Need help with exploits in CT2.4 (fixes inside)

If something doesn't fit in any other forum then post it here.
Forum rules
READ NOW: L2j Forums Rules of Conduct
Post Reply
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Need help with exploits in CT2.4 (fixes inside)

Post by JMD »

Does anyone know what critical exploits have show up from Epilogue till now? Or at least help me in any way to find them?
Last edited by JMD on Thu Mar 26, 2015 5:14 pm, edited 1 time in total.
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

i know about it but since the old trac is password protected now i cant look at the diffs.
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

JMD wrote:i know about it but since the old trac is password protected now i cant look at the diffs.
Here you go:
http://trac.l2jfree.com/l2jserver/changeset/6477

Code: Select all

Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java	(revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java	(revision 6477)
@@ -72,7 +72,14 @@
 		if (client.getAccountName() == null)
 		{
-			client.setAccountName(_loginName);
-			LoginServerThread.getInstance().addGameServerLogin(_loginName, client);
-			LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+			// Preventing duplicate login in case client login server socket was disconnected or this packet was not sent yet
+			if (LoginServerThread.getInstance().addGameServerLogin(_loginName, client))
+			{
+				client.setAccountName(_loginName);
+				LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+			}
+			else
+			{
+				client.close((L2GameServerPacket) null);
+			}
 		}
 	}
Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java	(revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java	(revision 6477)
@@ -462,8 +462,9 @@
 	 * @param account the account
 	 * @param client the client
-	 */
-	public void addGameServerLogin(String account, L2GameClient client)
-	{
-		_accountsInGameServer.put(account, client);
+	 * @return {@code true} if account was not already logged in, {@code false} otherwise
+	 */
+	public boolean addGameServerLogin(String account, L2GameClient client)
+	{
+		return _accountsInGameServer.putIfAbsent(account, client) == null;
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

Thank you.

Here is the fix for CT2.4
Gist by: JMD13
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

Probably this one too
viewtopic.php?f=77&t=29776
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

Gries wrote:Probably this one too
viewtopic.php?f=77&t=29776
Nice thanks.
Gist by: JMD13
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits in CT2.4 (fixes inside)

Post by Gries »

It appears that L2jFree site is now down, can't check changes anymore now :cry:
Post Reply