diff options
| author | Jessica Tölke <jtoelke@mail.upb.de> | 2013-04-12 23:35:06 +0200 |
|---|---|---|
| committer | Jessica Tölke <jtoelke@mail.upb.de> | 2013-04-14 11:27:30 +0200 |
| commit | f4dcf3a0ed93546958c5fa59dbac32511a6bac0c (patch) | |
| tree | 5d647baed130069fbf171bf8205506f54429935f /world/map/npc | |
| parent | 9c9034116fab44475c9bad57b727a374fbd01ebf (diff) | |
| download | serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.gz serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.bz2 serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.tar.xz serverdata-f4dcf3a0ed93546958c5fa59dbac32511a6bac0c.zip | |
Fix exploit in Brodomir script due to unexpected behavior of delitem/getitem.
- delitem: only deletes one item if applied to not-stackable item (equipment)
- getitem: gives item stacked, even if it's equipment
- fix: use a loop and only delete/give one item at a time
Diffstat (limited to 'world/map/npc')
| -rw-r--r-- | world/map/npc/009-6/brodomir.txt | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/world/map/npc/009-6/brodomir.txt b/world/map/npc/009-6/brodomir.txt index f001efa4..f3fc8399 100644 --- a/world/map/npc/009-6/brodomir.txt +++ b/world/map/npc/009-6/brodomir.txt @@ -87,7 +87,15 @@ L_Item: goto L_Wait; if (countitem(@brodomir_item$) < @brodomir_item_amount) goto L_NoItem; - delitem @brodomir_item$, @brodomir_item_amount; + + // we need this loop because for items that can't be stacked, delitem can only delete a single one + set @loopcounter, @brodomir_item_amount; +L_Delitem: + delitem @brodomir_item$, 1; + set @loopcounter, @loopcounter - 1; + if (@loopcounter > 0) + goto L_Delitem; + set $@BRODOMIR_SPONSOR, getcharid(3); goto L_Go; @@ -164,8 +172,17 @@ L_Warpfail: mapannounce "009-6.gat", "There are not enough players around to start!", 0; if ($@BRODOMIR_ITEM_AMOUNT == 0) goto L_Cleanup; - if (attachrid($@BRODOMIR_SPONSOR) != 0) - getitem $@BRODOMIR_ITEM$, $@BRODOMIR_ITEM_AMOUNT; + if (attachrid($@BRODOMIR_SPONSOR) == 0) + goto L_SkipItemback; + + // we need this loop because for items that can't be stacked, getitem will stack them nevertheless +L_GetitemLoop: + getitem $@BRODOMIR_ITEM$, 1; + set $@BRODOMIR_ITEM_AMOUNT, $@BRODOMIR_ITEM_AMOUNT - 1; + if ($@BRODOMIR_ITEM_AMOUNT > 0) + goto L_GetitemLoop; + +L_SkipItemback: set $@BRODOMIR_ITEM_AMOUNT, 0; set $@BRODOMIR_ITEM$, ""; set $@BRODOMIR_SPONSOR, 0; @@ -182,8 +199,14 @@ onReward: goto L_Dead; message strcharinfo(0), "Congratulations you won!"; set Zeny, Zeny + ($@BRODOMIR_MONEY + 150 * $@BRODOMIR_PLAYERS); - getitem $@BRODOMIR_ITEM$, $@BRODOMIR_ITEM_AMOUNT; - set $@BRODOMIR_ITEM_AMOUNT, 0; + + // we need this loop because for items that can't be stacked, getitem will stack them nevertheless +L_Getitem: + getitem $@BRODOMIR_ITEM$, 1; + set $@BRODOMIR_ITEM_AMOUNT, $@BRODOMIR_ITEM_AMOUNT - 1; + if ($@BRODOMIR_ITEM_AMOUNT > 0) + goto L_Getitem; + set $@BRODOMIR_ITEM$, ""; set $@BRODOMIR_SPONSOR, 0; set $@BRODOMIR_MONEY, 0; |