Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-28 18:42:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(channelserver): validate client binary blobs before saving

Browse Source 
- Reject BinaryType outside 1-5 in SetUserBinary to prevent
  dynamic column name with unchecked client input
- Check rengoku payload length before DB write and fixed-offset
  reads to prevent panic on short payloads
- Require MercData >= 4 bytes before ReadUint32 to prevent panic

Ref: Mezeporta/Erupe#158
This commit is contained in:
Houmgaor
2026-02-18 23:39:29 +01:00
parent 2ac8c8cf62
commit b2b1c426a5
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/channelserver/handlers_rengoku.go
View File

@@ -16,6 +16,11 @@ func handleMsgMhfSaveRengokuData(s *Session, p mhfpacket.MHFPacket) {
// saved every floor on road, holds values such as floors progressed, points etc.
// can be safely handled by the client
pkt := p.(*mhfpacket.MsgMhfSaveRengokuData)
if len(pkt.RawDataPayload) < 91 {
s.logger.Warn("Rengoku payload too short", zap.Int("len", len(pkt.RawDataPayload)))
doAckSimpleSucceed(s, pkt.AckHandle, make([]byte, 4))
return
}
dumpSaveData(s, pkt.RawDataPayload, "rengoku")
_, err := s.server.db.Exec("UPDATE characters SET rengokudata=$1 WHERE id=$2", pkt.RawDataPayload, s.charID)
if err != nil {