Erupe

Mirror/Erupe

Fork 0

mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-22 07:32:32 +01:00

Commit Graph

Author	SHA1	Message	Date
Houmgaor	604d53d6d7	fix(channelserver): validate packet fields before use in handlers Several handlers used packet fields as array indices or SQL column names without bounds checking, allowing crafted packets to panic the server or produce malformed SQL. Panic fixes (high severity): - handlers_mail: bounds check AccIndex against mailList length - handlers_misc: validate ArmourID >= 10000 and MogType <= 4 - handlers_mercenary: check RawDataPayload length before slicing - handlers_house: check RawDataPayload length in SaveDecoMyset - handlers_register: guard empty RawDataPayload in OperateRegister SQL column name fixes (medium severity): - handlers_misc: early return on unknown PointType - handlers_items: reject unknown StampType in weekly stamp handlers - handlers_achievement: cap AchievementID at 32 - handlers_goocoo: skip goocoo.Index > 4 - handlers_house: cap BoxIndex for warehouse operations - handlers_tower: fix MissionIndex=0 bypassing normalization guard	2026-02-19 00:23:04 +01:00
Houmgaor	0d07a1f698	refactor(mhfpacket): rename 15 Unk fields with identified meanings Replace unknown field names with descriptive names based on handler logic analysis, switch dispatch patterns, DB query context, and inline comments: - ObjectHandleID, IsQuest, ItemIDCount, MaxCount, TokenLength, FormatVersion, LogoutType (high confidence from comments/constants) - QueryType, DataType, MissionIndex, CheckOnly, RequestType, ExchangeType, TournamentID (confirmed by handler switch/if usage) Also fix MsgSysLogout.Build calling ReadUint8 instead of WriteUint8.	2026-02-18 21:48:08 +01:00
Houmgaor	cc7883b8a1	refactor(channelserver): split handlers.go into sub-files Extract from the 1638-line catch-all handlers.go into focused files: - handlers_helpers.go: shared doAck* helpers and updateRights - handlers_session.go: login/logout, save, system protocol handlers - handlers_items.go: items, prices, stamps, stampcard - handlers.go: remaining misc handlers (goocoo, earth, seibattle, etc.)	2026-02-18 17:59:15 +01:00

Author

SHA1

Message

Date

Houmgaor

604d53d6d7

fix(channelserver): validate packet fields before use in handlers

Several handlers used packet fields as array indices or SQL column
names without bounds checking, allowing crafted packets to panic the
server or produce malformed SQL.

Panic fixes (high severity):
- handlers_mail: bounds check AccIndex against mailList length
- handlers_misc: validate ArmourID >= 10000 and MogType <= 4
- handlers_mercenary: check RawDataPayload length before slicing
- handlers_house: check RawDataPayload length in SaveDecoMyset
- handlers_register: guard empty RawDataPayload in OperateRegister

SQL column name fixes (medium severity):
- handlers_misc: early return on unknown PointType
- handlers_items: reject unknown StampType in weekly stamp handlers
- handlers_achievement: cap AchievementID at 32
- handlers_goocoo: skip goocoo.Index > 4
- handlers_house: cap BoxIndex for warehouse operations
- handlers_tower: fix MissionIndex=0 bypassing normalization guard

2026-02-19 00:23:04 +01:00

Houmgaor

0d07a1f698

refactor(mhfpacket): rename 15 Unk fields with identified meanings

Replace unknown field names with descriptive names based on handler
logic analysis, switch dispatch patterns, DB query context, and
inline comments:

- ObjectHandleID, IsQuest, ItemIDCount, MaxCount, TokenLength,
  FormatVersion, LogoutType (high confidence from comments/constants)
- QueryType, DataType, MissionIndex, CheckOnly, RequestType,
  ExchangeType, TournamentID (confirmed by handler switch/if usage)

Also fix MsgSysLogout.Build calling ReadUint8 instead of WriteUint8.

2026-02-18 21:48:08 +01:00

Houmgaor

cc7883b8a1

refactor(channelserver): split handlers.go into sub-files

Extract from the 1638-line catch-all handlers.go into focused files:
- handlers_helpers.go: shared doAck* helpers and updateRights
- handlers_session.go: login/logout, save, system protocol handlers
- handlers_items.go: items, prices, stamps, stampcard
- handlers.go: remaining misc handlers (goocoo, earth, seibattle, etc.)

2026-02-18 17:59:15 +01:00

3 Commits