Need help with exploits in CT2.4 (fixes inside)
Posted: Sat Mar 14, 2015 6:33 pm
Does anyone know what critical exploits have show up from Epilogue till now? Or at least help me in any way to find them?
L2J Server Discussion Board
https://l2jserver.com/forum/
Here you go:JMD wrote:i know about it but since the old trac is password protected now i cant look at the diffs.
Code: Select all
Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java (revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/AuthLogin.java (revision 6477)
@@ -72,7 +72,14 @@
if (client.getAccountName() == null)
{
- client.setAccountName(_loginName);
- LoginServerThread.getInstance().addGameServerLogin(_loginName, client);
- LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+ // Preventing duplicate login in case client login server socket was disconnected or this packet was not sent yet
+ if (LoginServerThread.getInstance().addGameServerLogin(_loginName, client))
+ {
+ client.setAccountName(_loginName);
+ LoginServerThread.getInstance().addWaitingClientAndSendRequest(_loginName, client, key);
+ }
+ else
+ {
+ client.close((L2GameServerPacket) null);
+ }
}
}
Index: /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java
===================================================================
--- /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java (revision 6365)
+++ /branches/unstable/L2J_Server_BETA/java/com/l2jserver/gameserver/LoginServerThread.java (revision 6477)
@@ -462,8 +462,9 @@
* @param account the account
* @param client the client
- */
- public void addGameServerLogin(String account, L2GameClient client)
- {
- _accountsInGameServer.put(account, client);
+ * @return {@code true} if account was not already logged in, {@code false} otherwise
+ */
+ public boolean addGameServerLogin(String account, L2GameClient client)
+ {
+ return _accountsInGameServer.putIfAbsent(account, client) == null;