Don't allow stringcmd's if client isn't active

Potential exploit vector, executing stringcmd's during signon states where it shouldn't be used.
2025-02-09 19:15:03 +01:00 · 2023-08-08 19:25:12 +02:00 · 2023-08-08 19:25:12 +02:00 · 30031e3275
commit 30031e3275
parent 9a9d6b290a
1 changed files with 5 additions and 0 deletions
--- a/r5dev/engine/client/client.cpp
+++ b/r5dev/engine/client/client.cpp
@ -167,6 +167,11 @@ bool CClient::VProcessStringCmd(CClient* pClient, NET_StringCmd* pMsg)
 	char* pShifted = reinterpret_cast<char*>(pClient) - 8;
 	CClient* pClient_Adj = reinterpret_cast<CClient*>(pShifted);
 #endif // !GAMEDLL_S0 || !GAMEDLL_S1
+
+	// Jettison the cmd if the client isn't active.
+	if (!pClient_Adj->IsActive())
+		return true;
+
 	int nUserID = pClient_Adj->GetUserID();
 	ServerPlayer_t* pSlot = &g_ServerPlayer[nUserID];