Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-28 10:32:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(channelserver): validate client binary blobs before saving

Browse Source 
- Reject BinaryType outside 1-5 in SetUserBinary to prevent
  dynamic column name with unchecked client input
- Check rengoku payload length before DB write and fixed-offset
  reads to prevent panic on short payloads
- Require MercData >= 4 bytes before ReadUint32 to prevent panic

Ref: Mezeporta/Erupe#158
This commit is contained in:
Houmgaor
2026-02-18 23:39:29 +01:00
parent 2ac8c8cf62
commit b2b1c426a5
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/channelserver/handlers_mercenary.go
View File

@@ -188,7 +188,7 @@ func handleMsgMhfCreateMercenary(s *Session, p mhfpacket.MHFPacket) {
func handleMsgMhfSaveMercenary(s *Session, p mhfpacket.MHFPacket) {
pkt := p.(*mhfpacket.MsgMhfSaveMercenary)
dumpSaveData(s, pkt.MercData, "mercenary")
if len(pkt.MercData) > 0 {
if len(pkt.MercData) >= 4 {
temp := byteframe.NewByteFrameFromBytes(pkt.MercData)
if _, err := s.server.db.Exec("UPDATE characters SET savemercenary=$1, rasta_id=$2 WHERE id=$3", pkt.MercData, temp.ReadUint32(), s.charID); err != nil {
s.logger.Error("Failed to save mercenary data", zap.Error(err))