/costume core downer fix

  • I'm not sure if it's already present, but people reported me the /costume could be exploited for crashing every server (even officials as far as I heard)


    The bug is simple, the command prints the names of the costume's bonuses in chat. If they are missing in cmd_general.cpp fn_string, it returns null and causes a core crash, or if the format doesn't have a single-and-only-one format specifier %d.


    In here the patch:


    diff --git a/s3ll_server/README-SERVER.txt b/s3ll_server/README-SERVER.txt
    index 94f67f8..7d1dd3f 100644
    --- a/s3ll_server/README-SERVER.txt
    +++ b/s3ll_server/README-SERVER.txt
    @@ -336,6 +336,7 @@
    +@fixme180: on cmd_general.cpp; /costume will cause game core crashes if the relative costume bonus ids aren't present inside fn_string or have no %d

    #@/Server (general)
    @fixme401: fixed the guild disband time issue
    diff --git a/s3ll_server/Srcs/Server/game/src/cmd_general.cpp b/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
    index 739b7fc..740d80d 100644
    --- a/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
    +++ b/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
    @@ -1871,8 +1871,8 @@ static const char* FN_point_string(int apply_number)
    case POINT_MALL_ATTBONUS: return LC_TEXT("°ø°Ý·Â +%d%%");
    case POINT_MALL_DEFBONUS: return LC_TEXT("¹æ¾î·Â +%d%%");
    case POINT_MALL_EXPBONUS: return LC_TEXT("°æÇèÄ¡ %d%%");
    - case POINT_MALL_ITEMBONUS: return LC_TEXT("¾ÆÀÌÅÛ µå·ÓÀ² %.1f¹è");
    - case POINT_MALL_GOLDBONUS: return LC_TEXT("µ· µå·ÓÀ² %.1f¹è");
    + case POINT_MALL_ITEMBONUS: return LC_TEXT("¾ÆÀÌÅÛ µå·ÓÀ² %d¹è"); // @fixme180 float to int
    + case POINT_MALL_GOLDBONUS: return LC_TEXT("µ· µå·ÓÀ² %d¹è"); // @fixme180 float to int
    case POINT_MAX_HP_PCT: return LC_TEXT("ÃÖ´ë »ý¸í·Â +%d%%");
    case POINT_MAX_SP_PCT: return LC_TEXT("ÃÖ´ë Á¤½Å·Â +%d%%");
    case POINT_SKILL_DAMAGE_BONUS: return LC_TEXT("½ºÅ³ µ¥¹ÌÁö %d%%");
    @@ -1889,7 +1889,7 @@ static const char* FN_point_string(int apply_number)
    #ifdef ENABLE_WOLFMAN_CHARACTER
    case POINT_RESIST_WOLFMAN: return LC_TEXT("¹«´ç°ø°Ý¿¡ %d%% ÀúÇ×");
    #endif
    - default: return NULL;
    + default: return "UNK_ID %d%%"; // @fixme180
    }
    }

    You can try to refactor the return type as std::string to print the proper apply_number if you want, but it's not necessary.

    A special thank to Tunga for being my guinea pig of the day 🪓

    Bitte melden Sie sich an, um diesen Link zu sehen.
    Bitte melden Sie sich an, um diesen Link zu sehen.

  • Dieses Thema enthält einen weiteren Beitrag, der nur für registrierte Benutzer sichtbar ist, bitte registrieren Sie sich oder melden Sie sich an um diesen lesen zu können.