM_TOUCH;
 				else
 					spell_to_cast = SPELL_HARM_TOUCH2;
 				p_timers.Start(pTimerHarmTouch, HarmTouchReuseTime);
 			}
 			else*/
 			//try disciplines
 		CastSpell(spell_to_cast, castspell->target_id, castspell->slot);
 	}