From 79870f8e41c5fa8d5475a355600c40113e37e2db Mon Sep 17 00:00:00 2001 From: Zido Date: Wed, 12 Jul 2006 22:25:24 +0000 Subject: - Fixed negative value exploit (view changelog) git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@7647 54d463be-8e91-2dee-dedb-b68131a5f0ec --- Changelog-Trunk.txt | 5 +++++ src/map/pc.c | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index b37c7c254..2bde2cfd9 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,11 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK. 2006/07/12 + * Fixed exploit in pc_bonus there are no checks that check that the value being + added onto a status don't make it go below zero, which means if you have a mineral + card and reset stats it reduces your base attack to lower than zero, making it + go up to 64000. Fixed by adding a check for SP_BASE_ATK, although i recommend + doing it for other status bonuses also [Zido] * Recoded NJ_BAKUENRYU to behave as I understand it best from the skill-description (since Haplo told me this skill doesn't really has video information or anything...) [Skotlex] diff --git a/src/map/pc.c b/src/map/pc.c index d8b8f9bfa..53c953a2c 100644 --- a/src/map/pc.c +++ b/src/map/pc.c @@ -1278,8 +1278,10 @@ int pc_bonus(struct map_session_data *sd,int type,int val) status->lhw->atk2+=val; break; case SP_BASE_ATK: - if(sd->state.lr_flag != 2) - status->batk+=val; + if(sd->state.lr_flag != 2) { + if(!(val<0 && ((val-val-val)>status->batk))) + status->batk+=val; + } break; case SP_MATK1: if(sd->state.lr_flag != 2) -- cgit v1.2.3-60-g2f50