diff options
author | Dennis Friis <peavey@inspircd.org> | 2009-06-23 17:04:32 +0200 |
---|---|---|
committer | Dennis Friis <peavey@inspircd.org> | 2009-06-25 01:13:21 +0200 |
commit | d931d8e3350ebfde68bd4120e05b9b1ca940ae76 (patch) | |
tree | 28a43c5f49026d5b8b11871c5199b2945169ae67 | |
parent | c0ac4c9070fca4e2d00d4f9ebdfae76546d8e243 (diff) | |
download | tmwa-d931d8e3350ebfde68bd4120e05b9b1ca940ae76.tar.gz tmwa-d931d8e3350ebfde68bd4120e05b9b1ca940ae76.tar.bz2 tmwa-d931d8e3350ebfde68bd4120e05b9b1ca940ae76.tar.xz tmwa-d931d8e3350ebfde68bd4120e05b9b1ca940ae76.zip |
Fail storage parse if storage is dirty and unsaved. Derived from ea stable.
-rw-r--r-- | src/map/intif.c | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/src/map/intif.c b/src/map/intif.c index ca9d3c3..7f3eafc 100644 --- a/src/map/intif.c +++ b/src/map/intif.c @@ -579,21 +579,33 @@ int intif_parse_LoadStorage(int fd) { struct storage *stor; struct map_session_data *sd; - stor = account2storage( RFIFOL(fd,4)); - if (RFIFOW(fd,2)-8 != sizeof(struct storage)) { - if (battle_config.error_log) - printf("intif_parse_LoadStorage: data size error %d %d\n", RFIFOW(fd,2)-8, sizeof(struct storage)); - return 1; - } sd=map_id2sd( RFIFOL(fd,4) ); if(sd==NULL){ if(battle_config.error_log) printf("intif_parse_LoadStorage: user not found %d\n",RFIFOL(fd,4)); return 1; } + stor = account2storage( RFIFOL(fd,4)); + if (stor->storage_status == 1) { // Already open.. lets ignore this update + if (battle_config.error_log) + printf("intif_parse_LoadStorage: storage received for a client already open (User %d:%d)\n", sd->status.account_id, sd->status.char_id); + return 1; + } + if (stor->dirty) { // Already have storage, and it has been modified and not saved yet! Exploit! [Skotlex] + if (battle_config.error_log) + printf("intif_parse_LoadStorage: received storage for an already modified non-saved storage! (User %d:%d)\n", sd->status.account_id, sd->status.char_id); + return 1; + } + + if (RFIFOW(fd,2)-8 != sizeof(struct storage)) { + if (battle_config.error_log) + printf("intif_parse_LoadStorage: data size error %d %d\n", RFIFOW(fd,2)-8, sizeof(struct storage)); + return 1; + } if(battle_config.save_log) printf("intif_openstorage: %d\n",RFIFOL(fd,4) ); memcpy(stor,RFIFOP(fd,8),sizeof(struct storage)); + stor->dirty=0; stor->storage_status=1; sd->state.storage_flag = 1; clif_storageitemlist(sd,stor); @@ -616,7 +628,9 @@ int intif_parse_LoadGuildStorage(int fd) { struct guild_storage *gstor; struct map_session_data *sd; - int guild_id = RFIFOL(fd,8); + int guild_id; + + guild_id = RFIFOL(fd,8); if(guild_id > 0) { gstor=guild2storage(guild_id); if(!gstor) { @@ -636,6 +650,16 @@ int intif_parse_LoadGuildStorage(int fd) printf("intif_parse_LoadGuildStorage: user not found %d\n",RFIFOL(fd,4)); return 1; } + if (gstor->storage_status == 1) { // Already open.. lets ignore this update + if (battle_config.error_log) + printf("intif_parse_LoadGuildStorage: storage received for a client already open (User %d:%d)\n", sd->status.account_id, sd->status.char_id); + return 1; + } + if (gstor->dirty) { // Already have storage, and it has been modified and not saved yet! Exploit! [Skotlex] + if (battle_config.error_log) + printf("intif_parse_LoadGuildStorage: received storage for an already modified non-saved storage! (User %d:%d)\n", sd->status.account_id, sd->status.char_id); + return 1; + } if(battle_config.save_log) printf("intif_open_guild_storage: %d\n",RFIFOL(fd,4) ); memcpy(gstor,RFIFOP(fd,12),sizeof(struct guild_storage)); |