Friend list missing state tracking - Hercules bug tracker archive

Issue information

Issue ID

#4629

Status

Fixed

Severity

Low

Started

Hercules Elf Bot

Dec 9, 2010 13:31

Last Post

Hercules Elf Bot

Apr 5, 2012 8:06

Confirmation

N/A

Hercules Elf Bot - Dec 9, 2010 13:31

Originally posted by [b]Ai4rei[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=4629

In the beginning adding friends was one-sided and without confirmation. In r1602 the confirmation mechanism was introduced, which required the player being added to agree to the process. Due to the fact, that the server does not track of the state, whether or not an invitation has been sent, this allows adding oneself into others' friend list without their consent by sending clif_parse_FriendsListReply packet through 3rd-party means such as WPE.

Possible solution would be to track of the char_id of last sent invitation and accepting only reply from this char_id.

~~8769~~

This post has been edited by Ai4rei: Dec 9 2010, 05:33 AM

Hercules Elf Bot - Dec 14, 2011 22:00

Originally posted by [b]Ind[/b]
Fixed in [rev=15118]

Hercules Elf Bot - Dec 15, 2011 19:13

Originally posted by [b]Erid[/b]
There is a minor typo in the comment at pc.h:
[CODE]
/**
* Guarantees your friend request is legit (for bugreport:6429)
**/
int friend_req;
[/CODE]

It should say [i]4629 [/i]instead of [i]6429[/i].

Hercules Elf Bot - Dec 15, 2011 20:32

Originally posted by [b]Ind[/b]
Thanks. Fixed in [rev=15136]