diff options
| author | Jesusalva Jesusalva <jesusalva@themanaworld.org> | 2022-12-15 15:38:48 +0000 |
|---|---|---|
| committer | Jesusalva Jesusalva <jesusalva@themanaworld.org> | 2022-12-15 15:38:48 +0000 |
| commit | 3f9bfc2f611f4c775c3f1ead7a6c48d2f287e187 (patch) | |
| tree | 03471f36b6326c31b12dc0defd546eea2a2ab4da | |
| parent | fdc6b727e76a695daf225787181f249c390a1541 (diff) | |
| parent | 887dc62bbddd350371fec471aecca8e6e0e56813 (diff) | |
| download | tmwa-3f9bfc2f611f4c775c3f1ead7a6c48d2f287e187.tar.gz tmwa-3f9bfc2f611f4c775c3f1ead7a6c48d2f287e187.tar.bz2 tmwa-3f9bfc2f611f4c775c3f1ead7a6c48d2f287e187.tar.xz tmwa-3f9bfc2f611f4c775c3f1ead7a6c48d2f287e187.zip | |
Merge branch 'hello-chat-exploit-securityfix' into 'master'
Hello=). Someone said its up to GMs to deal with users exploiting their servers.
See merge request legacy/tmwa!241
| -rw-r--r-- | src/map/clif.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/map/clif.cpp b/src/map/clif.cpp index f71feb6..0eb2b8c 100644 --- a/src/map/clif.cpp +++ b/src/map/clif.cpp @@ -6083,6 +6083,17 @@ AString clif_validate_chat(dumb_ptr<map_session_data> sd, ChatType type, XString WARN_MALFORMED_MSG(sd, "exceeded maximum message length"_s); return AString(); } + // Try to grasp max allowed message for global accounting for CharName + if (type == ChatType::Global && \ + (buf.size() >= (battle_config.chat_maxline - (2+sizeof(CharName)))) || \ + buf.size() >= 486) // 486 is hard clamp if battle_config.chat_maxline too small, etc + { + WARN_MALFORMED_MSG(sd, "exceeded maximum Global message length"_s); + AString hack_msg = STRPRINTF("[GM] %s attempted oversized Global chat message"_fmt, + sd->status_key.name); + tmw_GmHackMsg(hack_msg); // alert GMs about possible exploit attempt. + return AString(); + } // Step beyond the separator. for older clients if (type == ChatType::Global && sd->client_version < wrap<ClientVersion>(6)) |