From e42f76d0b0f4d2ec3a9008979267311f5246fb22 Mon Sep 17 00:00:00 2001 From: "Hello=)" Date: Thu, 15 Dec 2022 17:42:22 +0300 Subject: Hello=). Someone said its up to GMs to deal with users exploiting their servers. Let's do it. What you think happens when you hit IRCop by exploit? :P This is fix for exploit we've been seen in the wild during meeting. NB: due to nature of exploit real culprit would be undetected Reason: map server disconnected users without doing logging. --- src/map/clif.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/map/clif.cpp b/src/map/clif.cpp index f71feb6..0eb2b8c 100644 --- a/src/map/clif.cpp +++ b/src/map/clif.cpp @@ -6083,6 +6083,17 @@ AString clif_validate_chat(dumb_ptr sd, ChatType type, XString WARN_MALFORMED_MSG(sd, "exceeded maximum message length"_s); return AString(); } + // Try to grasp max allowed message for global accounting for CharName + if (type == ChatType::Global && \ + (buf.size() >= (battle_config.chat_maxline - (2+sizeof(CharName)))) || \ + buf.size() >= 486) // 486 is hard clamp if battle_config.chat_maxline too small, etc + { + WARN_MALFORMED_MSG(sd, "exceeded maximum Global message length"_s); + AString hack_msg = STRPRINTF("[GM] %s attempted oversized Global chat message"_fmt, + sd->status_key.name); + tmw_GmHackMsg(hack_msg); // alert GMs about possible exploit attempt. + return AString(); + } // Step beyond the separator. for older clients if (type == ChatType::Global && sd->client_version < wrap(6)) -- cgit v1.2.3-60-g2f50