nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-13 09:17:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Core): prevent movement exploit (#2410)

Browse Source
This commit is contained in:
Stefano Borzì
2019-11-15 10:03:57 +01:00
committed by Francesco Borzì
parent 685538b01b
commit ab637800e7
6 changed files with 1334 additions and 1340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/game/Chat/ChatLink.cpp
View File

@@ -661,7 +661,7 @@ bool LinkExtractor::IsValidMessage()
break;
char commandChar;
_iss >> commandChar;
_iss.get(commandChar);
// | in normal messages is escaped by ||
if (commandChar != PIPE_CHAR)

15
src/server/game/Handlers/MovementHandler.cpp
View File

@@ -303,7 +303,7 @@ void WorldSession::HandleMovementOpcodes(WorldPacket & recvData)
Unit* mover = _player->m_mover;
ASSERT(mover != NULL); // there must always be a mover
ASSERT(mover != nullptr); // there must always be a mover
Player* plrMover = mover->ToPlayer();
@@ -319,10 +319,16 @@ void WorldSession::HandleMovementOpcodes(WorldPacket & recvData)
recvData.readPackGUID(guid);
// prevent tampered movement data
if (!guid || guid != mover->GetGUID()) {
recvData.rfinish(); // prevent warnings spam
return;
}
// pussywizard: typical check for incomming movement packets
if (!mover || !mover->IsInWorld() || mover->IsDuringRemoveFromWorld() || guid != mover->GetGUID())
if (!mover || !(mover->IsInWorld()) || mover->IsDuringRemoveFromWorld() || !(mover->movespline->Finalized()))
{
recvData.rfinish();
recvData.rfinish(); // prevent warnings spam
return;
}
@@ -330,8 +336,7 @@ void WorldSession::HandleMovementOpcodes(WorldPacket & recvData)
movementInfo.guid = guid;
ReadMovementInfo(recvData, &movementInfo);
if (!movementInfo.pos.IsPositionValid())
{
if (!movementInfo.pos.IsPositionValid()) {
recvData.rfinish(); // prevent warnings spam
return;
}

2622
src/server/game/Server/Protocol/Opcodes.cpp
View File

File diff suppressed because it is too large Load Diff

1
src/server/game/Server/Protocol/Opcodes.h
View File

@@ -1361,7 +1361,6 @@ struct OpcodeHandler
SessionStatus status;
PacketProcessing packetProcessing;
void (WorldSession::*handler)(WorldPacket& recvPacket);
bool isGrouppedMovementOpcode; // pussywizard
};
extern OpcodeHandler opcodeTable[NUM_MSG_TYPES];

32
src/server/game/Server/WorldSession.cpp
View File

@@ -301,28 +301,18 @@ bool WorldSession::Update(uint32 diff, PacketFilter& updater)
}
else
{
if (opHandle.isGrouppedMovementOpcode)
{
if (movementPacket)
delete movementPacket;
movementPacket = new WorldPacket(packet->GetOpcode(), 0);
movementPacket->append(*((ByteBuffer*)packet));
}
else
{
if (movementPacket)
{
HandleMovementOpcodes(*movementPacket);
delete movementPacket;
movementPacket = NULL;
}
sScriptMgr->OnPacketReceive(this, *packet);
if (movementPacket)
{
HandleMovementOpcodes(*movementPacket);
delete movementPacket;
movementPacket = NULL;
}
sScriptMgr->OnPacketReceive(this, *packet);
#ifdef ELUNA
if (!sEluna->OnPacketReceive(this, *packet))
break;
if (!sEluna->OnPacketReceive(this, *packet))
break;
#endif
(this->*opHandle.handler)(*packet);
}
(this->*opHandle.handler)(*packet);
}
break;
case STATUS_TRANSFER:
@@ -358,7 +348,7 @@ bool WorldSession::Update(uint32 diff, PacketFilter& updater)
break;
}
}
catch(ByteBufferException &)
catch(ByteBufferException const&)
{
sLog->outError("WorldSession::Update ByteBufferException occured while parsing a packet (opcode: %u) from client %s, accountid=%i. Skipped packet.", packet->GetOpcode(), GetRemoteAddress().c_str(), GetAccountId());
if (sLog->IsOutDebug())

2
src/server/game/Server/WorldSocket.cpp
View File

@@ -711,7 +711,7 @@ int WorldSocket::ProcessIncoming(WorldPacket* new_pct)
}
}
}
catch (ByteBufferException &)
catch (ByteBufferException const&)
{
sLog->outError("WorldSocket::ProcessIncoming ByteBufferException occured while parsing an instant handled packet (opcode: %u) from client %s, accountid=%i. Disconnected client.", opcode, GetRemoteAddress().c_str(), m_Session?m_Session->GetAccountId():-1);
if (sLog->IsOutDebug())