From c4a3fd1133cea06a1716ae81d9c5cf8b7f1ddb8b Mon Sep 17 00:00:00 2001
From: Andrei Karas <akaras@inbox.ru>
Date: Thu, 15 Jan 2015 21:04:57 +0300
Subject: char: validate player look value on char creation.

---
 src/char/char.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/char/char.c')

diff --git a/src/char/char.c b/src/char/char.c
index 38c5f42..b0328c6 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -59,6 +59,13 @@ void echar_parse_char_create_new_char(int *fdPtr, struct char_session_data* sd)
             return;
         }
         look = RFIFOW(fd, 34);
+        if (look < min_look || look > max_look)
+        {
+            chr->creation_failed(fd, -12);
+            RFIFOSKIP(fd, 31 + 5);
+            hookStop();
+            return;
+        }
     }
 
     const int result = chr->make_new_char_sql(sd, (char*)RFIFOP(fd, 2), 1, 1, 1, 1, 1, 1, RFIFOB(fd, 26), RFIFOW(fd, 27), RFIFOW(fd, 29));
@@ -110,6 +117,7 @@ void echar_creation_failed(int *fdPtr, int *result)
         case -5: WFIFOB(fd, 2) = 0x02; break; // 'Symbols in Character Names are forbidden'
         case -10: WFIFOB(fd, 2) = 0x50; break; // Wrong class
         case -11: WFIFOB(fd, 2) = 0x51; break; // Wrong sex
+        case -12: WFIFOB(fd, 2) = 0x52; break; // Wrong look
 
         default:
             ShowWarning("chr->parse_char: Unknown result received from chr->make_new_char_sql: %d!\n", *result);
-- 
cgit v1.2.3-60-g2f50