From 173c6828a899fdb7e35b466e1689ff1816a5f8a7 Mon Sep 17 00:00:00 2001 From: meneleos Date: Fri, 26 Sep 2025 22:03:13 +0300 Subject: [PATCH] some fixes --- src/db/ClientManager.cpp | 12 ++++++++++-- src/db/ClientManagerLogin.cpp | 2 +- src/db/ClientManagerPlayer.cpp | 2 +- src/game/input_db.cpp | 3 ++- src/game/input_login.cpp | 24 ++++++++++++++++++++++-- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/src/db/ClientManager.cpp b/src/db/ClientManager.cpp index 64ccad6..341a178 100644 --- a/src/db/ClientManager.cpp +++ b/src/db/ClientManager.cpp @@ -510,6 +510,7 @@ void CClientManager::RESULT_SAFEBOX_LOAD(CPeer * pkPeer, SQLMsg * msg) if (strcmp("000000", szSafeboxPassword)) { pkPeer->EncodeHeader(HEADER_DG_SAFEBOX_WRONG_PASSWORD, dwHandle, 0); + delete pSafebox; delete pi; return; } @@ -523,6 +524,7 @@ void CClientManager::RESULT_SAFEBOX_LOAD(CPeer * pkPeer, SQLMsg * msg) ((row[2] && *row[2]) && strcmp(row[2], szSafeboxPassword))) { pkPeer->EncodeHeader(HEADER_DG_SAFEBOX_WRONG_PASSWORD, dwHandle, 0); + delete pSafebox; delete pi; return; } @@ -859,7 +861,7 @@ void CClientManager::RESULT_SAFEBOX_CHANGE_PASSWORD(CPeer * pkPeer, SQLMsg * msg { MYSQL_ROW row = mysql_fetch_row(msg->Get()->pSQLResult); - if (row[0] && *row[0] && !strcasecmp(row[0], p->login) || (!row[0] || !*row[0]) && !strcmp("000000", p->login)) + if ((row[0] && *row[0] && !strcasecmp(row[0], p->login)) || ((!row[0] || !*row[0]) && !strcmp("000000", p->login))) { char szQuery[QUERY_MAX_LEN]; char escape_pwd[64]; @@ -907,6 +909,9 @@ void CClientManager::RESULT_PRICELIST_LOAD(CPeer* peer, SQLMsg* pMsg) while ((row = mysql_fetch_row(pMsg->Get()->pSQLResult))) { + if (table.byCount >= SHOP_PRICELIST_MAX_NUM) + break; + str_to_number(table.aPriceInfo[table.byCount].dwVnum, row[0]); str_to_number(table.aPriceInfo[table.byCount].dwPrice, row[1]); table.byCount++; @@ -950,6 +955,9 @@ void CClientManager::RESULT_PRICELIST_LOAD_FOR_UPDATE(SQLMsg* pMsg) while ((row = mysql_fetch_row(pMsg->Get()->pSQLResult))) { + if (table.byCount >= SHOP_PRICELIST_MAX_NUM) + break; + str_to_number(table.aPriceInfo[table.byCount].dwVnum, row[0]); str_to_number(table.aPriceInfo[table.byCount].dwPrice, row[1]); table.byCount++; @@ -1991,7 +1999,7 @@ void CClientManager::WeddingEnd(TPacketWeddingEnd * p) // Fixed code: void CClientManager::MyshopPricelistUpdate(const TItemPriceListTable* pPacket) { - if (pPacket->byCount > SHOP_PRICELIST_MAX_NUM) + if (pPacket->byCount >= SHOP_PRICELIST_MAX_NUM) { sys_err("count overflow!"); return; diff --git a/src/db/ClientManagerLogin.cpp b/src/db/ClientManagerLogin.cpp index f352ba8..99e16c7 100644 --- a/src/db/ClientManagerLogin.cpp +++ b/src/db/ClientManagerLogin.cpp @@ -97,7 +97,7 @@ void CClientManager::QUERY_LOGIN_BY_KEY(CPeer * pkPeer, DWORD dwHandle, TPacketG { sys_log(0, "LOGIN_BY_KEY already login %s %lu", r.login, p->dwLoginKey); TPacketDGLoginAlready ptog; - strlcpy(ptog.szLogin, szLogin, sizeof(ptog.szLogin)); + strlcpy(ptog.szLogin, r.login, sizeof(ptog.szLogin)); pkPeer->EncodeHeader(HEADER_DG_LOGIN_ALREADY, dwHandle, sizeof(TPacketDGLoginAlready)); pkPeer->Encode(&ptog, sizeof(TPacketDGLoginAlready)); return; diff --git a/src/db/ClientManagerPlayer.cpp b/src/db/ClientManagerPlayer.cpp index e147dd5..a1563dc 100644 --- a/src/db/ClientManagerPlayer.cpp +++ b/src/db/ClientManagerPlayer.cpp @@ -762,7 +762,7 @@ void CClientManager::RESULT_QUEST_LOAD(CPeer * peer, MYSQL_RES * pRes, DWORD dwH str_to_number(r.lValue, row[3]); } - sys_log(0, "QUEST_LOAD: count %d PID %u", s_table.size(), s_table[0].dwPID); + sys_log(0, "QUEST_LOAD: count %d PID %u", s_table.size(), pid); DWORD dwCount = s_table.size(); diff --git a/src/game/input_db.cpp b/src/game/input_db.cpp index 0914bd0..cca7cac 100644 --- a/src/game/input_db.cpp +++ b/src/game/input_db.cpp @@ -396,6 +396,7 @@ void CInputDB::PlayerLoad(LPDESC d, const char * data) if (NULL != CHARACTER_MANAGER::Instance().FindPC(pTab->name)) { sys_err("InputDB: PlayerLoad : %s already exist in game", pTab->name); + d->SetPhase(PHASE_CLOSE); return; } @@ -1411,7 +1412,7 @@ void CInputDB::GuildSkillRecharge() void CInputDB::GuildExpUpdate(const char* c_pData) { - TPacketGuildSkillUpdate * p = (TPacketGuildSkillUpdate *) c_pData; + TPacketGuildExpUpdate * p = (TPacketGuildExpUpdate *) c_pData; sys_log(1, "GuildExpUpdate %d", p->amount); CGuild * g = CGuildManager::instance().TouchGuild(p->guild_id); diff --git a/src/game/input_login.cpp b/src/game/input_login.cpp index 5a7235d..bbe718a 100644 --- a/src/game/input_login.cpp +++ b/src/game/input_login.cpp @@ -197,6 +197,12 @@ void CInputLogin::ChangeName(LPDESC d, const char * data) return; } + if (p->index < 0 || p->index >= PLAYER_PER_ACCOUNT) + { + sys_err("index overflow %d, login: %s", p->index, c_r.login); + return; + } + if (!c_r.players[p->index].bChangeName) return; @@ -229,12 +235,19 @@ void CInputLogin::CharacterSelect(LPDESC d, const char * data) return; } - if (pinfo->index >= PLAYER_PER_ACCOUNT) + if (pinfo->index < 0 || pinfo->index >= PLAYER_PER_ACCOUNT) { sys_err("index overflow %d, login: %s", pinfo->index, c_r.login); return; } + if (c_r.players[pinfo->index].dwID == 0) + { + sys_err("player index(%d) is null. login %s", + pinfo->index, c_r.login); + return; + } + if (c_r.players[pinfo->index].bChangeName) { sys_err("name must be changed idx %d, login %s, name %s", @@ -431,6 +444,13 @@ void CInputLogin::CharacterCreate(LPDESC d, const char * data) return; } + if (pinfo->index < 0 || pinfo->index >= PLAYER_PER_ACCOUNT) + { + sys_err("index overflow %d, login: %s", pinfo->index, d->GetAccountTable().login); + d->Packet(&packFailure, sizeof(packFailure)); + return; + } + // 사용할 수 없는 이름이거나, 잘못된 평상복이면 생설 실패 if (!check_name(pinfo->name) || pinfo->shape > 1) { @@ -502,7 +522,7 @@ void CInputLogin::CharacterDelete(LPDESC d, const char * data) sys_log(0, "PlayerDelete: login: %s index: %d, social_id %s", c_rAccountTable.login, pinfo->index, pinfo->private_code); - if (pinfo->index >= PLAYER_PER_ACCOUNT) + if (pinfo->index < 0 || pinfo->index >= PLAYER_PER_ACCOUNT) { sys_err("PlayerDelete: index overflow %d, login: %s", pinfo->index, c_rAccountTable.login); return;