[QuickPatch] Fix party-join vulnerability

2018-10-13 22:59:32 +02:00 · 2018-10-13 22:59:32 +02:00 · 86819658f7
commit 86819658f7
parent 7c768b941f
2 changed files with 9 additions and 0 deletions
--- a/src/Components/Modules/QuickPatch.cpp
+++ b/src/Components/Modules/QuickPatch.cpp
@ -79,6 +79,11 @@ namespace Components
 		return -1;
 	}

+	long QuickPatch::AtolAdjustPlayerLimit(const char* string)
+	{
+		return std::min(atol(string), 18l);
+	}
+
 	void QuickPatch::SelectStringTableEntryInDvarStub()
 	{
 		Command::ClientParams args;
@ -432,6 +437,8 @@ namespace Components
 		Utils::Hook(0x414D92, QuickPatch::MsgReadBitsCompressCheckSV, HOOK_CALL).install()->quick(); // SV_ExecuteClientCommands
 		Utils::Hook(0x4A9F56, QuickPatch::MsgReadBitsCompressCheckCL, HOOK_CALL).install()->quick(); // CL_ParseServerMessage
 		Utils::Hook(0x407376, QuickPatch::SVCanReplaceServerCommand , HOOK_CALL).install()->quick(); // SV_CanReplaceServerCommand
+		Utils::Hook(0x5B67ED, QuickPatch::AtolAdjustPlayerLimit     , HOOK_CALL).install()->quick(); // PartyHost_HandleJoinPartyRequest
+

 		// Patch selectStringTableEntryInDvar
 		Utils::Hook::Set(0x405959, QuickPatch::SelectStringTableEntryInDvarStub);
--- a/src/Components/Modules/QuickPatch.hpp
+++ b/src/Components/Modules/QuickPatch.hpp
@ -23,6 +23,8 @@ namespace Components
 		static int MsgReadBitsCompressCheckSV(const char *from, char *to, int size);
 		static int MsgReadBitsCompressCheckCL(const char *from, char *to, int size);

+		static long AtolAdjustPlayerLimit(const char* string);
+
 		static void JavelinResetHookStub();

 		static int QuickPatch::InvalidNameCheck(char *dest, char *source, int size);