Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-22 07:32:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(channelserver): validate client binary blobs before saving

Browse Source 
- Reject BinaryType outside 1-5 in SetUserBinary to prevent
  dynamic column name with unchecked client input
- Check rengoku payload length before DB write and fixed-offset
  reads to prevent panic on short payloads
- Require MercData >= 4 bytes before ReadUint32 to prevent panic

Ref: Mezeporta/Erupe#158
This commit is contained in:
Houmgaor
2026-02-18 23:39:29 +01:00
parent 2ac8c8cf62
commit b2b1c426a5
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/channelserver/handlers_users.go
View File

@@ -13,6 +13,10 @@ func handleMsgSysDeleteUser(s *Session, p mhfpacket.MHFPacket) {}
func handleMsgSysSetUserBinary(s *Session, p mhfpacket.MHFPacket) {
pkt := p.(*mhfpacket.MsgSysSetUserBinary)
if pkt.BinaryType < 1 || pkt.BinaryType > 5 {
s.logger.Warn("Invalid BinaryType", zap.Uint8("type", pkt.BinaryType))
return
}
s.server.userBinaryPartsLock.Lock()
s.server.userBinaryParts[userBinaryPartID{charID: s.charID, index: pkt.BinaryType}] = pkt.RawDataPayload
s.server.userBinaryPartsLock.Unlock()