Fix ChatPacket Reading
This commit is contained in:
parent
661cfd02ad
commit
b11cc95e50
@ -11,8 +11,8 @@ void misc_render_background(int color, const Minecraft *minecraft, int x, int y,
|
||||
|
||||
extern bool is_in_chat;
|
||||
|
||||
typedef RakNet_RakString *(*RakNet_RakString_constructor_t)(RakNet_RakString *self, const char *format, ...);
|
||||
extern RakNet_RakString_constructor_t RakNet_RakString_constructor;
|
||||
typedef RakNet_RakString *(*RakNet_RakString_constructor_2_t)(RakNet_RakString *self, const char *format, ...);
|
||||
extern RakNet_RakString_constructor_2_t RakNet_RakString_constructor_2;
|
||||
}
|
||||
|
||||
void misc_run_on_update(const std::function<void(Minecraft *)> &func);
|
||||
|
@ -80,6 +80,16 @@ void _chat_send_message(const Minecraft *minecraft, const char *message) {
|
||||
send_api_chat_command(minecraft, message);
|
||||
}
|
||||
|
||||
// Allow Reading Longer ChatPacket Messages
|
||||
static void ChatPacket_read_injection(__attribute__((unused)) ChatPacket_read_t original, ChatPacket *self, RakNet_BitStream *stream) {
|
||||
RakNet_RakString *str = RakNet_RakString::allocate();
|
||||
str->constructor();
|
||||
str->Deserialize(stream);
|
||||
self->message = str->sharedString->c_str;
|
||||
str->Free();
|
||||
::operator delete(str);
|
||||
}
|
||||
|
||||
// Init
|
||||
void init_chat() {
|
||||
if (feature_has("Implement Chat", server_enabled)) {
|
||||
@ -95,5 +105,6 @@ void init_chat() {
|
||||
// Disable Built-In Chat Message Limiting
|
||||
unsigned char message_limit_patch[4] = {0x03, 0x00, 0x53, 0xe1}; // "cmp r4, r4"
|
||||
patch((void *) 0x6b4c0, message_limit_patch);
|
||||
overwrite_calls(ChatPacket_read, ChatPacket_read_injection);
|
||||
}
|
||||
}
|
||||
|
@ -48,10 +48,10 @@ static void LoginPacket_read_injection(LoginPacket_read_t original, LoginPacket
|
||||
// RakNet::RakString's format constructor is often given unsanitized user input and is never used for formatting,
|
||||
// this is a massive security risk, allowing clients to run arbitrary format specifiers, this disables the
|
||||
// formatting functionality.
|
||||
RakNet_RakString_constructor_t RakNet_RakString_constructor = (RakNet_RakString_constructor_t) 0xea5cc;
|
||||
RakNet_RakString_constructor_2_t RakNet_RakString_constructor_2 = (RakNet_RakString_constructor_2_t) 0xea5cc;
|
||||
static RakNet_RakString *RakNet_RakString_injection(RakNet_RakString *rak_string, const char *format, ...) {
|
||||
// Call Original Method
|
||||
return RakNet_RakString_constructor(rak_string, "%s", format);
|
||||
return RakNet_RakString_constructor_2(rak_string, "%s", format);
|
||||
}
|
||||
|
||||
// Print Error Message If RakNet Startup Fails
|
||||
@ -452,7 +452,7 @@ void init_misc() {
|
||||
|
||||
// Fix RakNet::RakString Security Bug
|
||||
if (feature_has("Patch RakNet Security Bug", server_enabled)) {
|
||||
overwrite_calls_manual((void *) RakNet_RakString_constructor, (void *) RakNet_RakString_injection);
|
||||
overwrite_calls_manual((void *) RakNet_RakString_constructor_2, (void *) RakNet_RakString_injection);
|
||||
}
|
||||
|
||||
// Print Error Message If RakNet Startup Fails
|
||||
|
@ -5,10 +5,11 @@ method void Write_short(short *i) = 0x71918;
|
||||
// right_aligned should be true
|
||||
method void WriteBits(const uchar *buff, uint bits, bool right_aligned) = 0xd41b4;
|
||||
|
||||
method void Read_uchar(uchar *i) = 0x45ab0;
|
||||
method void Read_int(int *i) = 0x184ec;
|
||||
method void Read_ushort(ushort *i) = 0x45acc;
|
||||
method void Read_short(short *i) = 0x72070;
|
||||
method bool Read_uchar(uchar *i) = 0x45ab0;
|
||||
method bool Read_int(int *i) = 0x184ec;
|
||||
method bool Read_ushort(ushort *i) = 0x45acc;
|
||||
method bool Read_short(short *i) = 0x72070;
|
||||
method bool Read_str(char *str) = 0xd5174;
|
||||
// right_aligned should be true
|
||||
method void ReadBits(uchar *buff, uint bits, bool right_aligned) = 0xd3e18;
|
||||
|
||||
|
@ -1,5 +1,10 @@
|
||||
size 0x4;
|
||||
|
||||
constructor () = 0xe8f80;
|
||||
//constructor (const char *format, ...) = 0xea5cc;
|
||||
|
||||
method void Assign(const char *str) = 0xe9e34;
|
||||
method void Free() = 0xe9b50;
|
||||
method bool Deserialize(RakNet_BitStream *stream) = 0xea990;
|
||||
|
||||
property RakNet_RakString_SharedString *sharedString = 0x0;
|
Loading…
x
Reference in New Issue
Block a user