Need help with exploits in CT2.4 (fixes inside)

If something doesn't fit in any other forum then post it here.
Forum rules
READ NOW: L2j Forums Rules of Conduct
Post Reply
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Need help with exploits in CT2.4 (fixes inside)

Post by JMD »

Does anyone know what critical exploits have show up from Epilogue till now? Or at least help me in any way to find them?
Last edited by JMD on Thu Mar 26, 2015 5:14 pm, edited 1 time in total.
Top
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

Have you tried this one?
viewtopic.php?f=103&t=29411&p=175355&hi ... in#p175355
Top
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

i know about it but since the old trac is password protected now i cant look at the diffs.
Top
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

JMD wrote:i know about it but since the old trac is password protected now i cant look at the diffs.
Here you go:
http://trac.l2jfree.com/l2jserver/changeset/6477

Code: Select all

Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java	(revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java	(revision 6477)
@@ -72,7 +72,14 @@
 		if (client.getAccountName() == null)
 		{
-			client.setAccountName(_loginName);
-			LoginServerThread.getInstance().addGameServerLogin(_loginName, client);
-			LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+			// Preventing duplicate login in case client login server socket was disconnected or this packet was not sent yet
+			if (LoginServerThread.getInstance().addGameServerLogin(_loginName, client))
+			{
+				client.setAccountName(_loginName);
+				LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+			}
+			else
+			{
+				client.close((L2GameServerPacket) null);
+			}
 		}
 	}
Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java	(revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java	(revision 6477)
@@ -462,8 +462,9 @@
 	 * @param account the account
 	 * @param client the client
-	 */
-	public void addGameServerLogin(String account, L2GameClient client)
-	{
-		_accountsInGameServer.put(account, client);
+	 * @return {@code true} if account was not already logged in, {@code false} otherwise
+	 */
+	public boolean addGameServerLogin(String account, L2GameClient client)
+	{
+		return _accountsInGameServer.putIfAbsent(account, client) == null;
Top
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

Thank you.

Here is the fix for CT2.4
Gist by: JMD13
Index: java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java
===================================================================
--- java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java (revision 6670)
+++ java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java (working copy)
@@ -20,6 +20,7 @@
import com.l2jserver.gameserver.LoginServerThread;
import com.l2jserver.gameserver.LoginServerThread.SessionKey;
import com.l2jserver.gameserver.network.L2GameClient;
+import com.l2jserver.gameserver.network.serverpackets.L2GameServerPacket;
/**
@@ -72,9 +73,16 @@
// avoid potential exploits
if (client.getAccountName() == null)
{
- client.setAccountName(_loginName);
- LoginServerThread.getInstance().addGameServerLogin(_loginName, client);
- LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+ // Preventing duplicate login in case client login server socket was disconnected or this packet was not sent yet
+ if (LoginServerThread.getInstance().addGameServerLogin(_loginName, client))
+ {
+ client.setAccountName(_loginName);
+ LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+ }
+ else
+ {
+ client.close((L2GameServerPacket) null);
+ }
}
}
Index: java/com/l2jserver/gameserver/LoginServerThread.java
===================================================================
--- java/com/l2jserver/gameserver/LoginServerThread.java (revision 6670)
+++ java/com/l2jserver/gameserver/LoginServerThread.java (working copy)
@@ -94,7 +94,7 @@
private boolean _reserveHost;
private int _maxPlayer;
private List<WaitingClient> _waitingClients;
- private Map<String, L2GameClient> _accountsInGameServer;
+ private final FastMap<String, L2GameClient> _accountsInGameServer = new FastMap<String, L2GameClient>();
private int _status;
private String _serverName;
private String _gameExternalHost;
@@ -121,7 +121,7 @@
_gameExternalHost = Config.EXTERNAL_HOSTNAME;
_gameInternalHost = Config.INTERNAL_HOSTNAME;
_waitingClients = new FastList<WaitingClient>();
- _accountsInGameServer = new FastMap<String, L2GameClient>().shared();
+ _accountsInGameServer.shared();
_maxPlayer = Config.MAXIMUM_ONLINE_USERS;
}
@@ -430,9 +430,10 @@
}
}
- public void addGameServerLogin(String account, L2GameClient client)
- {
- _accountsInGameServer.put(account, client);
+ //@return {@code true} if account was not already logged in, {@code false} otherwise
+ public boolean addGameServerLogin(String account, L2GameClient client)
+ {
+ return _accountsInGameServer.putIfAbsent(account, client) == null;
}
public void sendAccessLevel(String account, int level)
view raw gistfile1.java hosted with ❤ by GitHub
Top
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits.

Post by Gries »

Probably this one too
viewtopic.php?f=77&t=29776
Top
JMD
Advanced User
Advanced User
Posts: 1440
Joined: Wed Apr 15, 2009 10:07 am

Re: Need help with exploits.

Post by JMD »

Gries wrote:Probably this one too
viewtopic.php?f=77&t=29776
Nice thanks.
Gist by: JMD13
Index: java/com/l2jserver/gameserver/network/L2GameClient.java
===================================================================
--- java/com/l2jserver/gameserver/network/L2GameClient.java (revision 6670)
+++ java/com/l2jserver/gameserver/network/L2GameClient.java (working copy)
@@ -45,6 +45,7 @@
import com.l2jserver.gameserver.model.L2World;
import com.l2jserver.gameserver.model.actor.instance.L2PcInstance;
import com.l2jserver.gameserver.model.entity.L2Event;
+import com.l2jserver.gameserver.model.olympiad.Olympiad;
import com.l2jserver.gameserver.model.entity.TvTEvent;
import com.l2jserver.gameserver.network.serverpackets.L2GameServerPacket;
import com.l2jserver.gameserver.network.serverpackets.ServerClose;
@@ -651,6 +652,7 @@
|| (player.isInCraftMode() && Config.OFFLINE_CRAFT_ENABLE))
{
player.leaveParty();
+ Olympiad.getInstance().unRegisterNoble(getActiveChar());
if (Config.OFFLINE_SET_NAME_COLOR)
{
player.getAppearance().setNameColor(Config.OFFLINE_NAME_COLOR);
view raw gistfile1.java hosted with ❤ by GitHub
Top
User avatar
Gries
Posts: 307
Joined: Fri Jun 17, 2011 9:45 am

Re: Need help with exploits in CT2.4 (fixes inside)

Post by Gries »

It appears that L2jFree site is now down, can't check changes anymore now :cry:
Top
Post Reply

Return to “Off-Topic Discussion”