Fix exploit for negative itemId's in PetExcludeItemsHandler

This commit is contained in:
RubenD96
2021-04-07 17:26:55 +02:00
parent 28707fa0f3
commit e8d2256683

View File

@@ -21,12 +21,12 @@
*/ */
package net.server.channel.handlers; package net.server.channel.handlers;
import client.MapleClient;
import client.MapleCharacter; import client.MapleCharacter;
import client.MapleClient;
import client.autoban.AutobanFactory;
import client.inventory.MaplePet; import client.inventory.MaplePet;
import net.AbstractMaplePacketHandler; import net.AbstractMaplePacketHandler;
import tools.data.input.SeekableLittleEndianAccessor; import tools.data.input.SeekableLittleEndianAccessor;
//import tools.MaplePacketCreator;
/** /**
* @author BubblesDev * @author BubblesDev
@@ -37,10 +37,10 @@ public final class PetExcludeItemsHandler extends AbstractMaplePacketHandler {
@Override @Override
public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) { public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) {
final int petId = slea.readInt(); final int petId = slea.readInt();
slea.skip(4); slea.skip(4); // timestamp
MapleCharacter chr = c.getPlayer(); MapleCharacter chr = c.getPlayer();
byte petIndex = (byte)chr.getPetIndex(petId); byte petIndex = chr.getPetIndex(petId);
if (petIndex < 0) return; if (petIndex < 0) return;
final MaplePet pet = chr.getPet(petIndex); final MaplePet pet = chr.getPet(petIndex);
@@ -51,7 +51,13 @@ public final class PetExcludeItemsHandler extends AbstractMaplePacketHandler {
chr.resetExcluded(petId); chr.resetExcluded(petId);
byte amount = slea.readByte(); byte amount = slea.readByte();
for (int i = 0; i < amount; i++) { for (int i = 0; i < amount; i++) {
chr.addExcluded(petId, slea.readInt()); int itemId = slea.readInt();
if (itemId >= 0) {
chr.addExcluded(petId, itemId);
} else {
AutobanFactory.PACKET_EDIT.alert(chr, "negative item id value in PetExcludeItemsHandler (" + itemId + ")");
return;
}
} }
chr.commitExcludedItems(); chr.commitExcludedItems();
} }