Guard against GetEntByIndex read out of bounds (#191)

* Guard against GetEntByIndex read out of bounds

* Move to ExploitFixes.cpp

* format

* Log out of bounds access

1 files changed, 20 insertions, 2 deletions

diff --git a/NorthstarDedicatedTest/ExploitFixes.cpp b/NorthstarDedicatedTest/ExploitFixes.cpp
index db754ad5..277475f6 100644
--- a/NorthstarDedicatedTest/ExploitFixes.cpp
+++ b/NorthstarDedicatedTest/ExploitFixes.cpp
@@ -347,6 +347,21 @@ KHOOK(
 	return oCrashFunc_ParseUTF8(a1, a2, strData);
 }
 
+// GetEntByIndex (called by ScriptGetEntByIndex) doesn't check for the index being out of bounds when it's
+// above the max entity count. This allows it to be used to crash servers.
+typedef void*(__fastcall* GetEntByIndexType)(int idx);
+GetEntByIndexType GetEntByIndex;
+
+static void* GetEntByIndexHook(int idx)
+{
+	if (idx >= 0x4000)
+	{
+		spdlog::info("GetEntByIndex {} is out of bounds", idx);
+		return nullptr;
+	}
+	return GetEntByIndex(idx);
+}
+
 //////////////////////////////////////////////////
 
 void DoBytePatches()
@@ -394,7 +409,7 @@ void DoBytePatches()
 	}
 }
 
-void ExploitFixes::LoadCallback(HMODULE unused)
+void ExploitFixes::LoadCallback(HMODULE baseAddress)
 {
 	spdlog::info("ExploitFixes::LoadCallback ...");
 
@@ -416,4 +431,7 @@ void ExploitFixes::LoadCallback(HMODULE unused)
 
 	ns_exploitfixes_log =
 		new ConVar("ns_exploitfixes_log", "1", FCVAR_GAMEDLL, "Whether to log whenever ExploitFixes.cpp blocks/corrects something");
-}
\ No newline at end of file
+
+	HookEnabler hook;
+	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2a8a50, &GetEntByIndexHook, reinterpret_cast<LPVOID*>(&GetEntByIndex));
+}