pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2025-12-12 17:51:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add some overflow protection for emotes

Browse Source 
Clients crash if the emote is too large, despite the client
using a 1024 char buffer...
This commit is contained in:
Michael Cook (mackal) 2014-01-04 01:34:58 -05:00
parent ae68deb4f8
commit a9b4e7819f
3 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog.txt
View File

@ -1,5 +1,8 @@
EQEMu Changelog (Started on Sept 24, 2003 15:50) EQEMu Changelog (Started on Sept 24, 2003 15:50)
------------------------------------------------------- -------------------------------------------------------
== 01/03/2014 ==
demonstar55: Crash prevention for emote.
== 01/02/2014 == == 01/02/2014 ==
demonstar55: Stuns from beneficial spells (Harvest) ignore immunity demonstar55: Stuns from beneficial spells (Harvest) ignore immunity

4
zone/client.cpp
View File

@ -1080,6 +1080,10 @@ void Client::ChannelMessageReceived(uint8 chan_num, uint8 language, uint8 lang_s
case 22: case 22:
{ {
// Emotes for Underfoot and later. // Emotes for Underfoot and later.
// crash protection -- cheater
if (strlen(message) > 512)
message[512] = '\0';
EQApplicationPacket* outapp = new EQApplicationPacket(OP_Emote, 4 + strlen(message) + strlen(GetName()) + 2); EQApplicationPacket* outapp = new EQApplicationPacket(OP_Emote, 4 + strlen(message) + strlen(GetName()) + 2);
Emote_Struct* es = (Emote_Struct*)outapp->pBuffer; Emote_Struct* es = (Emote_Struct*)outapp->pBuffer;
char *Buffer = (char *)es; char *Buffer = (char *)es;

9
zone/client_packet.cpp
View File

@ -7353,8 +7353,13 @@ void Client::Handle_OP_Emote(const EQApplicationPacket *app)
const char* name = GetName(); const char* name = GetName();
uint32 len_name = strlen(name); uint32 len_name = strlen(name);
uint32 len_msg = strlen(in->message); uint32 len_msg = strlen(in->message);
// crash protection -- cheater
if (len_msg > 512) {
in->message[512] = '\0';
len_msg = 512;
}
uint32 len_packet = sizeof(in->unknown01) + len_name uint32 len_packet = sizeof(in->unknown01) + len_name
+ strlen(in->message) + 1; + len_msg + 1;
// Construct outgoing packet // Construct outgoing packet
EQApplicationPacket* outapp = new EQApplicationPacket(OP_Emote, len_packet); EQApplicationPacket* outapp = new EQApplicationPacket(OP_Emote, len_packet);
@ -7381,7 +7386,7 @@ void Client::Handle_OP_Emote(const EQApplicationPacket *app)
} }
else else
*/ */
entity_list.QueueCloseClients(this, outapp, true, 100,0,true,FilterSocials); entity_list.QueueCloseClients(this, outapp, true, 100, 0, true, FilterSocials);
safe_delete(outapp); safe_delete(outapp);
return; return;