Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-21 23:22:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b2b1c426a5b5f98906b959e64ce95126194c2e91
Erupe/server/channelserver/handlers_users.go
Houmgaor b2b1c426a5 fix(channelserver): validate client binary blobs before saving 
- Reject BinaryType outside 1-5 in SetUserBinary to prevent
  dynamic column name with unchecked client input
- Check rengoku payload length before DB write and fixed-offset
  reads to prevent panic on short payloads
- Require MercData >= 4 bytes before ReadUint32 to prevent panic

Ref: Mezeporta/Erupe#158
2026-02-18 23:39:29 +01:00

66 lines
2.1 KiB
Go
Raw Blame History

package channelserver
import (
"fmt"
"erupe-ce/network/mhfpacket"
"go.uber.org/zap"
)
func handleMsgSysInsertUser(s *Session, p mhfpacket.MHFPacket) {}
func handleMsgSysDeleteUser(s *Session, p mhfpacket.MHFPacket) {}
func handleMsgSysSetUserBinary(s *Session, p mhfpacket.MHFPacket) {
pkt := p.(*mhfpacket.MsgSysSetUserBinary)
if pkt.BinaryType < 1 || pkt.BinaryType > 5 {
s.logger.Warn("Invalid BinaryType", zap.Uint8("type", pkt.BinaryType))
return
}
s.server.userBinaryPartsLock.Lock()
s.server.userBinaryParts[userBinaryPartID{charID: s.charID, index: pkt.BinaryType}] = pkt.RawDataPayload
s.server.userBinaryPartsLock.Unlock()
var exists []byte
err := s.server.db.QueryRow("SELECT type2 FROM user_binary WHERE id=$1", s.charID).Scan(&exists)
if err != nil {
if _, err := s.server.db.Exec("INSERT INTO user_binary (id) VALUES ($1)", s.charID); err != nil {
s.logger.Error("Failed to insert user binary", zap.Error(err))
}
}
if _, err := s.server.db.Exec(fmt.Sprintf("UPDATE user_binary SET type%d=$1 WHERE id=$2", pkt.BinaryType), pkt.RawDataPayload, s.charID); err != nil {
s.logger.Error("Failed to update user binary", zap.Error(err))
}
msg := &mhfpacket.MsgSysNotifyUserBinary{
CharID: s.charID,
BinaryType: pkt.BinaryType,
}
s.server.BroadcastMHF(msg, s)
}
func handleMsgSysGetUserBinary(s *Session, p mhfpacket.MHFPacket) {
pkt := p.(*mhfpacket.MsgSysGetUserBinary)
// Try to get the data.
s.server.userBinaryPartsLock.RLock()
defer s.server.userBinaryPartsLock.RUnlock()
data, ok := s.server.userBinaryParts[userBinaryPartID{charID: pkt.CharID, index: pkt.BinaryType}]
// If we can't get the real data, try to get it from the database.
if !ok {
err := s.server.db.QueryRow(fmt.Sprintf("SELECT type%d FROM user_binary WHERE id=$1", pkt.BinaryType), pkt.CharID).Scan(&data)
if err != nil {
doAckBufFail(s, pkt.AckHandle, make([]byte, 4))
} else {
doAckBufSucceed(s, pkt.AckHandle, data)
}
} else {
doAckBufSucceed(s, pkt.AckHandle, data)
}
}
func handleMsgSysNotifyUserBinary(s *Session, p mhfpacket.MHFPacket) {}
Reference in New Issue View Git Blame Copy Permalink