From 7e08bc60ce197e4a2d21e797d906eaa81cb2dafe Mon Sep 17 00:00:00 2001
From: Kamil <kamilprzybspam@wp.pl>
Date: Thu, 19 Nov 2020 17:59:30 +0100
Subject: [PATCH] added character validation for SAVE_CHAR_TUTOR and
 CHANGE_CHAR_NAME

fixed ugly sizeofs
---
 src/CNLoginServer.cpp | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/CNLoginServer.cpp b/src/CNLoginServer.cpp
index 8ec0049..26048ba 100644
--- a/src/CNLoginServer.cpp
+++ b/src/CNLoginServer.cpp
@@ -136,7 +136,7 @@ void CNLoginServer::login(CNSocket* sock, CNPacketData* data) {
     std::vector<sP_LS2CL_REP_CHAR_INFO> characters = Database::getCharInfo(loginSessions[sock].userID);
 
     INITSTRUCT(sP_LS2CL_REP_LOGIN_SUCC, resp);
-    memcpy(resp.szID, login->szID, sizeof(char16_t) * 33);
+    memcpy(resp.szID, login->szID, sizeof(login->szID));
 
     resp.iCharCount = characters.size();
     resp.iSlotNum = findUser->Selected;
@@ -221,8 +221,8 @@ void CNLoginServer::nameCheck(CNSocket* sock, CNPacketData* data) {
     loginSessions[sock].lastHeartbeat = getTime();
 
     INITSTRUCT(sP_LS2CL_REP_CHECK_CHAR_NAME_SUCC, resp);
-    memcpy(resp.szFirstName, nameCheck->szFirstName, sizeof(char16_t) * 9);
-    memcpy(resp.szLastName, nameCheck->szLastName, sizeof(char16_t) * 17);
+    memcpy(resp.szFirstName, nameCheck->szFirstName, sizeof(nameCheck->szFirstName));
+    memcpy(resp.szLastName, nameCheck->szLastName, sizeof(nameCheck->szLastName));
 
     sock->sendPacket((void*)&resp, P_LS2CL_REP_CHECK_CHAR_NAME_SUCC, sizeof(sP_LS2CL_REP_CHECK_CHAR_NAME_SUCC));
 
@@ -242,8 +242,8 @@ void CNLoginServer::nameSave(CNSocket* sock, CNPacketData* data) {
     resp.iSlotNum = save->iSlotNum;
     resp.iGender = save->iGender;
     resp.iPC_UID = Database::createCharacter(save, loginSessions[sock].userID);
-    memcpy(resp.szFirstName, save->szFirstName, sizeof(char16_t) * 9);
-    memcpy(resp.szLastName, save->szLastName, sizeof(char16_t) * 17);
+    memcpy(resp.szFirstName, save->szFirstName, sizeof(save->szFirstName));
+    memcpy(resp.szLastName, save->szLastName, sizeof(save->szLastName));
 
     loginSessions[sock].lastHeartbeat = getTime();
 
@@ -373,6 +373,10 @@ void CNLoginServer::finishTutorial(CNSocket* sock, CNPacketData* data) {
     if (data->size != sizeof(sP_CL2LS_REQ_SAVE_CHAR_TUTOR))
         return;
     sP_CL2LS_REQ_SAVE_CHAR_TUTOR* save = (sP_CL2LS_REQ_SAVE_CHAR_TUTOR*)data->buf;
+
+    if (!Database::validateCharacter(save->iPC_UID, loginSessions[sock].userID))
+        return invalidCharacter(sock);
+
     Database::finishTutorial(save->iPC_UID);
     loginSessions[sock].lastHeartbeat = getTime();
     // no response here
@@ -387,12 +391,16 @@ void CNLoginServer::changeName(CNSocket* sock, CNPacketData* data) {
         return;
 
     sP_CL2LS_REQ_CHANGE_CHAR_NAME* save = (sP_CL2LS_REQ_CHANGE_CHAR_NAME*)data->buf;
+
+    if (!Database::validateCharacter(save->iPCUID, loginSessions[sock].userID))
+        return invalidCharacter(sock);
+
     Database::changeName(save);
 
     INITSTRUCT(sP_LS2CL_REP_CHANGE_CHAR_NAME_SUCC, resp);
     resp.iPC_UID = save->iPCUID;
-    memcpy(resp.szFirstName, save->szFirstName, sizeof(char16_t) * 9);
-    memcpy(resp.szLastName, save->szLastName, sizeof(char16_t) * 17);
+    memcpy(resp.szFirstName, save->szFirstName, sizeof(save->szFirstName));
+    memcpy(resp.szLastName, save->szLastName, sizeof(save->szLastName));
     resp.iSlotNum = save->iSlotNum;
 
     loginSessions[sock].lastHeartbeat = getTime();