Fix ChatPacket Reading

mods/include/mods/misc/misc.h

@@ -11,8 +11,8 @@ void misc_render_background(int color, const Minecraft *minecraft, int x, int y,
 
 extern bool is_in_chat;
 
-typedef RakNet_RakString *(*RakNet_RakString_constructor_t)(RakNet_RakString *self, const char *format, ...);
-extern RakNet_RakString_constructor_t RakNet_RakString_constructor;
+typedef RakNet_RakString *(*RakNet_RakString_constructor_2_t)(RakNet_RakString *self, const char *format, ...);
+extern RakNet_RakString_constructor_2_t RakNet_RakString_constructor_2;
 }
 
 void misc_run_on_update(const std::function<void(Minecraft *)> &func);

mods/src/chat/chat.cpp

@@ -80,6 +80,16 @@ void _chat_send_message(const Minecraft *minecraft, const char *message) {
     send_api_chat_command(minecraft, message);
 }
 
+// Allow Reading Longer ChatPacket Messages
+static void ChatPacket_read_injection(__attribute__((unused)) ChatPacket_read_t original, ChatPacket *self, RakNet_BitStream *stream) {
+    RakNet_RakString *str = RakNet_RakString::allocate();
+    str->constructor();
+    str->Deserialize(stream);
+    self->message = str->sharedString->c_str;
+    str->Free();
+    ::operator delete(str);
+}
+
 // Init
 void init_chat() {
     if (feature_has("Implement Chat", server_enabled)) {
@@ -95,5 +105,6 @@ void init_chat() {
         // Disable Built-In Chat Message Limiting
         unsigned char message_limit_patch[4] = {0x03, 0x00, 0x53, 0xe1}; // "cmp r4, r4"
         patch((void *) 0x6b4c0, message_limit_patch);
+        overwrite_calls(ChatPacket_read, ChatPacket_read_injection);
     }
 }

mods/src/misc/misc.cpp

@@ -48,10 +48,10 @@ static void LoginPacket_read_injection(LoginPacket_read_t original, LoginPacket
 // RakNet::RakString's format constructor is often given unsanitized user input and is never used for formatting,
 // this is a massive security risk, allowing clients to run arbitrary format specifiers, this disables the
 // formatting functionality.
-RakNet_RakString_constructor_t RakNet_RakString_constructor = (RakNet_RakString_constructor_t) 0xea5cc;
+RakNet_RakString_constructor_2_t RakNet_RakString_constructor_2 = (RakNet_RakString_constructor_2_t) 0xea5cc;
 static RakNet_RakString *RakNet_RakString_injection(RakNet_RakString *rak_string, const char *format, ...) {
     // Call Original Method
-    return RakNet_RakString_constructor(rak_string, "%s", format);
+    return RakNet_RakString_constructor_2(rak_string, "%s", format);
 }
 
 // Print Error Message If RakNet Startup Fails
@@ -452,7 +452,7 @@ void init_misc() {
 
     // Fix RakNet::RakString Security Bug
     if (feature_has("Patch RakNet Security Bug", server_enabled)) {
-        overwrite_calls_manual((void *) RakNet_RakString_constructor, (void *) RakNet_RakString_injection);
+        overwrite_calls_manual((void *) RakNet_RakString_constructor_2, (void *) RakNet_RakString_injection);
     }
 
     // Print Error Message If RakNet Startup Fails

symbols/src/network/raknet/RakNet_BitStream.def

@@ -5,10 +5,11 @@ method void Write_short(short *i) = 0x71918;
 // right_aligned should be true
 method void WriteBits(const uchar *buff, uint bits, bool right_aligned) = 0xd41b4;
 
-method void Read_uchar(uchar *i) = 0x45ab0;
-method void Read_int(int *i) = 0x184ec;
-method void Read_ushort(ushort *i) = 0x45acc;
-method void Read_short(short *i) = 0x72070;
+method bool Read_uchar(uchar *i) = 0x45ab0;
+method bool Read_int(int *i) = 0x184ec;
+method bool Read_ushort(ushort *i) = 0x45acc;
+method bool Read_short(short *i) = 0x72070;
+method bool Read_str(char *str) = 0xd5174;
 // right_aligned should be true
 method void ReadBits(uchar *buff, uint bits, bool right_aligned) = 0xd3e18;
 

symbols/src/network/raknet/RakNet_RakString.def

@@ -1,5 +1,10 @@
+size 0x4;
+
+constructor () = 0xe8f80;
 //constructor (const char *format, ...) = 0xea5cc;
 
 method void Assign(const char *str) = 0xe9e34;
+method void Free() = 0xe9b50;
+method bool Deserialize(RakNet_BitStream *stream) = 0xea990;
 
 property RakNet_RakString_SharedString *sharedString = 0x0;