Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=2664
CODE
payon,140,151,5 script Seiyablem 84,{
...
< checks here >
mes "[Seiyablem]";
mes "Alright then, let the work begin!";
mes "You'd better pray for a successful result.";
next;
if((.@socketrand > getarg(3)) && (.@socketrand < getarg(4)))
{
delitem getarg(1),1;
getitem getarg(2),1;
}
else
{
delitem getarg(1),1;
}
Now I know that trunk now supports instant abort on delitem failure, but that's only in trunk
r13368+. That means that all previous versions, as well as the entire stable branch, are still vulnerable to this primitive item duplication exploit (dropping items / sending via mailbox at the final 'next' pause).
What is the policy for such bugs? Add extra checks after the next;, or leave it as it is and tell people to update their server code?
EDIT: bugfix was also applied to stable r13368, so I guess this is 'fixed'. Although I'm still wondering...
This post has been edited by theultramage: Jan 13 2009, 08:50 AM