Merge pull request #35 from MikeIsAStar/ensure-that-invalid-items-can…

…-not-be-dropped [MKW] Ensure that invalid items can not be trailed nor dropped
WiiLink24 · Jan 19, 2024 · 2e38d9d · 2e38d9d
2 parents 507b86b + e86f55d
commit 2e38d9d
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 0 deletions.
diff --git a/payload/import/mkwItem.hpp b/payload/import/mkwItem.hpp
@@ -98,6 +98,32 @@ static bool CanTrailItem(ItemBox item)
     return !itemBehaviourTable[itemToTrail].useFunction;
 }
 
+static bool CanTrailItemObject(ItemObject itemObject)
+{
+    switch (itemObject) {
+    case ItemObject::GreenShell... ItemObject::Banana:
+    case ItemObject::FakeItemBox:
+    case ItemObject::Bob_omb: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
+static bool CanDropItemObject(ItemObject itemObject)
+{
+    switch (itemObject) {
+    case ItemObject::GreenShell... ItemObject::BulletBill: {
+        return true;
+    }
+    default: {
+        return false;
+    }
+    }
+}
+
 static bool IsHeldItemValidVS(ItemBox item)
 {
     switch (item) {

diff --git a/payload/import/mkwNet.hpp b/payload/import/mkwNet.hpp
@@ -232,6 +232,8 @@ class EVENTHandler
                 NoEvent = 0,
                 ItemUsed = 1,
                 ItemThrown = 2,
+                ItemHitTrailed = 3,
+                ItemDropped = 7,
             };
 
             bool isItemObjectValid() const
@@ -261,6 +263,12 @@ class EVENTHandler
                 case EventType::ItemThrown: {
                     return CanThrowItem(ItemObjectToItemBox(item));
                 }
+                case EventType::ItemHitTrailed: {
+                    return CanTrailItemObject(item);
+                }
+                case EventType::ItemDropped: {
+                    return CanDropItemObject(item);
+                }
                 default: {
                     return true;
                 }
@@ -278,6 +286,17 @@ class EVENTHandler
 
         static_assert(sizeof(EventInfo) == 0x01);
 
+        bool containsInvalidItemObject() const
+        {
+            for (size_t n = 0; n < sizeof(eventInfo); n++) {
+                if (!eventInfo[n].isItemObjectValid()) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+
         bool isValid(u8 packetSize) const
         {
             u32 expectedPacketSize = sizeof(eventInfo);

diff --git a/payload/wwfcSecurity.cpp b/payload/wwfcSecurity.cpp
@@ -439,6 +439,16 @@ static bool IsEVENTPacketDataValid(
     const EVENTHandler::Packet* eventPacket =
         reinterpret_cast<const EVENTHandler::Packet*>(packet);
 
+    // Always ensure that the packet does not contain any invalid item objects,
+    // as this can cause a buffer overflow to occur.
+    if (eventPacket->containsInvalidItemObject()) {
+        return false;
+    }
+
+    if (!RKNetController::Instance()->inVanillaMatch()) {
+        return true;
+    }
+
     if (!eventPacket->isValid(packetSize)) {
         return false;
     }