浏览代码

Adjusted the exploit crashfix from r13678 to abort when invalid input is detected.
Script text input packets of length 8 are now also invalid since there must be at least a zero byte (end of string) present.

git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@13680 54d463be-8e91-2dee-dedb-b68131a5f0ec

ultramage 16 年之前
父节点
当前提交
c7515f00d8
共有 1 个文件被更改,包括 2 次插入2 次删除
  1. 2 2
      src/map/clif.c

+ 2 - 2
src/map/clif.c

@@ -9797,8 +9797,8 @@ void clif_parse_NpcStringInput(int fd, struct map_session_data* sd)
 	int npcid = RFIFOL(fd,4);
 	const char* message = (char*)RFIFOP(fd,8);
 	
-	if( message_len < 0 )
-		message_len = 0;
+	if( message_len <= 0 )
+		return; // invalid input
 
 	safestrncpy(sd->npc_str, message, min(message_len,CHATBOX_SIZE));
 	npc_scriptcont(sd, npcid);