diff options
| author | shennetsind <shennetsind@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2011-12-20 03:48:42 +0000 |
|---|---|---|
| committer | shennetsind <shennetsind@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2011-12-20 03:48:42 +0000 |
| commit | 9047184594dfbe6237ad18179160badefecf6e22 (patch) | |
| tree | 75f6d9c3b7cf0dc1d28294fbbd78ec87cec98c8c /src/char_sql | |
| parent | a9c4f6b3e887343fd0cc182e3ac48e78155a5bd8 (diff) | |
| download | hercules-9047184594dfbe6237ad18179160badefecf6e22.tar.gz hercules-9047184594dfbe6237ad18179160badefecf6e22.tar.bz2 hercules-9047184594dfbe6237ad18179160badefecf6e22.tar.xz hercules-9047184594dfbe6237ad18179160badefecf6e22.zip | |
1/2/3-letter char name creation exploit fix.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@15169 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/char_sql')
| -rw-r--r-- | src/char_sql/char.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/char_sql/char.c b/src/char_sql/char.c index b1f4a1c94..410f813e3 100644 --- a/src/char_sql/char.c +++ b/src/char_sql/char.c @@ -1293,7 +1293,12 @@ int check_char_name(char * name, char * esc_name) // check length of character name if( name[0] == '\0' ) return -2; // empty character name - + /** + * The client does not allow you to create names with less than 4 characters, however, + * the use of WPE can bypass this, and this fixes the exploit. + **/ + if( strlen( name ) < 4 ) + return -2; // check content of character name if( remove_control_chars(name) ) return -2; // control chars in name |