Home Explore Help
Sign In
oversu
/
fRO_french_translation_rAthena
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

* Added quick validation of guild emblems' bitmap format to prevent forged emblems, that cause the client to crash, from being accepted (thx to sinya for a sample).

git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@14937 54d463be-8e91-2dee-dedb-b68131a5f0ec
ai4rei 13 years ago
parent
fdc4f040c7
commit
9b7854c898
2 changed files with 32 additions and 2 deletions
Unified View Show Diff Stats
  1. 2 0
      Changelog-Trunk.txt
  2. 30 2
      src/map/clif.c

+ 2 - 0
Changelog-Trunk.txt
View File 

@@ -1,5 +1,7 @@
 
 Date	Added
 
 Date	Added
 
 
 
+2011/08/20
 
+	* Added quick validation of guild emblems' bitmap format to prevent forged emblems, that cause the client to crash, from being accepted (thx to sinya for a sample). [Ai4rei]
 
 2011/08/16
 
 2011/08/16
 
 	* Added -fno-strict-aliasing detection to configure.in (-fstrict-aliasing is added through -O2), since the code is not aliasing safe and causes warnings with gcc. [Ai4rei]
 
 	* Added -fno-strict-aliasing detection to configure.in (-fstrict-aliasing is added through -O2), since the code is not aliasing safe and causes warnings with gcc. [Ai4rei]
 
 	- This also fixes a missing line in the pre-built configure script (since r14870).
 
 	- This also fixes a missing line in the pre-built configure script (since r14870).

+ 30 - 2
src/map/clif.c
View File 

@@ -4,6 +4,7 @@
 
 #include "../common/cbasetypes.h"
 
 #include "../common/cbasetypes.h"
 
 #include "../common/socket.h"
 
 #include "../common/socket.h"
 
 #include "../common/timer.h"
 
 #include "../common/timer.h"
 
+#include "../common/grfio.h"
 
 #include "../common/malloc.h"
 
 #include "../common/malloc.h"
 
 #include "../common/version.h"
 
 #include "../common/version.h"
 
 #include "../common/nullpo.h"
 
 #include "../common/nullpo.h"
 
@@ -11087,16 +11088,43 @@ void clif_parse_GuildRequestEmblem(int fd,struct map_session_data *sd)
 
 		clif_guild_emblem(sd,g);
 
 		clif_guild_emblem(sd,g);
 
 }
 
 }
 
 
 
+
 
+/// Validates data of a guild emblem (compressed bitmap)
 
+static bool clif_validate_emblem(const uint8* emblem, unsigned long emblem_len)
 
+{
 
+	bool success;
 
+	uint8 buf[1800];  // no well-formed emblem bitmap is larger than 1782 (24 bit) / 1654 (8 bit) bytes
 
+	unsigned long buf_len = sizeof(buf);
 
+
 
+	success = ( decode_zip(buf, &buf_len, emblem, emblem_len) == 0 && buf_len >= 18 )  // sizeof(BITMAPFILEHEADER) + sizeof(biSize) of the following info header struct
 
+			&& RBUFW(buf,0) == 0x4d42   // BITMAPFILEHEADER.bfType (signature)
 
+			&& RBUFL(buf,2) == buf_len  // BITMAPFILEHEADER.bfSize (file size)
 
+			&& RBUFL(buf,10) < buf_len  // BITMAPFILEHEADER.bfOffBits (offset to bitmap bits)
 
+			;
 
+
 
+	return success;
 
+}
 
+
 
+
 
 /*==========================================
 
 /*==========================================
 
  * ƒMƒ‹ƒhƒGƒ“ƒuƒŒƒ€•Ï�X
 
  * ƒMƒ‹ƒhƒGƒ“ƒuƒŒƒ€•Ï�X
 
  * S 0153 <packet len>.W <emblem data>.?B
 
  * S 0153 <packet len>.W <emblem data>.?B
 
  *------------------------------------------*/
 
  *------------------------------------------*/
 
 void clif_parse_GuildChangeEmblem(int fd,struct map_session_data *sd)
 
 void clif_parse_GuildChangeEmblem(int fd,struct map_session_data *sd)
 
 {
 
 {
 
-	if(!sd->state.gmaster_flag)
 
+	unsigned long emblem_len = RFIFOW(fd,2)-4;
 
+	const uint8* emblem = RFIFOP(fd,4);
 
+
 
+	if( !emblem_len || !sd->state.gmaster_flag )
 
+		return;
 
+
 
+	if( !clif_validate_emblem(emblem, emblem_len) )
 
+	{
 
+		ShowWarning("clif_parse_GuildChangeEmblem: Rejected malformed guild emblem (size=%lu, accound_id=%d, char_id=%d, guild_id=%d).\n", emblem_len, sd->status.account_id, sd->status.char_id, sd->status.guild_id);
 
 		return;
 
 		return;
 
+	}
 
 
 
-	guild_change_emblem(sd,RFIFOW(fd,2)-4,(char*)RFIFOP(fd,4));
 
+	guild_change_emblem(sd, emblem_len, emblem);
 
 }
 
 }
 
 
 
 /*==========================================
 
 /*==========================================