summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorepoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec>2012-03-22 12:32:12 +0000
committerepoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec>2012-03-22 12:32:12 +0000
commit76bc7c8e3f96067b3b56869b9a4072018ece1fe6 (patch)
tree173c4c227be22f9e19bb5b1437c6386453e7fdbe /src
parent8330a9a9d57477484b456244616a923838593e7f (diff)
downloadhercules-76bc7c8e3f96067b3b56869b9a4072018ece1fe6.tar.gz
hercules-76bc7c8e3f96067b3b56869b9a4072018ece1fe6.tar.bz2
hercules-76bc7c8e3f96067b3b56869b9a4072018ece1fe6.tar.xz
hercules-76bc7c8e3f96067b3b56869b9a4072018ece1fe6.zip
- Fixed a friend-list exploit allowing players to confirm the online status of another player. (bugreport:4863)
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@15764 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src')
-rw-r--r--src/map/clif.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/map/clif.c b/src/map/clif.c
index fabfa7ec2..81b10b7e2 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -12675,6 +12675,14 @@ void clif_parse_FriendsListAdd(int fd, struct map_session_data *sd)
f_sd = map_nick2sd((char*)RFIFOP(fd,2));
+ // ensure that the request player's friend list is not full
+ ARR_FIND(0, MAX_FRIENDS, i, sd->status.friends[i].char_id == 0);
+
+ if( i == MAX_FRIENDS ) {
+ clif_friendslist_reqack(sd, f_sd, 2);
+ return;
+ }
+
// Friend doesn't exist (no player with this name)
if (f_sd == NULL) {
clif_displaymessage(fd, msg_txt(3));
@@ -12700,12 +12708,6 @@ void clif_parse_FriendsListAdd(int fd, struct map_session_data *sd)
}
}
- if (i == MAX_FRIENDS) {
- //No space, list full.
- clif_friendslist_reqack(sd, f_sd, 2);
- return;
- }
-
f_sd->friend_req = sd->status.char_id;
sd->friend_req = f_sd->status.char_id;