summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJessica Tölke <jtoelke@mail.upb.de>2013-04-12 23:35:06 +0200
committerJessica Tölke <jtoelke@mail.upb.de>2013-04-14 11:27:30 +0200
commitf4dcf3a0ed93546958c5fa59dbac32511a6bac0c (patch)
tree5d647baed130069fbf171bf8205506f54429935f
parent9c9034116fab44475c9bad57b727a374fbd01ebf (diff)
downloadserverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.gz
serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.bz2
serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.xz
serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.zip
Fix exploit in Brodomir script due to unexpected behavior of delitem/getitem.
- delitem: only deletes one item if applied to not-stackable item (equipment) - getitem: gives item stacked, even if it's equipment - fix: use a loop and only delete/give one item at a time
-rw-r--r--world/map/npc/009-6/brodomir.txt33
1 files changed, 28 insertions, 5 deletions
diff --git a/world/map/npc/009-6/brodomir.txt b/world/map/npc/009-6/brodomir.txt
index f001efa4..f3fc8399 100644
--- a/world/map/npc/009-6/brodomir.txt
+++ b/world/map/npc/009-6/brodomir.txt
@@ -87,7 +87,15 @@ L_Item:
goto L_Wait;
if (countitem(@brodomir_item$) < @brodomir_item_amount)
goto L_NoItem;
- delitem @brodomir_item$, @brodomir_item_amount;
+
+ // we need this loop because for items that can't be stacked, delitem can only delete a single one
+ set @loopcounter, @brodomir_item_amount;
+L_Delitem:
+ delitem @brodomir_item$, 1;
+ set @loopcounter, @loopcounter - 1;
+ if (@loopcounter > 0)
+ goto L_Delitem;
+
set $@BRODOMIR_SPONSOR, getcharid(3);
goto L_Go;
@@ -164,8 +172,17 @@ L_Warpfail:
mapannounce "009-6.gat", "There are not enough players around to start!", 0;
if ($@BRODOMIR_ITEM_AMOUNT == 0)
goto L_Cleanup;
- if (attachrid($@BRODOMIR_SPONSOR) != 0)
- getitem $@BRODOMIR_ITEM$, $@BRODOMIR_ITEM_AMOUNT;
+ if (attachrid($@BRODOMIR_SPONSOR) == 0)
+ goto L_SkipItemback;
+
+ // we need this loop because for items that can't be stacked, getitem will stack them nevertheless
+L_GetitemLoop:
+ getitem $@BRODOMIR_ITEM$, 1;
+ set $@BRODOMIR_ITEM_AMOUNT, $@BRODOMIR_ITEM_AMOUNT - 1;
+ if ($@BRODOMIR_ITEM_AMOUNT > 0)
+ goto L_GetitemLoop;
+
+L_SkipItemback:
set $@BRODOMIR_ITEM_AMOUNT, 0;
set $@BRODOMIR_ITEM$, "";
set $@BRODOMIR_SPONSOR, 0;
@@ -182,8 +199,14 @@ onReward:
goto L_Dead;
message strcharinfo(0), "Congratulations you won!";
set Zeny, Zeny + ($@BRODOMIR_MONEY + 150 * $@BRODOMIR_PLAYERS);
- getitem $@BRODOMIR_ITEM$, $@BRODOMIR_ITEM_AMOUNT;
- set $@BRODOMIR_ITEM_AMOUNT, 0;
+
+ // we need this loop because for items that can't be stacked, getitem will stack them nevertheless
+L_Getitem:
+ getitem $@BRODOMIR_ITEM$, 1;
+ set $@BRODOMIR_ITEM_AMOUNT, $@BRODOMIR_ITEM_AMOUNT - 1;
+ if ($@BRODOMIR_ITEM_AMOUNT > 0)
+ goto L_Getitem;
+
set $@BRODOMIR_ITEM$, "";
set $@BRODOMIR_SPONSOR, 0;
set $@BRODOMIR_MONEY, 0;