summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-03-21 10:08:40 +0000
committerultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-03-21 10:08:40 +0000
commit1870f99f285b3aee1e6dbffaa29a23c1f27d9080 (patch)
tree60a5b397ebff07bc72350423be0c8fed55b20362 /src
parent09b5ddd71e1daa21c8e186207f7f3d1a4e3b11ed (diff)
downloadhercules-1870f99f285b3aee1e6dbffaa29a23c1f27d9080.tar.gz
hercules-1870f99f285b3aee1e6dbffaa29a23c1f27d9080.tar.bz2
hercules-1870f99f285b3aee1e6dbffaa29a23c1f27d9080.tar.xz
hercules-1870f99f285b3aee1e6dbffaa29a23c1f27d9080.zip
Added missing checks to stop an infinite free cash point exploit. (bugreport:4139)
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14266 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src')
-rw-r--r--src/map/npc.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/map/npc.c b/src/map/npc.c
index e629848fe..15434f357 100644
--- a/src/map/npc.c
+++ b/src/map/npc.c
@@ -1156,6 +1156,12 @@ int npc_cashshop_buy(struct map_session_data *sd, int nameid, int amount, int po
struct item_data *item;
int i, price, w;
+ if( amount <= 0 )
+ return 5;
+
+ if( points < 0 )
+ return 6;
+
if( !nd || nd->subtype != CASHSHOP )
return 1;
@@ -1192,6 +1198,13 @@ int npc_cashshop_buy(struct map_session_data *sd, int nameid, int amount, int po
if( w + sd->weight > sd->max_weight )
return 3;
+ if( (double)nd->u.shop.shop_item[i].value * amount > INT_MAX )
+ {
+ ShowWarning("npc_cashshop_buy: Item '%s' (%d) price overflow attempt!\n", item->name, nameid);
+ ShowDebug("(NPC:'%s' (%s,%d,%d), player:'%s' (%d/%d), value:%d, amount:%d)\n", nd->exname, map[nd->bl.m].name, nd->bl.x, nd->bl.y, sd->status.name, sd->status.account_id, sd->status.char_id, nd->u.shop.shop_item[i].value, amount);
+ return 5;
+ }
+
price = nd->u.shop.shop_item[i].value * amount;
if( points > price )
points = price;