Hello,
today there were attacks to several servers all using the same exploits.
I will not further explain the method used to attack these servers.
To fix it go to messenger_manager.cpp:
Search for the function MessengerManager::RemoveFromList
Replace it with this:
Also in guild_manager.cpp find the function CGuildManager::CreateGuild
Find:
Or:
And above this add:
Also replace
with
In
C++11 -> unique_ptr
Normal Metin2 Code -> auto_ptr
Credits go to ricky92 and WoM2
today there were attacks to several servers all using the same exploits.
I will not further explain the method used to attack these servers.
To fix it go to messenger_manager.cpp:
Search for the function MessengerManager::RemoveFromList
Replace it with this:
Codice:
void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
if (companion.empty())
return;
char companionEscaped[CHARACTER_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(companionEscaped, sizeof(companionEscaped), companion.c_str(), companion.length());
DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'",
get_table_postfix(), account.c_str(), companionEscaped);
__RemoveFromList(account, companion);
sys_log(1, "Messenger Remove %s %s", account.c_str(), companion.c_str());
TPacketGGMessenger pack;
pack.bHeader = HEADER_GG_MESSENGER_REMOVE;
strlcpy(pack.szAccount, account.c_str(), sizeof(pack.szAccount));
strlcpy(pack.szCompanion, companion.c_str(), sizeof(pack.szCompanion));
P2P_MANAGER::instance().Send(&pack, sizeof(TPacketGGMessenger));
}
Also in guild_manager.cpp find the function CGuildManager::CreateGuild
Find:
Codice:
std::unique_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), __escape_name));
Or:
Codice:
std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), gcp.name));
And above this add:
Codice:
static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));
Also replace
Codice:
get_table_postfix(), gcp.name
with
Codice:
get_table_postfix(), __escape_name
In
Codice:
std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), gcp.name));
C++11 -> unique_ptr
Normal Metin2 Code -> auto_ptr
Credits go to ricky92 and WoM2