elecyb
-
Posts
2 -
Joined
-
Last visited
Never -
Donations
0.00 GBP
Content Type
Profiles
Bug Tracker
Wiki
Release Notes
Forums
Downloads
Blogs
Events
Posts posted by elecyb
-
-
* What bug does the patch fix? What features does the patch add?
- Added Tab number checks in Guild Bank operations. This prevent crash caused when player send a packet with Tab number higher than the max Tab.
- Typo in Guild::SendGuildBankTabText()
* For which repository revision was the patch created?
8618
* Is there a thread in the bug report section or at lighthouse? If yes, please add a link to the thread.
I don't think so, cause packet editing is needed, but here is a short description:
First you need a packet editor (I would perefer WPE :lol:), now you need to modify the offset related to Tab destination in GBank transaction, IE: if you have bought all Tabs the last Tab should be 05 (Tabs starts in 00) if you change the offset 016 with a number 06 or higher when you try to pull any item to GBank will cause 100% server crash.
* Who has been writing this patch? Please include either forum user names or email addresses.
me
@@ -1924,10 +1924,15 @@ uint8 Guild::CanStoreItem( uint8 tab, uint8 slot, GuildItemPosCountVec &dest, ui return EQUIP_ERR_COULDNT_SPLIT_ITEMS; if (pItem->IsSoulBound()) return EQUIP_ERR_CANT_DROP_SOULBOUND; + // in specific tab + if (tab >= m_TabListMap.size() || tab >= GUILD_BANK_MAX_TABS) { + return EQUIP_ERR_ITEM_DOESNT_GO_INTO_BAG; + } + // in specific slot if (slot != NULL_SLOT) { uint8 res = _CanStoreItem_InSpecificSlot(tab,slot,dest,count,swap,pItem); if (res != EQUIP_ERR_OK) @@ -1984,11 +1989,11 @@ void Guild::SetGuildBankTabText(uint8 TabId, std::string text) SendGuildBankTabText(NULL,TabId); } void Guild::SendGuildBankTabText(WorldSession *session, uint8 TabId) { - if (TabId > GUILD_BANK_MAX_TABS) + if (TabId >= GUILD_BANK_MAX_TABS) // tabs starts in 0 return; GuildBankTab const *tab = GetBankTab(TabId); if (!tab) return;
[8754][CrashFix][8618] Fix crash caused by spoofed packets
in ... acceptedOld
Posted
Thank you Vlad for your comment and suggestion , as you said we should add something like this:
BTW we need to check the number of purchased tabs, because if we don't, in the case of a player have less than 6 purchased tabs he can send a packet with BankTab = 05 causing the crash, so I think that we need to call the function m_TabListMap.size() and this can't be done in WorldSession::HandleGuildBankSwapItems()
I will try to find better implementation for this, and remember I' am kinda new at this so any suggestion is welcomed