diff options
author | ultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2009-04-20 16:28:53 +0000 |
---|---|---|
committer | ultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2009-04-20 16:28:53 +0000 |
commit | 3341f0175012e8f96bea68355f5323b25a7e6ce8 (patch) | |
tree | b0dc00e73bc56f3b1a7b47cca15399f80909beb2 /src | |
parent | a83d8d8adc19125d958528b3a9f04d40eadce5c3 (diff) | |
download | hercules-3341f0175012e8f96bea68355f5323b25a7e6ce8.tar.gz hercules-3341f0175012e8f96bea68355f5323b25a7e6ce8.tar.bz2 hercules-3341f0175012e8f96bea68355f5323b25a7e6ce8.tar.xz hercules-3341f0175012e8f96bea68355f5323b25a7e6ce8.zip |
Adjusted the exploit crashfix from r13678 to abort when invalid input is detected.
Script text input packets of length 8 are now also invalid since there must be at least a zero byte (end of string) present.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13680 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src')
-rw-r--r-- | src/map/clif.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/map/clif.c b/src/map/clif.c index abc782b49..cb4450b6d 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -9797,8 +9797,8 @@ void clif_parse_NpcStringInput(int fd, struct map_session_data* sd) int npcid = RFIFOL(fd,4); const char* message = (char*)RFIFOP(fd,8); - if( message_len < 0 ) - message_len = 0; + if( message_len <= 0 ) + return; // invalid input safestrncpy(sd->npc_str, message, min(message_len,CHATBOX_SIZE)); npc_scriptcont(sd, npcid); |