From 5ee8e6001bac40d6490c5e275304d12394c202a9 Mon Sep 17 00:00:00 2001
From: momo5502 <mail@momo5502.com>
Date: Sat, 12 Jan 2019 12:31:02 +0100
Subject: [PATCH] Patch remaining vulnerabilities I am aware of

---
 src/game/game.cpp       |  4 ++++
 src/game/game.hpp       |  3 +++
 src/game/structs.hpp    | 20 +++++++++++++++++---
 src/module/security.cpp | 14 +++++++++++++-
 4 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/src/game/game.cpp b/src/game/game.cpp
index ea0333b..f119dfc 100644
--- a/src/game/game.cpp
+++ b/src/game/game.cpp
@@ -11,6 +11,8 @@ namespace game
 
 		DB_LoadXAssets_t DB_LoadXAssets;
 
+		MSG_ReadData_t MSG_ReadData;
+
 		Sys_ShowConsole_t Sys_ShowConsole;
 
 		int* cmd_args;
@@ -46,6 +48,8 @@ namespace game
 
 		native::DB_LoadXAssets = native::DB_LoadXAssets_t(SELECT_VALUE(0x48A8E0, 0x4CD020, 0x44F770));
 
+		native::MSG_ReadData = native::MSG_ReadData_t(SELECT_VALUE(0, 0x5592A0, 0));
+
 		native::Sys_ShowConsole = native::Sys_ShowConsole_t(SELECT_VALUE(0x470AF0, 0x5CF590, 0));
 
 		native::cmd_args = reinterpret_cast<int*>(SELECT_VALUE(0x1750750, 0x1C978D0, 0x1B455F8));
diff --git a/src/game/game.hpp b/src/game/game.hpp
index 57bbc1f..74f3010 100644
--- a/src/game/game.hpp
+++ b/src/game/game.hpp
@@ -18,6 +18,9 @@ namespace game
 		typedef void (*DB_LoadXAssets_t)(XZoneInfo* zoneInfo, unsigned int zoneCount, int sync);
 		extern DB_LoadXAssets_t DB_LoadXAssets;
 
+		typedef void(*MSG_ReadData_t)(msg_t *msg, void *data, int len);
+		extern MSG_ReadData_t MSG_ReadData;
+
 		typedef void (*Sys_ShowConsole_t)();
 		extern Sys_ShowConsole_t Sys_ShowConsole;
 
diff --git a/src/game/structs.hpp b/src/game/structs.hpp
index 9fb06e5..4beee2c 100644
--- a/src/game/structs.hpp
+++ b/src/game/structs.hpp
@@ -369,15 +369,29 @@ namespace game
 		};
 #pragma pack(pop)
 
-		typedef struct cmd_function_s
+		struct cmd_function_t
 		{
-			cmd_function_s* next;
+			cmd_function_t* next;
 			const char* name;
 			const char* autoCompleteDir;
 			const char* autoCompleteExt;
 			void (__cdecl *function)();
 			int flags;
-		} cmd_function_t;
+		};
+
+		struct msg_t
+		{
+			int overflowed;
+			int readOnly;
+			char* data;
+			char* splitData;
+			int maxsize;
+			int cursize;
+			int splitSize;
+			int readcount;
+			int bit;
+			int lastEntityRef;
+		};
 
 		struct XZoneInfo
 		{
diff --git a/src/module/security.cpp b/src/module/security.cpp
index 14e35d8..34f3b88 100644
--- a/src/module/security.cpp
+++ b/src/module/security.cpp
@@ -1,12 +1,24 @@
 #include <std_include.hpp>
 #include "loader/module_loader.hpp"
+#include "game/game.hpp"
+#include "utils/hook.hpp"
 
 class security final : public module
 {
 public:
 	void post_load() override
 	{
-		// TODO: Patch open vulnerabilities
+		if(game::is_mp())
+		{
+			utils::hook(0x4AECD4, read_p2p_auth_ticket_stub, HOOK_JUMP).install()->quick();
+		}
+	}
+
+private:
+	static void read_p2p_auth_ticket_stub(game::native::msg_t* msg, void* data, const int len)
+	{
+		if (len < 0) return;
+		return game::native::MSG_ReadData(msg, data, std::min(len, 200));
 	}
 };