From 156343d44b45cc8df4971837b6f92a7003f018b1 Mon Sep 17 00:00:00 2001 From: staphen Date: Fri, 8 Jul 2022 21:47:29 -0400 Subject: [PATCH] Validate spell IDs that are sent over the network --- Source/msg.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Source/msg.cpp b/Source/msg.cpp index 1acf5a514..166731648 100644 --- a/Source/msg.cpp +++ b/Source/msg.cpp @@ -1036,6 +1036,10 @@ DWORD OnSpellWall(const TCmd *pCmd, Player &player) return sizeof(message); auto spell = static_cast(message.wParam1); + if (!IsValidSpell(spell)) { + LogError(_("{:s} has cast an invalid spell.").c_str(), player._pName); + return sizeof(message); + } if (currlevel == 0 && !spelldata[spell].sTownSpell) { LogError(_("{:s} has cast an illegal spell.").c_str(), player._pName); return sizeof(message); @@ -1071,6 +1075,10 @@ DWORD OnSpellTile(const TCmd *pCmd, Player &player) return sizeof(message); auto spell = static_cast(message.wParam1); + if (!IsValidSpell(spell)) { + LogError(_("{:s} has cast an invalid spell.").c_str(), player._pName); + return sizeof(message); + } if (currlevel == 0 && !spelldata[spell].sTownSpell) { LogError(_("{:s} has cast an illegal spell.").c_str(), player._pName); return sizeof(message); @@ -1229,6 +1237,10 @@ DWORD OnSpellMonster(const TCmd *pCmd, Player &player) return sizeof(message); auto spell = static_cast(message.wParam2); + if (!IsValidSpell(spell)) { + LogError(_("{:s} has cast an invalid spell.").c_str(), player._pName); + return sizeof(message); + } if (currlevel == 0 && !spelldata[spell].sTownSpell) { LogError(_("{:s} has cast an illegal spell.").c_str(), player._pName); return sizeof(message); @@ -1261,6 +1273,10 @@ DWORD OnSpellPlayer(const TCmd *pCmd, Player &player) return sizeof(message); auto spell = static_cast(message.wParam2); + if (!IsValidSpell(spell)) { + LogError(_("{:s} has cast an invalid spell.").c_str(), player._pName); + return sizeof(message); + } if (currlevel == 0 && !spelldata[spell].sTownSpell) { LogError(_("{:s} has cast an illegal spell.").c_str(), player._pName); return sizeof(message);