diff options
Diffstat (limited to 'src/map')
| -rw-r--r-- | src/map/battle.cpp | 21 | ||||
| -rw-r--r-- | src/map/battle.hpp | 1 | ||||
| -rw-r--r-- | src/map/clif.cpp | 61 |
3 files changed, 50 insertions, 33 deletions
diff --git a/src/map/battle.cpp b/src/map/battle.cpp index 589568b..991a489 100644 --- a/src/map/battle.cpp +++ b/src/map/battle.cpp @@ -182,6 +182,27 @@ int battle_get_max_hp(dumb_ptr<block_list> bl) } } +VString<23> battle_get_name(dumb_ptr<block_list> bl) +{ + VString<23> name; + nullpo_retr(name, bl); + + switch (bl->bl_type) + { + case BL::PC: + name = bl->is_player()->status_key.name.to__actual(); + break; + case BL::NPC: + name = bl->is_npc()->name; + break; + case BL::MOB: + name = bl->is_mob()->name; + break; + } + + return name; +} + /*========================================== * 対象のStrを返す(汎用) * 戻りは整数で0以上 diff --git a/src/map/battle.hpp b/src/map/battle.hpp index 1a13420..8f31fe0 100644 --- a/src/map/battle.hpp +++ b/src/map/battle.hpp @@ -67,6 +67,7 @@ ATK battle_weapon_attack(dumb_ptr<block_list> bl, dumb_ptr<block_list> target, int battle_is_unarmed(dumb_ptr<block_list> bl); Species battle_get_class(dumb_ptr<block_list> bl); +VString<23> battle_get_name(dumb_ptr<block_list> bl); DIR battle_get_dir(dumb_ptr<block_list> bl); int battle_get_lv(dumb_ptr<block_list> bl); int battle_get_range(dumb_ptr<block_list> bl); diff --git a/src/map/clif.cpp b/src/map/clif.cpp index 9743e49..a38151f 100644 --- a/src/map/clif.cpp +++ b/src/map/clif.cpp @@ -3790,6 +3790,20 @@ RecvResult clif_parse_GetCharNameRequest(Session *s, dumb_ptr<map_session_data> return rv; } +static +void clif_message_sub(Buffer& buf, dumb_ptr<block_list> bl, AString msg) +{ + VString<23> name = battle_get_name(bl); + msg = STRPRINTF("%s : %s"_fmt, name, msg); + size_t msg_len = msg.size() + 1; + if (msg_len + 16 > 512) + return; + + Packet_Head<0x008d> head_8d; + head_8d.block_id = bl->bl_id; + buf = create_vpacket<0x008d, 8, 1>(head_8d, msg); +} + /*========================================== * Validate and process transmission of a * global/public message. @@ -3825,10 +3839,8 @@ RecvResult clif_parse_GlobalMessage(Session *s, dumb_ptr<map_session_data> sd) } /* It's not a spell/magic message, so send the message to others. */ - Packet_Head<0x008d> head_8d; - head_8d.block_id = sd->bl_id; - XString repeat_8d = mbuf; - Buffer sendbuf = create_vpacket<0x008d, 8, 1>(head_8d, repeat_8d); + Buffer sendbuf; + clif_message_sub(sendbuf, sd, mbuf); clif_send(sendbuf, sd, SendWho::AREA_CHAT_WOC, MIN_CLIENT_VERSION); } @@ -3839,18 +3851,6 @@ RecvResult clif_parse_GlobalMessage(Session *s, dumb_ptr<map_session_data> sd) return rv; } -static -void clif_message_sub(Buffer& buf, dumb_ptr<block_list> bl, XString msg) -{ - size_t msg_len = msg.size() + 1; - if (msg_len + 16 > 512) - return; - - Packet_Head<0x008d> head_8d; - head_8d.block_id = bl->bl_id; - buf = create_vpacket<0x008d, 8, 1>(head_8d, msg); -} - void clif_npc_send_title(Session *s, BlockId npcid, XString msg) { size_t msg_len = msg.size() + 1; @@ -5670,10 +5670,6 @@ AString clif_validate_chat(dumb_ptr<map_session_data> sd, ChatType type, XString if (sd->auto_ban_info.in_progress) return AString(); - Session *s = sd->sess; - size_t name_len = sd->status_key.name.to__actual().size(); - XString pbuf = buf; - /* * The client attempted to exceed the maximum message length. * @@ -5688,21 +5684,20 @@ AString clif_validate_chat(dumb_ptr<map_session_data> sd, ChatType type, XString return AString(); } - if (type == ChatType::Global) + // ManaPlus remote command vulnerability fix + if (buf.contains_seq("@@="_s) && buf.contains('|')) { - XString p = pbuf; - if (!(p.startswith(sd->status_key.name.to__actual()) && p.xslice_t(name_len).startswith(" : "_s))) - { - /* Disallow malformed/spoofed messages. */ - clif_setwaitclose(s); - WARN_MALFORMED_MSG(sd, "spoofed name/invalid format"_s); - return AString(); - } - /* Step beyond the separator. */ - XString xs = p.xslice_t(name_len + 3); - return xs; + clif_setwaitclose(sd->sess); + WARN_MALFORMED_MSG(sd, "remote command exploit attempt"_s); + return AString(); } - return pbuf; + + // Step beyond the separator. for older clients + if (type == ChatType::Global && sd->client_version < 6) + return buf.xslice_t(sd->status_key.name.to__actual().size() + 3); + + // newer clients will not send the name + return buf; } /*========================================== |