Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=292
There is a hole in the mail packet exchange scheme that in the right conditions would allow arbitrary item duplication using the 'attach item' feature.
This is due to the fact that items attached to a mail that's in the process of being sent don't actually get deleted, only after the confirmation from charserver arrives.
The details look like this:
- player A sends a mail+attachment to player B
- charserver saves mail, informs B and sends back an ack
- player A logs out before the 'ack' arrives - meaning the mail with the item has been permanently recorded on the charserver but the item hasn't been deleted from the sender's inventory!
- mapserver sends a desperate mail deletion request
- before it arrives, player B opens mailbox, retrieves item
Unlikely if map and char are on the same machine (the way the socket layer processes packets should make this scenario impossible), theoretically possible on multimap where A's server is on a very lagged / wiretapped connection.
The secure way would be to record the message as 'pending' in step 3., and add another step where the mapserver sends an ack after physically deleting the item. Then the charserver would change the mail into a permanent one.