Ladmin4v2 Exploit patch - Printable Version

Ladmin4v2 Exploit patch - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: Ladmin4v2 Exploit patch (/showthread.php?tid=98910)

Ladmin4v2 Exploit patch - FrostBytez - 24.09.2009

After experiencing some idiot hackers on my server i found out that LADMIN has an exploit in it,

On report there's a strval bug that if you put more than 50+ characters it crashes the pawn runtime disables commands,
For example: /report 99999999999999999999999999999999999999999999999999 9

So i'd though i'd help out by releasing just this snippet of code to patch the exploit.

Pawno:
Replace code from Line 3183 to 3187
With THIS CODE:

Код:

dcmd_report(playerid,params[]) {
  if(strlen(params) > 40) return 1;
  new reported, tmp[256], tmp2[256], Index;		tmp = strtok(params,Index), tmp2 = strtok(params,Index);
  if(!strlen(params)) return SendClientMessage(playerid, red, "USAGE: /report [playerid] [reason]");
	reported = strval(tmp);

I'd HIGHLY recommend you update your code if you're using LADMIN otherwise you are in serious danger if you have a popular server.

=Credits=
Script, Of course - LethaL
Patch code - Zezombia.
Posting/Informatics - FrostBytez

Re: LadminV4 Exploit patch - FrostBytez - 24.09.2009

Also, Just in,
If you have /givecash on your server and it's using strval add this code above the first "if("

Код:

if(strlen(params) > 40) return 1;

Re: LadminV4 Exploit patch - Correlli - 24.09.2009

Or just use this code (if you're converting string to an integer):

pawn Код:

stock strvalEx(const string[]) // credits to the one who made this function.
{
  if(strlen(string) > 40) return 0;
  return strval(string);
}