added sanity checks

2025-12-24 12:50:05 +00:00 · 2020-08-18 19:11:31 -05:00
parent 208f4b3bbd
commit 47b76b422c
6 changed files with 53 additions and 10 deletions
--- a/src/CNLoginServer.cpp
+++ b/src/CNLoginServer.cpp
@@ -19,6 +19,9 @@ CNLoginServer::CNLoginServer(uint16_t p) {
 void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
    switch (data->type) {
        case P_CL2LS_REQ_LOGIN: {
+            if (data->size != sizeof(sP_CL2LS_REQ_LOGIN))
+                return; // ignore the malformed packet
+
            sP_CL2LS_REQ_LOGIN* login = (sP_CL2LS_REQ_LOGIN*)data->buf;
            sP_LS2CL_REP_LOGIN_SUCC* response = (sP_LS2CL_REP_LOGIN_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_LOGIN_SUCC));
            uint64_t cachedKey = sock->getEKey(); // so we can still send the response packet with the correct key
@@ -110,6 +113,9 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
            break;
        }
        case P_CL2LS_REQ_CHECK_CHAR_NAME: {
+            if (data->size != sizeof(sP_CL2LS_REQ_CHECK_CHAR_NAME))
+                return;
+            
            // naughty words allowed!!!!!!!! (also for some reason, the client will always show 'Player 0' if you manually type a name. It will show up for other connected players though)
            sP_CL2LS_REQ_CHECK_CHAR_NAME* nameCheck = (sP_CL2LS_REQ_CHECK_CHAR_NAME*)data->buf;
            sP_LS2CL_REP_CHECK_CHAR_NAME_SUCC* response = (sP_LS2CL_REP_CHECK_CHAR_NAME_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_CHECK_CHAR_NAME_SUCC));
@@ -127,6 +133,9 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
            break;
        }
        case P_CL2LS_REQ_SAVE_CHAR_NAME: {
+            if (data->size != sizeof(sP_CL2LS_REQ_SAVE_CHAR_NAME))
+                return;
+            
            sP_CL2LS_REQ_SAVE_CHAR_NAME* save = (sP_CL2LS_REQ_SAVE_CHAR_NAME*)data->buf;
            sP_LS2CL_REP_SAVE_CHAR_NAME_SUCC* response = (sP_LS2CL_REP_SAVE_CHAR_NAME_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_SAVE_CHAR_NAME_SUCC));

@@ -146,6 +155,9 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
            break;
        }
        case P_CL2LS_REQ_CHAR_CREATE: {
+            if (data->size != sizeof(sP_CL2LS_REQ_CHAR_CREATE))
+                return;
+            
            sP_CL2LS_REQ_CHAR_CREATE* character = (sP_CL2LS_REQ_CHAR_CREATE*)data->buf;
            sP_LS2CL_REP_CHAR_CREATE_SUCC* response = (sP_LS2CL_REP_CHAR_CREATE_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_CHAR_CREATE_SUCC));

@@ -194,6 +206,9 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
            break;
        }
        case P_CL2LS_REQ_CHAR_SELECT: {
+            if (data->size != sizeof(sP_CL2LS_REQ_CHAR_SELECT))
+                return;
+            
            // character selected
            sP_CL2LS_REQ_CHAR_SELECT* chararacter = (sP_CL2LS_REQ_CHAR_SELECT*)data->buf;
            sP_LS2CL_REP_CHAR_SELECT_SUCC* response = (sP_LS2CL_REP_CHAR_SELECT_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_CHAR_SELECT_SUCC));
@@ -209,6 +224,9 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
            break;
        }
        case P_CL2LS_REQ_SHARD_SELECT: {
+            if (data->size != sizeof(sP_CL2LS_REQ_SHARD_SELECT))
+                return;
+            
            // tell client to connect to the shard server
            sP_CL2LS_REQ_SHARD_SELECT* shard = (sP_CL2LS_REQ_SHARD_SELECT*)data->buf;
            sP_LS2CL_REP_SHARD_SELECT_SUCC* response = (sP_LS2CL_REP_SHARD_SELECT_SUCC*)xmalloc(sizeof(sP_LS2CL_REP_SHARD_SELECT_SUCC));