fix: security vulnerabilities

Tested that all functions related to the touched files work

will test sqlite on a CI build

dNet/AuthPackets.cpp

@@ -157,8 +157,7 @@ void AuthPackets::HandleLoginRequest(dServer* server, Packet* packet) {
 	}
 
 	//If we aren't running in live mode, then only GMs are allowed to enter:
-	const auto& closedToNonDevs = Game::config->GetValue("closed_to_non_devs");
-	if (closedToNonDevs.size() > 0 && bool(std::stoi(closedToNonDevs)) && accountInfo->maxGmLevel == eGameMasterLevel::CIVILIAN) {
+	if (Game::config->GetValue<bool>("closed_to_non_devs", false) && accountInfo->maxGmLevel == eGameMasterLevel::CIVILIAN) {
 		stamps.emplace_back(eStamps::GM_REQUIRED, 1);
 		AuthPackets::SendLoginResponse(server, packet->systemAddress, eLoginResponse::PERMISSIONS_NOT_HIGH_ENOUGH, "The server is currently only open to developers.", "", 2001, username, stamps);
 		return;

dNet/ClientPackets.cpp

@@ -108,6 +108,7 @@ ChatModerationRequest ClientPackets::HandleChatModerationRequest(Packet* packet)
 
 	uint16_t messageLength;
 	inStream.Read(messageLength);
+	if (messageLength > MAX_MESSAGE_LENGTH) return request;
 	for (uint32_t i = 0; i < messageLength; ++i) {
 		uint16_t character;
 		inStream.Read(character);

dNet/MasterPackets.cpp

@@ -77,7 +77,8 @@ void MasterPackets::SendZoneTransferResponse(dServer* server, const SystemAddres
 
 void MasterPackets::HandleServerInfo(Packet* packet) {
 	RakNet::BitStream inStream(packet->data, packet->length, false);
-	uint64_t header = inStream.Read(header);
+	uint64_t header{};
+	inStream.Read(header);
 
 	uint32_t theirPort = 0;
 	uint32_t theirZoneID = 0;

dNet/WorldPackets.cpp

@@ -103,12 +103,9 @@ void WorldPackets::SendCreateCharacter(const SystemAddress& sysAddr, int64_t rep
 
 	//Compress the data before sending:
 	const uint32_t reservedSize = ZCompression::GetMaxCompressedLength(data.GetNumberOfBytesUsed());
-	uint8_t* compressedData = new uint8_t[reservedSize];
+	auto compressedData = std::make_unique<uint8_t[]>(reservedSize);
 
-	// TODO There should be better handling here for not enough memory...
-	if (!compressedData) return;
-
-	size_t size = ZCompression::Compress(data.GetData(), data.GetNumberOfBytesUsed(), compressedData, reservedSize);
+	size_t size = ZCompression::Compress(data.GetData(), data.GetNumberOfBytesUsed(), compressedData.get(), reservedSize);
 
 	assert(size <= reservedSize);
 
@@ -123,11 +120,10 @@ void WorldPackets::SendCreateCharacter(const SystemAddress& sysAddr, int64_t rep
 	 * an assertion is done to prevent bad data from being saved or sent.
 	 */
 #pragma warning(disable:6385) // C6385 Reading invalid data from 'compressedData'.
-	bitStream.WriteAlignedBytes(compressedData, size);
+	bitStream.WriteAlignedBytes(compressedData.get(), size);
 #pragma warning(default:6385)
 
 	SEND_PACKET;
-	delete[] compressedData;
 	LOG("Sent CreateCharacter for ID: %llu", player);
 }
 

dNet/dServer.cpp

@@ -233,13 +233,11 @@ bool dServer::Startup() {
 }
 
 void dServer::UpdateMaximumMtuSize() {
-	auto maxMtuSize = mConfig->GetValue("maximum_mtu_size");
-	mPeer->SetMTUSize(maxMtuSize.empty() ? 1228 : std::stoi(maxMtuSize));
+	mPeer->SetMTUSize(mConfig->GetValue<int32_t>("maximum_mtu_size", 1228));
 }
 
 void dServer::UpdateBandwidthLimit() {
-	auto newBandwidth = mConfig->GetValue("maximum_outgoing_bandwidth");
-	mPeer->SetPerConnectionOutgoingBandwidthLimit(!newBandwidth.empty() ? std::stoi(newBandwidth) : 0);
+	mPeer->SetPerConnectionOutgoingBandwidthLimit(mConfig->GetValue<int32_t>("maximum_outgoing_bandwidth", 0));
 }
 
 void dServer::Shutdown() {