From 3341f0175012e8f96bea68355f5323b25a7e6ce8 Mon Sep 17 00:00:00 2001
From: ultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec>
Date: Mon, 20 Apr 2009 16:28:53 +0000
Subject: Adjusted the exploit crashfix from r13678 to abort when invalid input
 is detected. Script text input packets of length 8 are now also invalid since
 there must be at least a zero byte (end of string) present.

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13680 54d463be-8e91-2dee-dedb-b68131a5f0ec
---
 src/map/clif.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/map')

diff --git a/src/map/clif.c b/src/map/clif.c
index abc782b49..cb4450b6d 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -9797,8 +9797,8 @@ void clif_parse_NpcStringInput(int fd, struct map_session_data* sd)
 	int npcid = RFIFOL(fd,4);
 	const char* message = (char*)RFIFOP(fd,8);
 	
-	if( message_len < 0 )
-		message_len = 0;
+	if( message_len <= 0 )
+		return; // invalid input
 
 	safestrncpy(sd->npc_str, message, min(message_len,CHATBOX_SIZE));
 	npc_scriptcont(sd, npcid);
-- 
cgit v1.2.3-70-g09d2