Validate entity index of bounds for set values of edict/pev/pvdata

rehlds · Aug 5, 2024 · 8f9e7c1 · 8f9e7c1
1 parent 472d279
commit 8f9e7c1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/reapi/src/natives/natives_helper.h b/reapi/src/natives/natives_helper.h
@@ -11,6 +11,8 @@
 #define CHECK_INSTANCE_OF(x, y)         if (unlikely(dynamic_cast<x *>((x::BaseClass *)y) == nullptr)) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: invalid entity %d ('%s'), is not an instance of the base class '%s'", __FUNCTION__, indexOfEdict(y->pev), STRING(y->pev->classname), #x); return FALSE; }
 #define CHECK_REQUIREMENTS(x)           if (unlikely(!api_cfg.has##x())) { AMXX_LogError(amx, AMX_ERR_NATIVE, "Native '%s' is not available, %s required.", __FUNCTION__, #x); return FALSE; } if (!g_RehldsMessageManager) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: %s message manager not initialized.", __FUNCTION__, #x); return FALSE; }
 
+#define ENTITY_VALIDATE(x)              if (unlikely(x < 0 || x > gpGlobals->maxEntities)) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: invalid entity index %i", __FUNCTION__, x); return FALSE; }
+
 class CAmxArg
 {
 public:

diff --git a/reapi/src/natives/natives_members.cpp b/reapi/src/natives/natives_members.cpp
@@ -939,13 +939,15 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 	switch (member->type) {
 	case MEMBER_CLASSPTR:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			CBaseEntity *pEntity = getPrivate<CBaseEntity>(*value);
 			set_member<CBaseEntity *>(pdata, member->offset, pEntity, element);
 			return TRUE;
 		}
 	case MEMBER_EHANDLE:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			EHANDLE& ehandle = get_member<EHANDLE>(pdata, member->offset, element);
 			edict_t *pEdictValue = edictByIndexAmx(*value);
@@ -954,13 +956,15 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 		}
 	case MEMBER_EDICT:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			edict_t *pEdictValue = edictByIndexAmx(*value);
 			set_member<edict_t *>(pdata, member->offset, pEdictValue, element);
 			return TRUE;
 		}
 	case MEMBER_EVARS:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			entvars_t *pev = PEV(*value);
 			set_member<entvars_t *>(pdata, member->offset, pev, element);