Hercules Elf Bot - Nov 19, 2012 7:27
Originally posted by [b]curiosity[/b]
I tried submitting this to eAthena a week ago or so, but I think rAthena has the same problem. I figured you get most of eA's patches anyway, but it looks like eA is dead in the water so I thought I'd submit it here too.
[quote]In char/char.c as well as char_sql/char.c there doesn't seem to be any validation of correct range for head and head color when creating a new character (make_new_char/make_new_char_sql).
I tried forging a 0x67 packet and was able to create a new character with head ID 10,000 on my local setup (15224 TXT). Validation is present in old revisions, but must have been left out in an overhaul of the char server.
I haven't tested further because I don't have a working client, but I suppose a head ID out of bounds would crash the client. If so this issue is somewhat severe since it could potentially be used to create a character which crashes everyone on the server.[/quote]
Hercules Elf Bot - Nov 20, 2012 2:25
Originally posted by [b]mkbu95[/b]
Fixed in [rev=16930].
Thankyou!