summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHaru <haru@dotalux.com>2018-03-09 01:04:29 +0100
committerGitHub <noreply@github.com>2018-03-09 01:04:29 +0100
commitb2b4f1b26e5965b09d53ac55040ef1517a81bae0 (patch)
treeb4563d4cfc8e9438913ea2cfd35bcb3ecd0d57d1
parentea964c75ac213eab98e22cce938d8bf141071179 (diff)
parent2d502ef94e09e5057f2868288d9054f8f0f39348 (diff)
downloadhercules-b2b4f1b26e5965b09d53ac55040ef1517a81bae0.tar.gz
hercules-b2b4f1b26e5965b09d53ac55040ef1517a81bae0.tar.bz2
hercules-b2b4f1b26e5965b09d53ac55040ef1517a81bae0.tar.xz
hercules-b2b4f1b26e5965b09d53ac55040ef1517a81bae0.zip
Merge pull request #1979 from 4144/fixlogin
fix different crashes
-rw-r--r--src/char/pincode.c17
-rw-r--r--src/login/login.c4
-rw-r--r--src/map/atcommand.c5
-rw-r--r--src/map/clif.c197
-rw-r--r--src/map/unit.c16
5 files changed, 171 insertions, 68 deletions
diff --git a/src/char/pincode.c b/src/char/pincode.c
index fc1a4c037..bca1b4394 100644
--- a/src/char/pincode.c
+++ b/src/char/pincode.c
@@ -68,6 +68,8 @@ void pincode_check(int fd, struct char_session_data* sd) {
char pin[5] = "\0\0\0\0";
nullpo_retv(sd);
+ if (strlen(sd->pincode) != 4)
+ return;
safestrncpy(pin, RFIFOP(fd, 6), sizeof(pin));
pincode->decrypt(sd->pincode_seed, pin);
if( pincode->compare( fd, sd, pin ) ){
@@ -87,7 +89,9 @@ int pincode_compare(int fd, struct char_session_data* sd, char* pin) {
} else {
pincode->sendstate( fd, sd, PINCODE_WRONG );
if( pincode->maxtry && ++sd->pincode_try >= pincode->maxtry ){
- pincode->error( sd->account_id );
+ pincode->error(sd->account_id);
+ chr->authfail_fd(fd, 0);
+ chr->disconnect_player(sd->account_id);
}
return 0;
}
@@ -97,6 +101,8 @@ void pincode_change(int fd, struct char_session_data* sd) {
char oldpin[5] = "\0\0\0\0", newpin[5] = "\0\0\0\0";
nullpo_retv(sd);
+ if (strlen(sd->pincode) != 4)
+ return;
safestrncpy(oldpin, RFIFOP(fd,6), sizeof(oldpin));
pincode->decrypt(sd->pincode_seed,oldpin);
if( !pincode->compare( fd, sd, oldpin ) )
@@ -113,6 +119,8 @@ void pincode_setnew(int fd, struct char_session_data* sd) {
char newpin[5] = "\0\0\0\0";
nullpo_retv(sd);
+ if (strlen(sd->pincode) == 4)
+ return;
safestrncpy(newpin, RFIFOP(fd,6), sizeof(newpin));
pincode->decrypt(sd->pincode_seed,newpin);
pincode->update( sd->account_id, newpin );
@@ -172,8 +180,11 @@ void pincode_decrypt(unsigned int userSeed, char* pin) {
}
}
- for( i = 0; i < 4; i++ ){
- pin[i] = tab[pin[i] - '0'];
+ for (i = 0; i < 4; i++ ) {
+ if (pin[i] < '0' || pin[i] > '9')
+ pin[i] = '0';
+ else
+ pin[i] = tab[pin[i] - '0'];
}
sprintf(pin, "%d%d%d%d", pin[0], pin[1], pin[2], pin[3]);
diff --git a/src/login/login.c b/src/login/login.c
index 5b281c22d..9fe9de0d3 100644
--- a/src/login/login.c
+++ b/src/login/login.c
@@ -1985,7 +1985,8 @@ int do_final(void)
login->dbs->account_engine->db->destroy(login->dbs->account_engine->db);
login->dbs->account_engine->db = NULL;
}
- accounts = NULL; // destroyed in account_engine
+ login->accounts = NULL; // destroyed in account_engine
+ accounts = NULL;
login->online_db->destroy(login->online_db, NULL);
login->auth_db->destroy(login->auth_db, NULL);
@@ -2101,6 +2102,7 @@ int do_init(int argc, char** argv)
login->dbs->account_engine->constructor = account->db_sql;
login->dbs->account_engine->db = login->dbs->account_engine->constructor();
accounts = login->dbs->account_engine->db;
+ login->accounts = accounts;
if( accounts == NULL ) {
ShowFatalError("do_init: account engine 'sql' not found.\n");
exit(EXIT_FAILURE);
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index 2bcb22738..b0ad24c11 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -10056,6 +10056,7 @@ bool atcommand_exec(const int fd, struct map_session_data *sd, const char *messa
{
char params[100], command[100];
char output[CHAT_SIZE_MAX];
+ bool logCommand;
// Reconstructed message
char atcmd_msg[CHAT_SIZE_MAX];
@@ -10199,6 +10200,7 @@ bool atcommand_exec(const int fd, struct map_session_data *sd, const char *messa
}
}
+ logCommand = info->log;
//Attempt to use the command
if ((info->func(fd, ssd, command, params,info) != true)) {
#ifdef AUTOTRADE_PERSISTENCY
@@ -10210,7 +10212,8 @@ bool atcommand_exec(const int fd, struct map_session_data *sd, const char *messa
return true;
}
- if (info->log) /* log only if this command should be logged [Ind/Hercules] */
+ // info->log cant be used here, because info can be freed [4144]
+ if (logCommand) /* log only if this command should be logged [Ind/Hercules] */
logs->atcommand(sd, is_atcommand ? atcmd_msg : message);
return true;
diff --git a/src/map/clif.c b/src/map/clif.c
index 7c314b075..f8f50c7ee 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -10999,13 +10999,21 @@ void clif_parse_CreateChatRoom(int fd, struct map_session_data* sd) __attribute_
void clif_parse_CreateChatRoom(int fd, struct map_session_data* sd)
{
int len = RFIFOW(fd,2)-15;
- int limit = RFIFOW(fd,4);
- bool pub = (RFIFOB(fd,6) != 0);
- const char *password = RFIFOP(fd,7); //not zero-terminated
- const char *title = RFIFOP(fd,15); // not zero-terminated
+ int limit;
+ bool pub;
+ const char *password; //not zero-terminated
+ const char *title; // not zero-terminated
char s_password[CHATROOM_PASS_SIZE];
char s_title[CHATROOM_TITLE_SIZE];
+ if (len < 1)
+ return;
+
+ limit = RFIFOW(fd, 4);
+ pub = (RFIFOB(fd, 6) != 0);
+ password = RFIFOP(fd, 7); //not zero-terminated
+ title = RFIFOP(fd, 15); // not zero-terminated
+
if (pc_ismuted(&sd->sc, MANNER_NOROOM))
return;
if(battle_config.basic_skill_check && !pc->check_basicskill(sd, 4)) {
@@ -11021,9 +11029,6 @@ void clif_parse_CreateChatRoom(int fd, struct map_session_data* sd)
return;
}
- if( len <= 0 )
- return; // invalid input
-
safestrncpy(s_password, password, CHATROOM_PASS_SIZE);
safestrncpy(s_title, title, min(len+1,CHATROOM_TITLE_SIZE)); //NOTE: assumes that safestrncpy will not access the len+1'th byte
@@ -11050,15 +11055,20 @@ void clif_parse_ChatRoomStatusChange(int fd, struct map_session_data* sd) __attr
void clif_parse_ChatRoomStatusChange(int fd, struct map_session_data* sd)
{
int len = RFIFOW(fd,2)-15;
- int limit = RFIFOW(fd,4);
- bool pub = (RFIFOB(fd,6) != 0);
- const char *password = RFIFOP(fd,7); // not zero-terminated
- const char *title = RFIFOP(fd,15); // not zero-terminated
+ int limit;
+ bool pub;
+ const char *password; // not zero-terminated
+ const char *title; // not zero-terminated
char s_password[CHATROOM_PASS_SIZE];
char s_title[CHATROOM_TITLE_SIZE];
- if( len <= 0 )
- return; // invalid input
+ if (len < 1)
+ return;
+
+ limit = RFIFOW(fd, 4);
+ pub = (RFIFOB(fd, 6) != 0);
+ password = RFIFOP(fd, 7); // not zero-terminated
+ title = RFIFOP(fd, 15); // not zero-terminated
safestrncpy(s_password, password, CHATROOM_PASS_SIZE);
safestrncpy(s_title, title, min(len+1,CHATROOM_TITLE_SIZE)); //NOTE: assumes that safestrncpy will not access the len+1'th byte
@@ -11074,7 +11084,7 @@ void clif_parse_ChangeChatOwner(int fd, struct map_session_data* sd) __attribute
/// 1 = normal
void clif_parse_ChangeChatOwner(int fd, struct map_session_data* sd)
{
- chat->change_owner(sd, RFIFOP(fd,6));
+ chat->change_owner(sd, RFIFOP(fd,6)); // non null terminated
}
void clif_parse_KickFromChat(int fd,struct map_session_data *sd) __attribute__((nonnull (2)));
@@ -11082,7 +11092,7 @@ void clif_parse_KickFromChat(int fd,struct map_session_data *sd) __attribute__((
/// 00e2 <name>.24B
void clif_parse_KickFromChat(int fd,struct map_session_data *sd)
{
- chat->kick(sd, RFIFOP(fd,2));
+ chat->kick(sd, RFIFOP(fd,2)); // non null terminated
}
void clif_parse_ChatLeave(int fd, struct map_session_data* sd) __attribute__((nonnull (2)));
@@ -11841,17 +11851,21 @@ void clif_parse_NpcStringInput(int fd, struct map_session_data* sd) __attribute_
/// 01d5 <packet len>.W <npc id>.L <string>.?B
void clif_parse_NpcStringInput(int fd, struct map_session_data* sd)
{
+ int len = RFIFOW(fd, 2);
// [4144] can't confirm exact client version. At least >= correct for 20150513
#if PACKETVER >= 20151029
- int message_len = RFIFOW(fd, 2) - 7;
+ int message_len = len - 7;
#else
- int message_len = RFIFOW(fd, 2) - 8;
+ int message_len = len - 8;
#endif
- int npcid = RFIFOL(fd,4);
- const char *message = RFIFOP(fd,8);
+ int npcid;
+ const char *message;
+
+ if (len < 9)
+ return;
- if( message_len <= 0 )
- return; // invalid input
+ npcid = RFIFOL(fd, 4);
+ message = RFIFOP(fd, 8);
safestrncpy(sd->npc_str, message, min(message_len,CHATBOX_SIZE));
npc->scriptcont(sd, npcid, false);
@@ -13005,9 +13019,15 @@ void clif_parse_PurchaseReq(int fd, struct map_session_data* sd) __attribute__((
/// 0134 <packet len>.W <account id>.L { <amount>.W <index>.W }*
void clif_parse_PurchaseReq(int fd, struct map_session_data* sd)
{
- int len = (int)RFIFOW(fd,2) - 8;
- int id = RFIFOL(fd,4);
- const uint8 *data = RFIFOP(fd,8);
+ int len = (int)RFIFOW(fd, 2) - 8;
+ int id;
+ const uint8 *data;
+
+ if (len < 1)
+ return;
+
+ id = RFIFOL(fd, 4);
+ data = RFIFOP(fd, 8);
vending->purchase(sd, id, sd->vended_id, data, len/4);
@@ -13020,10 +13040,16 @@ void clif_parse_PurchaseReq2(int fd, struct map_session_data* sd) __attribute__(
/// 0801 <packet len>.W <account id>.L <unique id>.L { <amount>.W <index>.W }*
void clif_parse_PurchaseReq2(int fd, struct map_session_data* sd)
{
- int len = (int)RFIFOW(fd,2) - 12;
- int aid = RFIFOL(fd,4);
- int uid = RFIFOL(fd,8);
- const uint8 *data = RFIFOP(fd,12);
+ int len = (int)RFIFOW(fd, 2) - 12;
+ int aid;
+ int uid;
+ const uint8 *data;
+
+ if (len < 1)
+ return;
+ aid = RFIFOL(fd, 4);
+ uid = RFIFOL(fd, 8);
+ data = RFIFOP(fd, 12);
vending->purchase(sd, aid, uid, data, len/4);
@@ -13040,9 +13066,16 @@ void clif_parse_OpenVending(int fd, struct map_session_data* sd) __attribute__((
/// 1 = open
void clif_parse_OpenVending(int fd, struct map_session_data* sd) {
short len = (short)RFIFOW(fd,2) - 85;
- const char *message = RFIFOP(fd,4);
- bool flag = (RFIFOB(fd,84) != 0) ? true : false;
- const uint8 *data = RFIFOP(fd,85);
+ const char *message;
+ bool flag;
+ const uint8 *data;
+
+ if (len < 1)
+ return;
+
+ message = RFIFOP(fd,4);
+ flag = (RFIFOB(fd,84) != 0) ? true : false;
+ data = RFIFOP(fd,85);
if( !flag )
sd->state.prevend = sd->state.workinprogress = 0;
@@ -13135,12 +13168,14 @@ void clif_parse_GuildChangePositionInfo(int fd, struct map_session_data *sd) __a
void clif_parse_GuildChangePositionInfo(int fd, struct map_session_data *sd)
{
int i;
+ int count = (RFIFOW(fd, 2) - 4) / 40;
- if(!sd->state.gmaster_flag)
+ if (!sd->state.gmaster_flag)
return;
- for(i = 4; i < RFIFOW(fd,2); i += 40 ){
- guild->change_position(sd->status.guild_id, RFIFOL(fd,i), RFIFOL(fd,i+4), RFIFOL(fd,i+12), RFIFOP(fd,i+16));
+ for (i = 0; i < count; i ++ ) {
+ int idx = i * 40 + 4;
+ guild->change_position(sd->status.guild_id, RFIFOL(fd, idx), RFIFOL(fd, idx + 4), RFIFOL(fd, idx + 12), RFIFOP(fd, idx + 16));
}
}
@@ -13151,6 +13186,7 @@ void clif_parse_GuildChangeMemberPosition(int fd, struct map_session_data *sd)
{
int i;
int len = RFIFOW(fd, 2);
+ int count = (len - 4) / 12;
if(!sd->state.gmaster_flag)
return;
@@ -13161,10 +13197,11 @@ void clif_parse_GuildChangeMemberPosition(int fd, struct map_session_data *sd)
return;
}
- for(i=4;i<RFIFOW(fd,2);i+=12){
- int position = RFIFOL(fd, i + 8);
- if (position > 0) {
- guild->change_memberposition(sd->status.guild_id, RFIFOL(fd, i), RFIFOL(fd, i + 4), position);
+ for (i = 0; i < count; i++) {
+ int idx = i * 12 + 4;
+ int position = RFIFOL(fd, idx + 8);
+ if (position > 0 && position < MAX_GUILDPOSITION) {
+ guild->change_memberposition(sd->status.guild_id, RFIFOL(fd, idx), RFIFOL(fd, idx + 4), position);
}
}
}
@@ -13548,12 +13585,15 @@ void clif_parse_GuildBreak(int fd, struct map_session_data *sd) __attribute__((n
/// key:
/// now guild name; might have been (intended) email, since the
/// field name and size is same as the one in CH_DELETE_CHAR.
-void clif_parse_GuildBreak(int fd, struct map_session_data *sd) {
+void clif_parse_GuildBreak(int fd, struct map_session_data *sd)
+{
+ char key[40];
if( map->list[sd->bl.m].flag.guildlock ) {
clif->message(fd, msg_fd(fd,228)); // Guild modification is disabled in this map.
return;
}
- guild->dobreak(sd, RFIFOP(fd,2));
+ safestrncpy(key, RFIFOP(fd, 2), 40);
+ guild->dobreak(sd, key);
}
/// Pet
@@ -15302,17 +15342,19 @@ void clif_parse_Mail_winopen(int fd, struct map_session_data *sd)
void clif_parse_Mail_send(int fd, struct map_session_data *sd) __attribute__((nonnull (2)));
/// Request to send mail (CZ_MAIL_SEND).
/// 0248 <packet len>.W <recipient>.24B <title>.40B <body len>.B <body>.?B
+
void clif_parse_Mail_send(int fd, struct map_session_data *sd)
{
struct mail_message msg;
int body_len;
+ int len = RFIFOW(fd, 2);
if( !chrif->isconnected() )
return;
if( sd->state.trading )
return;
- if( RFIFOW(fd,2) < 69 ) {
+ if (len < 69) {
ShowWarning("Invalid Msg Len from account %d.\n", sd->status.account_id);
return;
}
@@ -15328,6 +15370,11 @@ void clif_parse_Mail_send(int fd, struct map_session_data *sd)
if (body_len > MAIL_BODY_LENGTH)
body_len = MAIL_BODY_LENGTH;
+ if (body_len + 69 > len) {
+ ShowWarning("Invalid Msg Len from account %d.\n", sd->status.account_id);
+ return;
+ }
+
memset(&msg, 0, sizeof(msg));
if (!mail->setattachment(sd, &msg)) { // Invalid Append condition
clif->mail_send(sd->fd, true); // fail
@@ -15833,15 +15880,24 @@ void clif_parse_cashshop_buy(int fd, struct map_session_data *sd)
fail = npc->cashshop_buy(sd, nameid, amount, points);
#else
int len = RFIFOW(fd,2);
- int points = RFIFOL(fd,4);
- int count = RFIFOW(fd,8);
+ int points;
+ int count;
struct itemlist item_list = { 0 };
int i;
- if( len < 10 || len != 10 + count * 4) {
+ if (len < 10) {
+ ShowWarning("Player %d sent incorrect cash shop buy packet (len %d)!\n", sd->status.char_id, len);
+ return;
+ }
+
+ points = RFIFOL(fd, 4);
+ count = RFIFOW(fd, 8);
+
+ if (len != 10 + count * 4) {
ShowWarning("Player %d sent incorrect cash shop buy packet (len %d:%d)!\n", sd->status.char_id, len, 10 + count * 4);
return;
}
+
VECTOR_INIT(item_list);
VECTOR_ENSURE(item_list, count, 1);
for (i = 0; i < count; i++) {
@@ -16879,7 +16935,7 @@ void clif_parse_ItemListWindowSelected(int fd, struct map_session_data *sd) __at
/// S 07e4 <length>.w <option>.l <val>.l {<index>.w <amount>.w).4b*
void clif_parse_ItemListWindowSelected(int fd, struct map_session_data *sd)
{
- int n = ((int)RFIFOW(fd,2) - 12) / 4;
+ int n = ((int)RFIFOW(fd, 2) - 12) / 4;
int type = RFIFOL(fd,4);
int flag = RFIFOL(fd,8); // Button clicked: 0 = Cancel, 1 = OK
struct itemlist item_list = { 0 };
@@ -17010,7 +17066,7 @@ void clif_parse_ReqOpenBuyingStore(int fd, struct map_session_data* sd) {
char storename[MESSAGE_SIZE];
unsigned char result;
int zenylimit;
- unsigned int count, packet_len;
+ int count, packet_len;
struct s_packet_db* info = &packet_db[RFIFOW(fd,0)];
packet_len = RFIFOW(fd,info->pos[0]);
@@ -17018,7 +17074,7 @@ void clif_parse_ReqOpenBuyingStore(int fd, struct map_session_data* sd) {
// TODO: Make this check global for all variable length packets.
if( packet_len < 89 )
{// minimum packet length
- ShowError("clif_parse_ReqOpenBuyingStore: Malformed packet (expected length=%u, length=%u, account_id=%d).\n", 89U, packet_len, sd->bl.id);
+ ShowError("clif_parse_ReqOpenBuyingStore: Malformed packet (expected length=%u, length=%d, account_id=%d).\n", 89U, packet_len, sd->bl.id);
return;
}
@@ -17030,9 +17086,12 @@ void clif_parse_ReqOpenBuyingStore(int fd, struct map_session_data* sd) {
// so that buyingstore_create knows, how many elements it has access to
packet_len-= info->pos[4];
+ if (packet_len < 0)
+ return;
+
if( packet_len%blocksize )
{
- ShowError("clif_parse_ReqOpenBuyingStore: Unexpected item list size %u (account_id=%d, block size=%u)\n", packet_len, sd->bl.id, blocksize);
+ ShowError("clif_parse_ReqOpenBuyingStore: Unexpected item list size %d (account_id=%d, block size=%u)\n", packet_len, sd->bl.id, blocksize);
return;
}
count = packet_len/blocksize;
@@ -17201,14 +17260,15 @@ void clif_parse_ReqTradeBuyingStore(int fd, struct map_session_data* sd) {
const unsigned int blocksize = 6;
const uint8 *itemlist;
int account_id;
- unsigned int count, packet_len, buyer_id;
+ unsigned int buyer_id;
+ int count, packet_len;
struct s_packet_db* info = &packet_db[RFIFOW(fd,0)];
packet_len = RFIFOW(fd,info->pos[0]);
if( packet_len < 12 )
{// minimum packet length
- ShowError("clif_parse_ReqTradeBuyingStore: Malformed packet (expected length=%u, length=%u, account_id=%d).\n", 12U, packet_len, sd->bl.id);
+ ShowError("clif_parse_ReqTradeBuyingStore: Malformed packet (expected length=%u, length=%d, account_id=%d).\n", 12U, packet_len, sd->bl.id);
return;
}
@@ -17218,10 +17278,12 @@ void clif_parse_ReqTradeBuyingStore(int fd, struct map_session_data* sd) {
// so that buyingstore_trade knows, how many elements it has access to
packet_len-= info->pos[3];
+ if (packet_len < 0)
+ return;
if( packet_len%blocksize )
{
- ShowError("clif_parse_ReqTradeBuyingStore: Unexpected item list size %u (account_id=%d, buyer_id=%d, block size=%u)\n", packet_len, sd->bl.id, account_id, blocksize);
+ ShowError("clif_parse_ReqTradeBuyingStore: Unexpected item list size %d (account_id=%d, buyer_id=%d, block size=%u)\n", packet_len, sd->bl.id, account_id, blocksize);
return;
}
count = packet_len/blocksize;
@@ -17340,14 +17402,15 @@ void clif_parse_SearchStoreInfo(int fd, struct map_session_data* sd) {
const uint8* itemlist;
const uint8* cardlist;
unsigned char type;
- unsigned int min_price, max_price, packet_len, count, item_count, card_count;
+ unsigned int min_price, max_price;
+ int packet_len, count, item_count, card_count;
struct s_packet_db* info = &packet_db[RFIFOW(fd,0)];
packet_len = RFIFOW(fd,info->pos[0]);
if( packet_len < 15 )
{// minimum packet length
- ShowError("clif_parse_SearchStoreInfo: Malformed packet (expected length=%u, length=%u, account_id=%d).\n", 15U, packet_len, sd->bl.id);
+ ShowError("clif_parse_SearchStoreInfo: Malformed packet (expected length=%u, length=%d, account_id=%d).\n", 15U, packet_len, sd->bl.id);
return;
}
@@ -17357,24 +17420,28 @@ void clif_parse_SearchStoreInfo(int fd, struct map_session_data* sd) {
item_count = RFIFOB(fd,info->pos[4]);
card_count = RFIFOB(fd,info->pos[5]);
itemlist = RFIFOP(fd,info->pos[6]);
- cardlist = RFIFOP(fd,info->pos[6]+blocksize*item_count);
// check, if there is enough data for the claimed count of items
packet_len-= info->pos[6];
+ if (packet_len < 0)
+ return;
+
if( packet_len%blocksize )
{
- ShowError("clif_parse_SearchStoreInfo: Unexpected item list size %u (account_id=%d, block size=%u)\n", packet_len, sd->bl.id, blocksize);
+ ShowError("clif_parse_SearchStoreInfo: Unexpected item list size %d (account_id=%d, block size=%u)\n", packet_len, sd->bl.id, blocksize);
return;
}
count = packet_len/blocksize;
if( count < item_count+card_count )
{
- ShowError("clif_parse_SearchStoreInfo: Malformed packet (expected count=%u, count=%u, account_id=%d).\n", item_count+card_count, count, sd->bl.id);
+ ShowError("clif_parse_SearchStoreInfo: Malformed packet (expected count=%d, count=%d, account_id=%d).\n", item_count+card_count, count, sd->bl.id);
return;
}
+ cardlist = RFIFOP(fd, info->pos[6] + blocksize * item_count);
+
searchstore->query(sd, type, min_price, max_price, (const unsigned short*)itemlist, item_count, (const unsigned short*)cardlist, card_count);
}
@@ -17994,16 +18061,30 @@ void clif_parse_CashShopSchedule(int fd, struct map_session_data *sd)
#endif
}
+/// R 0848 <len>.W <limit>.W <kafra pay>.L (<item id>.L <amount>.L <tab>.W)*
void clif_parse_CashShopBuy(int fd, struct map_session_data *sd) __attribute__((nonnull (2)));
void clif_parse_CashShopBuy(int fd, struct map_session_data *sd) {
- unsigned short limit = RFIFOW(fd, 4), i, j;
- unsigned int kafra_pay = RFIFOL(fd, 6);// [Ryuuzaki] - These are free cash points (strangely #CASH = main cash currently for us, confusing)
+ int len = RFIFOW(fd, 2);
+ unsigned short limit, i, j;
+ unsigned int kafra_pay;
+ int count;
if (map->list[sd->bl.m].flag.nocashshop) {
clif->messagecolor_self(fd, COLOR_RED, msg_fd(fd,1489)); //Cash Shop is disabled in this map
return;
}
+ if (len < 10)
+ return;
+
+ limit = RFIFOW(fd, 4);
+ kafra_pay = RFIFOL(fd, 6); // [Ryuuzaki] - These are free cash points (strangely #CASH = main cash currently for us, confusing)
+ count = (len - 10) / 10;
+ if (count != limit) {
+ ShowError("Wrong cash shop limit: %d\n", limit);
+ return;
+ }
+
for(i = 0; i < limit; i++) {
int qty = RFIFOL(fd, 14 + ( i * 10 ));
int id = RFIFOL(fd, 10 + ( i * 10 ));
diff --git a/src/map/unit.c b/src/map/unit.c
index 938b587f3..c40aa7000 100644
--- a/src/map/unit.c
+++ b/src/map/unit.c
@@ -2210,6 +2210,7 @@ int unit_attack_timer_sub(struct block_list* src, int tid, int64 tick)
//Non-players use the sync packet on the walk timer. [Skotlex]
if (tid == INVALID_TIMER && sd) clif->fixpos(src);
+ map->freeblock_lock();
if( DIFF_TICK(ud->attackabletime,tick) <= 0 ) {
if (battle_config.attack_direction_change && (src->type&battle_config.attack_direction_change)) {
ud->dir = map->calc_dir(src, target->x,target->y );
@@ -2219,8 +2220,10 @@ int unit_attack_timer_sub(struct block_list* src, int tid, int64 tick)
if(md) {
//First attack is always a normal attack
if(md->state.skillstate == MSS_ANGRY || md->state.skillstate == MSS_BERSERK) {
- if (mob->skill_use(md,tick,-1))
+ if (mob->skill_use(md,tick,-1)) {
+ map->freeblock_unlock();
return 1;
+ }
} else {
// Set mob's ANGRY/BERSERK states.
md->state.skillstate = md->state.aggressive?MSS_ANGRY:MSS_BERSERK;
@@ -2232,21 +2235,23 @@ int unit_attack_timer_sub(struct block_list* src, int tid, int64 tick)
map->foreachinrange(mob->linksearch, src, md->db->range2, BL_MOB, md->class_, target, tick);
}
}
- if (src->type == BL_PET && pet->attackskill(BL_UCAST(BL_PET, src), target->id))
+ if (src->type == BL_PET && pet->attackskill(BL_UCAST(BL_PET, src), target->id)) {
+ map->freeblock_unlock();
return 1;
+ }
- map->freeblock_lock();
ud->attacktarget_lv = battle->weapon_attack(src,target,tick,0);
if(sd && sd->status.pet_id > 0 && sd->pd && battle_config.pet_attack_support)
pet->target_check(sd,target,0);
- map->freeblock_unlock();
/**
* Applied when you're unable to attack (e.g. out of ammo)
* We should stop here otherwise timer keeps on and this happens endlessly
**/
- if( ud->attacktarget_lv == ATK_NONE )
+ if (ud->attacktarget_lv == ATK_NONE) {
+ map->freeblock_unlock();
return 1;
+ }
ud->attackabletime = tick + sstatus->adelay;
// You can't move if you can't attack neither.
@@ -2260,6 +2265,7 @@ int unit_attack_timer_sub(struct block_list* src, int tid, int64 tick)
pc->update_idle_time(sd, BCIDLE_ATTACK);
ud->attacktimer = timer->add(ud->attackabletime,unit->attack_timer,src->id,0);
}
+ map->freeblock_unlock();
if (sd != NULL && battle_config.prevent_logout_trigger & PLT_ATTACK)
sd->canlog_tick = timer->gettick();