From 9e307455a83e40045eeb562d8b3de30c408842b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefano=20Borz=C3=AC?= Date: Mon, 24 Feb 2020 08:40:02 +0100 Subject: [PATCH] refactor(HandleAuctionListOwnerItems): prevent crash (#2684) --- .../game/Handlers/AuctionHouseHandler.cpp | 22 ++++++++++--------- src/server/game/Misc/AsyncAuctionListing.cpp | 2 +- src/server/game/Misc/AsyncAuctionListing.h | 4 ++-- src/server/game/Server/WorldSession.h | 2 +- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/server/game/Handlers/AuctionHouseHandler.cpp b/src/server/game/Handlers/AuctionHouseHandler.cpp index 80cb3feb5..719b13e9b 100644 --- a/src/server/game/Handlers/AuctionHouseHandler.cpp +++ b/src/server/game/Handlers/AuctionHouseHandler.cpp @@ -218,7 +218,7 @@ void WorldSession::HandleAuctionSellItem(WorldPacket & recvData) SendAuctionCommandResult(0, AUCTION_SELL_ITEM, ERR_AUCTION_DATABASE_ERROR); return; } - + // check if there are 2 identical guids, in this case user is most likely cheating for (uint32 i = 0; i < itemsCount - 1; ++i) { @@ -646,6 +646,13 @@ void WorldSession::HandleAuctionListBidderItems(WorldPacket & recvData) //this void sends player info about his auctions void WorldSession::HandleAuctionListOwnerItems(WorldPacket & recvData) { + // prevent crash caused by malformed packet + uint64 guid; + uint32 listfrom; + + recvData >> guid; + recvData >> listfrom; + // pussywizard: const uint32 delay = 4500; const uint32 now = World::GetGameTimeMS(); @@ -656,10 +663,11 @@ void WorldSession::HandleAuctionListOwnerItems(WorldPacket & recvData) diff = delay; _lastAuctionListOwnerItemsMSTime = now + delay; // set longest possible here, actual exectuing will change this to getMSTime of that moment - _player->m_Events.AddEvent(new AuctionListOwnerItemsDelayEvent(recvData, _player->GetGUID(), true), _player->m_Events.CalculateTime(delay-diff)); + _player->m_Events.AddEvent(new AuctionListOwnerItemsDelayEvent(guid, _player->GetGUID(), true), _player->m_Events.CalculateTime(delay-diff)); } -void WorldSession::HandleAuctionListOwnerItemsEvent(WorldPacket & recvData) + +void WorldSession::HandleAuctionListOwnerItemsEvent(uint64 creatureGuid) { #if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS) sLog->outDebug(LOG_FILTER_NETWORKIO, "WORLD: Received CMSG_AUCTION_LIST_OWNER_ITEMS"); @@ -667,13 +675,7 @@ void WorldSession::HandleAuctionListOwnerItemsEvent(WorldPacket & recvData) _lastAuctionListOwnerItemsMSTime = World::GetGameTimeMS(); // pussywizard - uint32 listfrom; - uint64 guid; - - recvData >> guid; - recvData >> listfrom; // not used in fact (this list not have page control in client) - - Creature* creature = GetPlayer()->GetNPCIfCanInteractWith(guid, UNIT_NPC_FLAG_AUCTIONEER); + Creature* creature = GetPlayer()->GetNPCIfCanInteractWith(creatureGuid, UNIT_NPC_FLAG_AUCTIONEER); if (!creature) { #if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS) diff --git a/src/server/game/Misc/AsyncAuctionListing.cpp b/src/server/game/Misc/AsyncAuctionListing.cpp index 35b042c52..b835d3cff 100644 --- a/src/server/game/Misc/AsyncAuctionListing.cpp +++ b/src/server/game/Misc/AsyncAuctionListing.cpp @@ -16,7 +16,7 @@ ACE_Thread_Mutex AsyncAuctionListingMgr::auctionListingTempLock; bool AuctionListOwnerItemsDelayEvent::Execute(uint64 /*e_time*/, uint32 /*p_time*/) { if (Player* plr = ObjectAccessor::FindPlayer(playerguid)) - plr->GetSession()->HandleAuctionListOwnerItemsEvent(data); + plr->GetSession()->HandleAuctionListOwnerItemsEvent(creatureGuid); return true; } diff --git a/src/server/game/Misc/AsyncAuctionListing.h b/src/server/game/Misc/AsyncAuctionListing.h index 55abb27e7..ebdcd95b4 100644 --- a/src/server/game/Misc/AsyncAuctionListing.h +++ b/src/server/game/Misc/AsyncAuctionListing.h @@ -8,7 +8,7 @@ class AuctionListOwnerItemsDelayEvent : public BasicEvent { public: - AuctionListOwnerItemsDelayEvent(WorldPacket& d, uint64 guid, bool o) : data(d), playerguid(guid), owner(o) {} + AuctionListOwnerItemsDelayEvent(uint64 _creatureGuid, uint64 guid, bool o) : creatureGuid(_creatureGuid), playerguid(guid), owner(o) {} virtual ~AuctionListOwnerItemsDelayEvent() {} virtual bool Execute(uint64 e_time, uint32 p_time); @@ -16,7 +16,7 @@ class AuctionListOwnerItemsDelayEvent : public BasicEvent bool getOwner() { return owner; } private: - WorldPacket data; + uint64 creatureGuid; uint64 playerguid; bool owner; }; diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h index 55377cd6b..181c04bad 100644 --- a/src/server/game/Server/WorldSession.h +++ b/src/server/game/Server/WorldSession.h @@ -606,7 +606,7 @@ class WorldSession void HandleAuctionSellItem(WorldPacket& recvData); void HandleAuctionRemoveItem(WorldPacket& recvData); void HandleAuctionListOwnerItems(WorldPacket& recvData); - void HandleAuctionListOwnerItemsEvent(WorldPacket & recvData); + void HandleAuctionListOwnerItemsEvent(uint64 creatureGuid); void HandleAuctionPlaceBid(WorldPacket& recvData); void HandleAuctionListPendingSales(WorldPacket& recvData);