From 76bc7c8e3f96067b3b56869b9a4072018ece1fe6 Mon Sep 17 00:00:00 2001
From: epoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec>
Date: Thu, 22 Mar 2012 12:32:12 +0000
Subject: - Fixed a friend-list exploit allowing players to confirm the online
 status of another player. (bugreport:4863)

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@15764 54d463be-8e91-2dee-dedb-b68131a5f0ec
---
 src/map/clif.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/map/clif.c b/src/map/clif.c
index fabfa7ec2..81b10b7e2 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -12675,6 +12675,14 @@ void clif_parse_FriendsListAdd(int fd, struct map_session_data *sd)
 
 	f_sd = map_nick2sd((char*)RFIFOP(fd,2));
 
+	// ensure that the request player's friend list is not full
+	ARR_FIND(0, MAX_FRIENDS, i, sd->status.friends[i].char_id == 0);
+
+	if( i == MAX_FRIENDS ) {
+		clif_friendslist_reqack(sd, f_sd, 2);
+		return;
+	}
+
 	// Friend doesn't exist (no player with this name)
 	if (f_sd == NULL) {
 		clif_displaymessage(fd, msg_txt(3));
@@ -12700,12 +12708,6 @@ void clif_parse_FriendsListAdd(int fd, struct map_session_data *sd)
 		}
 	}
 
-	if (i == MAX_FRIENDS) {
-		//No space, list full.
-		clif_friendslist_reqack(sd, f_sd, 2);
-		return;
-	}
-
 	f_sd->friend_req = sd->status.char_id;
 	sd->friend_req   = f_sd->status.char_id;
 
-- 
cgit v1.2.3-70-g09d2