Merge pull request #12 from RubenD96/master

Fix 2 small packet exploits
This commit is contained in:
Ponk
2021-04-07 18:38:25 +02:00
committed by GitHub
2 changed files with 29 additions and 12 deletions

View File

@@ -21,12 +21,12 @@
*/ */
package net.server.channel.handlers; package net.server.channel.handlers;
import client.MapleClient;
import client.MapleCharacter; import client.MapleCharacter;
import client.MapleClient;
import client.autoban.AutobanFactory;
import client.inventory.MaplePet; import client.inventory.MaplePet;
import net.AbstractMaplePacketHandler; import net.AbstractMaplePacketHandler;
import tools.data.input.SeekableLittleEndianAccessor; import tools.data.input.SeekableLittleEndianAccessor;
//import tools.MaplePacketCreator;
/** /**
* @author BubblesDev * @author BubblesDev
@@ -37,10 +37,10 @@ public final class PetExcludeItemsHandler extends AbstractMaplePacketHandler {
@Override @Override
public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) { public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) {
final int petId = slea.readInt(); final int petId = slea.readInt();
slea.skip(4); slea.skip(4); // timestamp
MapleCharacter chr = c.getPlayer(); MapleCharacter chr = c.getPlayer();
byte petIndex = (byte)chr.getPetIndex(petId); byte petIndex = chr.getPetIndex(petId);
if (petIndex < 0) return; if (petIndex < 0) return;
final MaplePet pet = chr.getPet(petIndex); final MaplePet pet = chr.getPet(petIndex);
@@ -51,7 +51,13 @@ public final class PetExcludeItemsHandler extends AbstractMaplePacketHandler {
chr.resetExcluded(petId); chr.resetExcluded(petId);
byte amount = slea.readByte(); byte amount = slea.readByte();
for (int i = 0; i < amount; i++) { for (int i = 0; i < amount; i++) {
chr.addExcluded(petId, slea.readInt()); int itemId = slea.readInt();
if (itemId >= 0) {
chr.addExcluded(petId, itemId);
} else {
AutobanFactory.PACKET_EDIT.alert(chr, "negative item id value in PetExcludeItemsHandler (" + itemId + ")");
return;
}
} }
chr.commitExcludedItems(); chr.commitExcludedItems();
} }

View File

@@ -21,24 +21,35 @@
*/ */
package net.server.channel.handlers; package net.server.channel.handlers;
import client.MapleCharacter;
import client.MapleClient; import client.MapleClient;
import client.SkillMacro; import client.SkillMacro;
import tools.data.input.SeekableLittleEndianAccessor; import client.autoban.AutobanFactory;
import net.AbstractMaplePacketHandler; import net.AbstractMaplePacketHandler;
import tools.data.input.SeekableLittleEndianAccessor;
public final class SkillMacroHandler extends AbstractMaplePacketHandler { public final class SkillMacroHandler extends AbstractMaplePacketHandler {
@Override @Override
public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) { public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) {
MapleCharacter chr = c.getPlayer();
int num = slea.readByte(); int num = slea.readByte();
if (num > 5) return;
for (int i = 0; i < num; i++) { for (int i = 0; i < num; i++) {
String name = slea.readMapleAsciiString(); String name = slea.readMapleAsciiString();
if (name.length() > 12) {
AutobanFactory.PACKET_EDIT.alert(chr, "Invalid name length " + name + " (" + name.length() + ") for skill macro.");
c.disconnect(false, false);
break;
}
int shout = slea.readByte(); int shout = slea.readByte();
int skill1 = slea.readInt(); int skill1 = slea.readInt();
int skill2 = slea.readInt(); int skill2 = slea.readInt();
int skill3 = slea.readInt(); int skill3 = slea.readInt();
SkillMacro macro = new SkillMacro(skill1, skill2, skill3, name, shout, i); SkillMacro macro = new SkillMacro(skill1, skill2, skill3, name, shout, i);
c.getPlayer().updateMacros(i, macro); chr.updateMacros(i, macro);
} }
} }
} }