Mirrored_Repos/DarkflameServer
1
0
Fork 0
mirror of https://github.com/DarkflameUniverse/DarkflameServer.git synced 2026-06-08 15:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: security vulnerabilities (#1980)

Browse Source 
* fix: security vulnerabilities

Tested that all functions related to the touched files work

will test sqlite on a CI build

* fix failing test

* ai feedback

* add buffer size checking

* use c_str

* dont log session key

* Try this for a mac definition

* be quiet apple
This commit is contained in:
David Markowitz
2026-06-07 20:59:11 -07:00
committed by GitHub
parent f6c9a27a2b
commit a156a8fcba
109 changed files with 806 additions and 514 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
dWorldServer/WorldServer.cpp
View File

@@ -763,7 +763,8 @@ void HandleMasterPacket(Packet* packet) {
case MessageType::Master::NEW_SESSION_ALERT: {
CINSTREAM_SKIP_HEADER;
uint32_t sessionKey = inStream.Read(sessionKey);
uint32_t sessionKey{};
inStream.Read(sessionKey);
LUString username;
inStream.Read(username);
@@ -970,8 +971,7 @@ void HandlePacket(Packet* packet) {
}
case MessageType::World::LOGIN_REQUEST: {
RakNet::BitStream inStream(packet->data, packet->length, false);
uint64_t header = inStream.Read(header);
CINSTREAM_SKIP_HEADER;
LWOOBJID playerID = 0;
inStream.Read(playerID);
@@ -1256,13 +1256,22 @@ void HandlePacket(Packet* packet) {
return;
}
Entity* entity = Game::entityManager->GetEntity(user->GetLastUsedChar()->GetObjectID());
if (entity) entity->ProcessPositionUpdate(positionUpdate);
if (const auto* const lastChar = user->GetLastUsedChar()) {
if (auto* const entity = Game::entityManager->GetEntity(lastChar->GetObjectID())) {
entity->ProcessPositionUpdate(positionUpdate);
}
}
break;
}
case MessageType::World::MAIL: {
Mail::HandleMail(inStream, packet->systemAddress, UserManager::Instance()->GetUser(packet->systemAddress)->GetLastUsedChar()->GetEntity());
if (auto* const user = UserManager::Instance()->GetUser(packet->systemAddress)) {
if (auto* const lastChar = user->GetLastUsedChar()) {
if (auto* const entity = lastChar->GetEntity()) {
Mail::HandleMail(inStream, packet->systemAddress, entity);
}
}
}
break;
}
@@ -1285,7 +1294,8 @@ void HandlePacket(Packet* packet) {
LWOOBJID objectID = 0;
auto user = UserManager::Instance()->GetUser(packet->systemAddress);
if (user) {
objectID = user->GetLastUsedChar()->GetObjectID();
const auto* const lastChar = user->GetLastUsedChar();
if (lastChar) objectID = lastChar->GetObjectID();
}
bitStream.Write(objectID);
@@ -1385,13 +1395,19 @@ void HandlePacket(Packet* packet) {
return;
}
if (user->GetIsMuted()) {
user->GetLastUsedChar()->SendMuteNotice();
const auto* const lastChar = user->GetLastUsedChar();
if (!lastChar) {
LOG("No last used character for chat message %i", user->GetAccountID());
return;
}
std::string playerName = user->GetLastUsedChar()->GetName();
bool isMythran = user->GetLastUsedChar()->GetGMLevel() > eGameMasterLevel::CIVILIAN;
bool isOk = Game::chatFilter->IsSentenceOkay(GeneralUtils::UTF16ToWTF8(chatMessage.message), user->GetLastUsedChar()->GetGMLevel()).empty();
if (user->GetIsMuted()) {
lastChar->SendMuteNotice();
return;
}
std::string playerName = lastChar->GetName();
bool isMythran = lastChar->GetGMLevel() > eGameMasterLevel::CIVILIAN;
bool isOk = Game::chatFilter->IsSentenceOkay(GeneralUtils::UTF16ToWTF8(chatMessage.message), lastChar->GetGMLevel()).empty();
LOG_DEBUG("Msg: %s was approved previously? %i", GeneralUtils::UTF16ToWTF8(chatMessage.message).c_str(), user->GetLastChatMessageApproved());
if (!isOk) return;
if (!isOk && !isMythran) return;