From 7f4ce3faf508974904fbd5e292462cd0c2ffcf48 Mon Sep 17 00:00:00 2001 From: zerosum0x0 Date: Sun, 30 Oct 2016 22:04:10 -0600 Subject: [PATCH 1/2] fix potential plat creation exploit --- zone/client_process.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/zone/client_process.cpp b/zone/client_process.cpp index 55843e724..4a6e0403c 100644 --- a/zone/client_process.cpp +++ b/zone/client_process.cpp @@ -3,7 +3,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. + the Free Software Foundation; version 2 of the License.f This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY except by those people which sell it, which @@ -1194,6 +1194,12 @@ void Client::OPMoveCoin(const EQApplicationPacket* app) int32 *from_bucket = 0, *to_bucket = 0; Mob* trader = trade->With(); + // if amount < 0, client is sending a malicious packet + if (mc->amount < 0) + { + return; + } + // could just do a range, but this is clearer and explicit if ( From 66f253553aad7b7f9dba478318f9d84d15912a44 Mon Sep 17 00:00:00 2001 From: zerosum0x0 Date: Sun, 30 Oct 2016 22:12:46 -0600 Subject: [PATCH 2/2] Added an f like a dummy --- zone/client_process.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zone/client_process.cpp b/zone/client_process.cpp index 4a6e0403c..632f953d7 100644 --- a/zone/client_process.cpp +++ b/zone/client_process.cpp @@ -3,7 +3,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License.f + the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY except by those people which sell it, which