Merge pull request #33 from MikeIsAStar/further-validate-the-size-of-…

…event-packets [MKW] Further validate the size of 'EVENT' packets
WiiLink24 · Jan 14, 2024 · 9fe6741 · 9fe6741
2 parents 70fc94e + aaa3e3e
commit 9fe6741
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 32 deletions.
diff --git a/payload/import/mkwNet.hpp b/payload/import/mkwNet.hpp
@@ -141,6 +141,21 @@ class USERHandler
 {
 public:
     struct Packet {
+        bool isMiiGroupCountValid() const
+        {
+            return miiGroupCount == maxMiis;
+        }
+
+        bool isVersusRatingValid() const
+        {
+            return vr >= minRating && vr <= maxRating;
+        }
+
+        bool isBattleRatingValid() const
+        {
+            return br >= minRating && br <= maxRating;
+        }
+
         /* 0x00 */ u32 miiGroupBitflags;
         /* 0x04 */ u16 miiGroupCount;
         /* 0x06 */ u16 _0x06;
@@ -158,21 +173,6 @@ class USERHandler
         /* 0xBD */ u8 regionId;
         /* 0xBE */ u16 _0xBE;
 
-        bool isMiiGroupCountValid() const
-        {
-            return miiGroupCount == maxMiis;
-        }
-
-        bool isVersusRatingValid() const
-        {
-            return vr >= minRating && vr <= maxRating;
-        }
-
-        bool isBattleRatingValid() const
-        {
-            return br >= minRating && br <= maxRating;
-        }
-
     private:
         static const u16 maxMiis = 2;
         static const u16 minRating = 1;
@@ -226,34 +226,55 @@ static_assert(sizeof(ITEMHandler) == 0x184);
 class EVENTHandler
 {
 public:
-    struct EventInfo {
-        /* 0x00 */ u8 : 3;
-        /* 0x00 */ u8 itemObject : 5;
-    };
+    struct Packet {
+        struct EventInfo {
+            bool isItemObjectValid() const
+            {
+                using namespace mkw::Item;
 
-    static_assert(sizeof(EventInfo) == 0x01);
+                return IsItemObjectValid(static_cast<ItemObject>(itemObject));
+            }
 
-    struct Packet {
-        /* 0x00 */ EventInfo eventInfo[0x18];
-        /* 0x18 */ u8 _18[0xF8 - 0x18];
+            u8 getEventDataSize() const
+            {
+                return GetEventDataSize(itemObject, eventType);
+            }
+
+            /* 0x00 */ u8 eventType : 3;
+            /* 0x00 */ u8 itemObject : 5;
+        };
 
-        bool isEventInfoValid() const
+        static_assert(sizeof(EventInfo) == 0x01);
+
+        bool isValid(u8 packetSize) const
         {
-            for (size_t n = 0; n < sizeof(eventInfo); n++) {
-                mkw::Item::ItemObject itemObject =
-                    static_cast<mkw::Item::ItemObject>(eventInfo[n].itemObject);
+            u32 expectedPacketSize = sizeof(eventInfo);
 
-                if (!mkw::Item::IsItemObjectValid(itemObject)) {
+            for (size_t n = 0; n < sizeof(eventInfo); n++) {
+                if (!eventInfo[n].isItemObjectValid()) {
                     return false;
                 }
+
+                expectedPacketSize += eventInfo[n].getEventDataSize();
             }
 
-            return true;
+            return expectedPacketSize == packetSize;
         }
+
+        /* 0x00 */ EventInfo eventInfo[0x18];
+        /* 0x18 */ u8 _18[0xF8 - 0x18];
     };
 
     static_assert(sizeof(Packet) == 0xF8);
 
+    static u8 GetEventDataSize(u8 itemObject, u8 eventType)
+    {
+        LONGCALL u8 GetEventDataSize(u8 itemObject, u8 eventType)
+            AT(RMCXD_PORT(0x8079D76C, 0x80794760, 0x8079CDD8, 0x8078BB2C));
+
+        return GetEventDataSize(itemObject, eventType);
+    }
+
     static EVENTHandler* Instance()
     {
         return s_instance;

diff --git a/payload/wwfcSecurity.cpp b/payload/wwfcSecurity.cpp
@@ -200,7 +200,7 @@ IsPacketSizeValid(mkw::Net::RACEPacket::EType packetType, u8 packetSize)
         return true;
     }
     case RACEPacket::EVENT: {
-        if (packetSize < 0x18 ||
+        if (packetSize < sizeof(EVENTHandler::Packet::eventInfo) ||
             packetSize > packetBufferSizes[RACEPacket::EVENT]) {
             return false;
         }
@@ -424,15 +424,22 @@ IsITEMPacketDataValid(const void* packet, u8 packetSize, u8 /* playerAid */)
 }
 
 static bool IsEVENTPacketDataValid(
-    const void* packet, u8 /* packetSize */, u8 /* playerAid */
+    const void* packet, u8 packetSize, u8 /* playerAid */
 )
 {
     using namespace mkw::Net;
+    using namespace mkw::System;
+
+    if (static_cast<RKScene::SceneID>(
+            RKSystem::Instance().sceneManager()->getCurrentSceneID()
+        ) != RKScene::SceneID::Race) {
+        return true;
+    }
 
     const EVENTHandler::Packet* eventPacket =
         reinterpret_cast<const EVENTHandler::Packet*>(packet);
 
-    if (!eventPacket->isEventInfoValid()) {
+    if (!eventPacket->isValid(packetSize)) {
         return false;
     }