diff options
| -rw-r--r-- | Changelog-Trunk.txt | 1 | ||||
| -rw-r--r-- | src/map/clif.c | 12 |
2 files changed, 10 insertions, 3 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index 24fd2e55f..6cac17b06 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2006/05/28
+ * [ Protected ] : clif_parse_LGMmessage from possible hacks [Lance]
* Fixed unable to store n items into storage unless n was the total amount
of items you had. [Skotlex]
* Suppressed compilation warnings (unsigned and signed mismatches) [Lance]
diff --git a/src/map/clif.c b/src/map/clif.c index a485a1501..1b4ec6e93 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -10070,14 +10070,20 @@ void clif_parse_ResetChar(int fd, struct map_session_data *sd) { */
void clif_parse_LGMmessage(int fd, struct map_session_data *sd) {
unsigned char buf[512];
+ int len = RFIFOREST(fd);
+ int plen = RFIFOW(fd,2);
RFIFOHEAD(fd);
+ if(plen <= 0 || plen > len) // Possible hack! [Lance]
+ plen = len;
+
if ((battle_config.atc_gmonly == 0 || pc_isGM(sd)) &&
(pc_isGM(sd) >= get_atcommand_level(AtCommand_LocalBroadcast))) {
WBUFW(buf,0) = 0x9a;
- WBUFW(buf,2) = RFIFOW(fd,2);
- memcpy(WBUFP(buf,4), RFIFOP(fd,4), RFIFOW(fd,2) - 4);
- clif_send(buf, RFIFOW(fd,2), &sd->bl, ALL_SAMEMAP);
+ WBUFW(buf,2) = plen;
+ memcpy(WBUFP(buf,4), RFIFOP(fd,4), plen - 4);
+ WBUFB(buf,plen-1) = '\0'; // Must have NULL termination [Lance]
+ clif_send(buf, plen, &sd->bl, ALL_SAMEMAP);
}
}
|