Patch remaining vulnerabilities I am aware of

2019-01-12 12:31:02 +01:00 · 2019-01-12 12:31:02 +01:00 · 5ee8e6001b
commit 5ee8e6001b
parent 5ba522d2d0
4 changed files with 37 additions and 4 deletions
--- a/src/game/game.cpp
+++ b/src/game/game.cpp
@ -11,6 +11,8 @@ namespace game

 		DB_LoadXAssets_t DB_LoadXAssets;

+		MSG_ReadData_t MSG_ReadData;
+
 		Sys_ShowConsole_t Sys_ShowConsole;

 		int* cmd_args;
@ -46,6 +48,8 @@ namespace game

 		native::DB_LoadXAssets = native::DB_LoadXAssets_t(SELECT_VALUE(0x48A8E0, 0x4CD020, 0x44F770));

+		native::MSG_ReadData = native::MSG_ReadData_t(SELECT_VALUE(0, 0x5592A0, 0));
+
 		native::Sys_ShowConsole = native::Sys_ShowConsole_t(SELECT_VALUE(0x470AF0, 0x5CF590, 0));

 		native::cmd_args = reinterpret_cast<int*>(SELECT_VALUE(0x1750750, 0x1C978D0, 0x1B455F8));
--- a/src/game/game.hpp
+++ b/src/game/game.hpp
@ -18,6 +18,9 @@ namespace game
 		typedef void (*DB_LoadXAssets_t)(XZoneInfo* zoneInfo, unsigned int zoneCount, int sync);
 		extern DB_LoadXAssets_t DB_LoadXAssets;

+		typedef void(*MSG_ReadData_t)(msg_t *msg, void *data, int len);
+		extern MSG_ReadData_t MSG_ReadData;
+
 		typedef void (*Sys_ShowConsole_t)();
 		extern Sys_ShowConsole_t Sys_ShowConsole;

--- a/src/game/structs.hpp
+++ b/src/game/structs.hpp
@ -369,15 +369,29 @@ namespace game
 		};
 #pragma pack(pop)

-		typedef struct cmd_function_s
+		struct cmd_function_t
 		{
-			cmd_function_s* next;
+			cmd_function_t* next;
 			const char* name;
 			const char* autoCompleteDir;
 			const char* autoCompleteExt;
 			void (__cdecl *function)();
 			int flags;
-		} cmd_function_t;
+		};
+
+		struct msg_t
+		{
+			int overflowed;
+			int readOnly;
+			char* data;
+			char* splitData;
+			int maxsize;
+			int cursize;
+			int splitSize;
+			int readcount;
+			int bit;
+			int lastEntityRef;
+		};

 		struct XZoneInfo
 		{
--- a/src/module/security.cpp
+++ b/src/module/security.cpp
@ -1,12 +1,24 @@
 #include <std_include.hpp>
 #include "loader/module_loader.hpp"
+#include "game/game.hpp"
+#include "utils/hook.hpp"

 class security final : public module
 {
 public:
 	void post_load() override
 	{
-		// TODO: Patch open vulnerabilities
+		if(game::is_mp())
+		{
+			utils::hook(0x4AECD4, read_p2p_auth_ticket_stub, HOOK_JUMP).install()->quick();
+		}
+	}
+
+private:
+	static void read_p2p_auth_ticket_stub(game::native::msg_t* msg, void* data, const int len)
+	{
+		if (len < 0) return;
+		return game::native::MSG_ReadData(msg, data, std::min(len, 200));
 	}
 };