Fixed an exploit that makes guild skill get higher level than the max defined in guild_skill_tree. (bugreport:3241)

git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@13894 54d463be-8e91-2dee-dedb-b68131a5f0ec

Changelog-Trunk.txt

@@ -3,6 +3,8 @@ Date	Added
 AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO INTO TRUNK.
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
+09/06/16
+	* Fixed an exploit that makes guild skill get higher level than the max defined in guild_skill_tree. (bugreport:3241) [Inkfish]
 09/06/15
 	* Skill through items will not be blocked when 90% overweight. (bugreport:3246) [Inkfish]
 	* Now you can drop items when hiding. [Inkfish]

src/char/int_guild.c

@@ -1317,7 +1317,7 @@ int mapif_parse_GuildPosition(int fd, int guild_id, int idx, struct guild_positi
 }
 
 // ギルドスキルアップ要求
-int mapif_parse_GuildSkillUp(int fd, int guild_id, int skill_num, int account_id)
+int mapif_parse_GuildSkillUp(int fd, int guild_id, int skill_num, int account_id, int max)
 {
 	struct guild *g = (struct guild*)idb_get(guild_db, guild_id);
 	int idx = skill_num - GD_SKILLBASE;
@@ -1325,7 +1325,7 @@ int mapif_parse_GuildSkillUp(int fd, int guild_id, int skill_num, int account_id
 	if (g == NULL || idx < 0 || idx >= MAX_GUILDSKILL)
 		return 0;
 
-	if (g->skill_point > 0 && g->skill[idx].id > 0 && g->skill[idx].lv < 10) {
+	if (g->skill_point > 0 && g->skill[idx].id > 0 && g->skill[idx].lv < max) {
 		g->skill[idx].lv++;
 		g->skill_point--;
 		if (guild_calcinfo(g) == 0)
@@ -1551,7 +1551,7 @@ int inter_guild_parse_frommap(int fd)
 	case 0x3039: mapif_parse_GuildBasicInfoChange(fd, RFIFOL(fd,4), RFIFOW(fd,8), (const char*)RFIFOP(fd,10), RFIFOW(fd,2)-10); break;
 	case 0x303A: mapif_parse_GuildMemberInfoChange(fd, RFIFOL(fd,4), RFIFOL(fd,8), RFIFOL(fd,12), RFIFOW(fd,16), (const char*)RFIFOP(fd,18), RFIFOW(fd,2)-18); break;
 	case 0x303B: mapif_parse_GuildPosition(fd, RFIFOL(fd,4), RFIFOL(fd,8), (struct guild_position *)RFIFOP(fd,12)); break;
-	case 0x303C: mapif_parse_GuildSkillUp(fd, RFIFOL(fd,2), RFIFOL(fd,6), RFIFOL(fd,10)); break;
+	case 0x303C: mapif_parse_GuildSkillUp(fd, RFIFOL(fd,2), RFIFOL(fd,6), RFIFOL(fd,10), RFIFOL(fd,14)); break;
 	case 0x303D: mapif_parse_GuildAlliance(fd, RFIFOL(fd,2), RFIFOL(fd,6), RFIFOL(fd,10), RFIFOL(fd,14), RFIFOB(fd,18)); break;
 	case 0x303E: mapif_parse_GuildNotice(fd, RFIFOL(fd,2), (const char*)RFIFOP(fd,6), (const char*)RFIFOP(fd,66)); break;
 	case 0x303F: mapif_parse_GuildEmblem(fd, RFIFOW(fd,2)-12, RFIFOL(fd,4), RFIFOL(fd,8), (const char*)RFIFOP(fd,12)); break;

src/char/inter.c

@@ -53,7 +53,7 @@ int inter_recv_packet_length[]={
 	-1,-1, 7,-1, -1,13,36, 0,  0, 0, 0, 0,  0, 0,  0, 0, //0x3000-0x300f
 	 6,-1, 0, 0,  0, 0, 0, 0, 10,-1, 0, 0,  0, 0,  0, 0, //0x3010-0x301f
 	-1, 6,-1,14, 14,19, 6,-1, 14,14, 0, 0,  0, 0,  0, 0, //0x3020-0x302f
-	-1, 6,-1,-1, 55,19, 6,-1, 14,-1,-1,-1, 14,19,186,-1, //0x3030-0x303f
+	-1, 6,-1,-1, 55,19, 6,-1, 14,-1,-1,-1, 18,19,186,-1, //0x3030-0x303f
 	 5, 9, 0, 0,  0, 0, 0, 0,  0, 0, 0, 0,  0, 0,  0, 0, //0x3040-0x304f
 	 0, 0, 0, 0,  0, 0, 0, 0,  0, 0, 0, 0,  0, 0,  0, 0, //0x3050-0x305f
 	 0, 0, 0, 0,  0, 0, 0, 0,  0, 0, 0, 0,  0, 0,  0, 0, //0x3060-0x306f

src/char_sql/int_guild.c

@@ -1691,7 +1691,7 @@ int mapif_parse_GuildPosition(int fd,int guild_id,int idx,struct guild_position
 }
 
 // Guild Skill UP
-int mapif_parse_GuildSkillUp(int fd,int guild_id,int skill_num,int account_id)
+int mapif_parse_GuildSkillUp(int fd,int guild_id,int skill_num,int account_id,int max)
 {
 	struct guild * g;
 	int idx = skill_num - GD_SKILLBASE;
@@ -1700,7 +1700,7 @@ int mapif_parse_GuildSkillUp(int fd,int guild_id,int skill_num,int account_id)
 	if(g == NULL || idx < 0 || idx >= MAX_GUILDSKILL)
 		return 0;
 
-	if(g->skill_point>0 && g->skill[idx].id>0 && g->skill[idx].lv<10 )
+	if(g->skill_point>0 && g->skill[idx].id>0 && g->skill[idx].lv<max )
 	{
 		g->skill[idx].lv++;
 		g->skill_point--;
@@ -1949,7 +1949,7 @@ int inter_guild_parse_frommap(int fd)
 	case 0x3039: mapif_parse_GuildBasicInfoChange(fd,RFIFOL(fd,4),RFIFOW(fd,8),(const char*)RFIFOP(fd,10),RFIFOW(fd,2)-10); break;
 	case 0x303A: mapif_parse_GuildMemberInfoChange(fd,RFIFOL(fd,4),RFIFOL(fd,8),RFIFOL(fd,12),RFIFOW(fd,16),(const char*)RFIFOP(fd,18),RFIFOW(fd,2)-18); break;
 	case 0x303B: mapif_parse_GuildPosition(fd,RFIFOL(fd,4),RFIFOL(fd,8),(struct guild_position *)RFIFOP(fd,12)); break;
-	case 0x303C: mapif_parse_GuildSkillUp(fd,RFIFOL(fd,2),RFIFOL(fd,6),RFIFOL(fd,10)); break;
+	case 0x303C: mapif_parse_GuildSkillUp(fd,RFIFOL(fd,2),RFIFOL(fd,6),RFIFOL(fd,10),RFIFOL(fd,14)); break;
 	case 0x303D: mapif_parse_GuildAlliance(fd,RFIFOL(fd,2),RFIFOL(fd,6),RFIFOL(fd,10),RFIFOL(fd,14),RFIFOB(fd,18)); break;
 	case 0x303E: mapif_parse_GuildNotice(fd,RFIFOL(fd,2),(const char*)RFIFOP(fd,6),(const char*)RFIFOP(fd,66)); break;
 	case 0x303F: mapif_parse_GuildEmblem(fd,RFIFOW(fd,2)-12,RFIFOL(fd,4),RFIFOL(fd,8),(const char*)RFIFOP(fd,12)); break;

src/char_sql/inter.c

@@ -48,7 +48,7 @@ int inter_recv_packet_length[] = {
 	-1,-1, 7,-1, -1,13,36, 0,  0, 0, 0, 0,  0, 0,  0, 0,	// 3000-
 	 6,-1, 0, 0,  0, 0, 0, 0, 10,-1, 0, 0,  0, 0,  0, 0,	// 3010-
 	-1, 6,-1,14, 14,19, 6,-1, 14,14, 0, 0,  0, 0,  0, 0,	// 3020-
-	-1, 6,-1,-1, 55,19, 6,-1, 14,-1,-1,-1, 14,19,186,-1,	// 3030-
+	-1, 6,-1,-1, 55,19, 6,-1, 14,-1,-1,-1, 18,19,186,-1,	// 3030-
 	 5, 9, 0, 0,  0, 0, 0, 0,  7, 6,10,10, 10,-1,  0, 0,	// 3040-
 	-1,-1,10,10,  0,-1, 0, 0,  0, 0, 0, 0,  0, 0,  0, 0,	// 3050-  Auction System [Zephyrus]
 	 6,-1,10, 0,  0, 0, 0, 0,  0, 0, 0, 0,  0, 0,  0, 0,	// 3060-  Quest system [Kevin]

src/map/guild.c

@@ -1229,6 +1229,7 @@ int guild_skillup(TBL_PC* sd, int skill_num)
 {
 	struct guild* g;
 	int idx = skill_num - GD_SKILLBASE;
+	int max = guild_skill_get_max(skill_num);
 
 	nullpo_retr(0, sd);
 
@@ -1239,8 +1240,8 @@ int guild_skillup(TBL_PC* sd, int skill_num)
 
 	if( g->skill_point > 0 &&
 			g->skill[idx].id != 0 &&
-			g->skill[idx].lv < guild_skill_get_max(skill_num) )
-		intif_guild_skillup(g->guild_id, skill_num, sd->status.account_id);
+			g->skill[idx].lv < max )
+		intif_guild_skillup(g->guild_id, skill_num, sd->status.account_id, max);
 
 	return 0;
 }

src/map/intif.c

@@ -644,16 +644,17 @@ int intif_guild_position(int guild_id,int idx,struct guild_position *p)
 	return 0;
 }
 // ギルドスキルアップ要求
-int intif_guild_skillup(int guild_id, int skill_num, int account_id)
+int intif_guild_skillup(int guild_id, int skill_num, int account_id, int max)
 {
 	if( CheckForCharServer() )
 		return 0;
-	WFIFOHEAD(inter_fd, 14);
+	WFIFOHEAD(inter_fd, 18);
 	WFIFOW(inter_fd, 0)  = 0x303c;
 	WFIFOL(inter_fd, 2)  = guild_id;
 	WFIFOL(inter_fd, 6)  = skill_num;
 	WFIFOL(inter_fd, 10) = account_id;
-	WFIFOSET(inter_fd, 14);
+	WFIFOL(inter_fd, 14) = max;
+	WFIFOSET(inter_fd, 18);
 	return 0;
 }
 // ギルド同盟/敵対要求

src/map/intif.h

@@ -52,7 +52,7 @@ int intif_guild_change_gm(int guild_id, const char* name, int len);
 int intif_guild_change_basicinfo(int guild_id, int type, const void *data, int len);
 int intif_guild_change_memberinfo(int guild_id, int account_id, int char_id, int type, const void *data, int len);
 int intif_guild_position(int guild_id, int idx, struct guild_position *p);
-int intif_guild_skillup(int guild_id, int skill_num, int account_id);
+int intif_guild_skillup(int guild_id, int skill_num, int account_id, int max);
 int intif_guild_alliance(int guild_id1, int guild_id2, int account_id1, int account_id2, int flag);
 int intif_guild_notice(int guild_id, const char *mes1, const char *mes2);
 int intif_guild_emblem(int guild_id, int len, const char *data);