From 6df016b421e4a57376d49a51a2df7e86eb5dd687 Mon Sep 17 00:00:00 2001
From: CPunch <sethtstubbs@gmail.com>
Date: Thu, 9 Mar 2023 14:41:38 -0600
Subject: [PATCH] login: validate characters

---
 server/login.go       | 33 +++++++++++++++++++++++++++++++++
 server/loginserver.go |  3 ---
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/server/login.go b/server/login.go
index 3934143..f10911f 100644
--- a/server/login.go
+++ b/server/login.go
@@ -148,16 +148,49 @@ func (server *LoginServer) SaveCharacterName(client *Client, pkt *protocol.Packe
 	}, protocol.P_LS2CL_REP_SAVE_CHAR_NAME_SUCC)
 }
 
+func validateCharacterCreation(character *protocol.SP_CL2LS_REQ_CHAR_CREATE) bool {
+	// thanks openfusion!
+	// all the values have been determined from analyzing client code and xdt
+	// and double checked using cheat engine
+
+	// check base parameters
+	style := &character.PCStyle
+	if !(style.IBody >= 0 && style.IBody <= 2 &&
+		style.IEyeColor >= 1 && style.IEyeColor <= 5 &&
+		style.IGender >= 1 && style.IGender <= 2 &&
+		style.IHairColor >= 1 && style.IHairColor <= 18) &&
+		style.IHeight >= 0 && style.IHeight <= 4 &&
+		style.INameCheck >= 0 && style.INameCheck <= 2 &&
+		style.ISkinColor >= 1 && style.ISkinColor <= 12 {
+		return false
+	}
+
+	// facestyle and hairstyle are gender dependent
+	if !(style.IGender == 1 && style.IFaceStyle >= 1 && style.IFaceStyle <= 5 && style.IHairStyle >= 1 && style.IHairStyle <= 23) &&
+		!(style.IGender == 2 && style.IFaceStyle >= 6 && style.IFaceStyle <= 10 && style.IHairStyle >= 25 && style.IHairStyle <= 45) {
+		return false
+	}
+
+	return true
+}
+
 func (server *LoginServer) CharacterCreate(client *Client, pkt *protocol.Packet) {
 	var charPkt protocol.SP_CL2LS_REQ_CHAR_CREATE
 	pkt.Decode(&charPkt)
 
+	if !validateCharacterCreation(&charPkt) {
+		client.Send(&protocol.SP_LS2CL_REP_SHARD_SELECT_FAIL{IErrorCode: 2}, protocol.P_LS2CL_REP_SHARD_SELECT_FAIL)
+		panic(fmt.Errorf("invalid SP_CL2LS_REQ_CHAR_CREATE!"))
+	}
+
 	if err := db.DefaultDB.FinishPlayer(&charPkt, client.AccountID); err != nil {
+		client.Send(&protocol.SP_LS2CL_REP_SHARD_SELECT_FAIL{IErrorCode: 2}, protocol.P_LS2CL_REP_SHARD_SELECT_FAIL)
 		panic(err)
 	}
 
 	plr, err := db.DefaultDB.GetPlayer(int(charPkt.PCStyle.IPC_UID))
 	if err != nil {
+		client.Send(&protocol.SP_LS2CL_REP_SHARD_SELECT_FAIL{IErrorCode: 2}, protocol.P_LS2CL_REP_SHARD_SELECT_FAIL)
 		panic(err)
 	}
 
diff --git a/server/loginserver.go b/server/loginserver.go
index f5e025b..0a50026 100644
--- a/server/loginserver.go
+++ b/server/loginserver.go
@@ -1,7 +1,6 @@
 package server
 
 import (
-	"fmt"
 	"log"
 	"net"
 	"sync"
@@ -67,13 +66,11 @@ func (server *LoginServer) HandlePacket(client *Client, typeID uint32, pkt *prot
 func (server *LoginServer) Disconnect(client *Client) {
 	server.lock.Lock()
 	delete(server.clients, client)
-	fmt.Printf("Client %p disconnected\n", client)
 	server.lock.Unlock()
 }
 
 func (server *LoginServer) Connect(client *Client) {
 	server.lock.Lock()
 	server.clients[client] = true
-	fmt.Printf("Client %p connected\n", client)
 	server.lock.Unlock()
 }