fix(modtool): validate report payloads

2026-06-20 15:36:17 +00:00 · 2026-06-15 20:01:34 +02:00
parent 8ba9132e7e
commit 044d1141cd
9 changed files with 196 additions and 11 deletions
@@ -0,0 +1,30 @@
+package com.eu.habbo.messages.incoming.modtool;
+
+final class ModToolReportInputGuard {
+    static final int MAX_REPORT_MESSAGE_LENGTH = 1000;
+    static final int MAX_PRIVATE_CHAT_LOGS = 100;
+    static final int MAX_PRIVATE_CHAT_MESSAGE_LENGTH = 500;
+
+    private ModToolReportInputGuard() {
+    }
+
+    static String normalize(String value) {
+        return value == null ? "" : value.trim();
+    }
+
+    static boolean isValidReportMessage(String value) {
+        return value != null && !value.isEmpty() && value.length() <= MAX_REPORT_MESSAGE_LENGTH;
+    }
+
+    static boolean isValidChatLogMessage(String value) {
+        return value != null && value.length() <= MAX_PRIVATE_CHAT_MESSAGE_LENGTH;
+    }
+
+    static boolean isValidPrivateChatLogCount(int count) {
+        return count > 0 && count <= MAX_PRIVATE_CHAT_LOGS;
+    }
+
+    static boolean isPositiveId(int id) {
+        return id > 0;
+    }
+}
@@ -14,7 +14,7 @@ import java.util.ArrayList;
 public class ReportBullyEvent extends MessageHandler {
    @Override
    public void handle() throws Exception {
-        if (this.client.getHabbo().getHabboStats().allowTalk()) {
+        if (!this.client.getHabbo().getHabboStats().allowTalk()) {
            this.client.sendResponse(new HelperRequestDisabledComposer());
            return;
        }
@@ -22,7 +22,9 @@ public class ReportBullyEvent extends MessageHandler {
        int userId = this.packet.readInt();
        int roomId = this.packet.readInt();

-        if (userId == this.client.getHabbo().getHabboInfo().getId()) {
+        if (!ModToolReportInputGuard.isPositiveId(userId) ||
+                !ModToolReportInputGuard.isPositiveId(roomId) ||
+                userId == this.client.getHabbo().getHabboInfo().getId()) {
            return;
        }

@@ -17,7 +17,15 @@ public class ReportCommentEvent extends MessageHandler {
        int threadId = this.packet.readInt();
        int commentId = this.packet.readInt();
        int topicId = this.packet.readInt();
-        String message = this.packet.readString();
+        String message = ModToolReportInputGuard.normalize(this.packet.readString());
+
+        if (!ModToolReportInputGuard.isPositiveId(groupId) ||
+                !ModToolReportInputGuard.isPositiveId(threadId) ||
+                !ModToolReportInputGuard.isPositiveId(commentId) ||
+                !ModToolReportInputGuard.isPositiveId(topicId) ||
+                !ModToolReportInputGuard.isValidReportMessage(message)) {
+            return;
+        }

        CfhTopic topic = Emulator.getGameEnvironment().getModToolManager().getCfhTopic(topicId);

@@ -21,12 +21,26 @@ public class ReportEvent extends MessageHandler {
            return;
        }

-        String message = this.packet.readString();
+        String message = ModToolReportInputGuard.normalize(this.packet.readString());
        int topic = this.packet.readInt();
        int userId = this.packet.readInt();
        int roomId = this.packet.readInt();
        this.packet.readInt();

+        if (!ModToolReportInputGuard.isValidReportMessage(message) ||
+                topic <= 0 ||
+                (userId != -1 && !ModToolReportInputGuard.isPositiveId(userId)) ||
+                !ModToolReportInputGuard.isPositiveId(roomId) ||
+                userId == this.client.getHabbo().getHabboInfo().getId()) {
+            return;
+        }
+
+        CfhTopic cfhTopic = Emulator.getGameEnvironment().getModToolManager().getCfhTopic(topic);
+
+        if (cfhTopic == null) {
+            return;
+        }
+
        Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId);
        List<ModToolIssue> issues = Emulator.getGameEnvironment().getModToolManager().openTicketsForHabbo(this.client.getHabbo());
        if (!issues.isEmpty()) {
@@ -35,8 +49,6 @@ public class ReportEvent extends MessageHandler {
            return;
        }

-        CfhTopic cfhTopic = Emulator.getGameEnvironment().getModToolManager().getCfhTopic(topic);
-
        if (userId != -1) {
            Habbo reported = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);

@@ -117,4 +129,4 @@ public class ReportEvent extends MessageHandler {

        }
    }
-}
+}
@@ -21,12 +21,20 @@ public class ReportFriendPrivateChatEvent extends MessageHandler {
            return;
        }

-        String message = this.packet.readString();
+        String message = ModToolReportInputGuard.normalize(this.packet.readString());
        int category = this.packet.readInt();
        int userId = this.packet.readInt();
        int count = this.packet.readInt();
        ArrayList<ModToolChatLog> chatLogs = new ArrayList<>();

+        if (!ModToolReportInputGuard.isValidReportMessage(message) ||
+                category <= 0 ||
+                !ModToolReportInputGuard.isPositiveId(userId) ||
+                userId == this.client.getHabbo().getHabboInfo().getId() ||
+                !ModToolReportInputGuard.isValidPrivateChatLogCount(count)) {
+            return;
+        }
+
        HabboInfo info;
        Habbo target = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
        if (target != null) {
@@ -37,11 +45,17 @@ public class ReportFriendPrivateChatEvent extends MessageHandler {

        if (info == null) return;

-        for (int i = 0; i < Math.min(count, 100); i++) {
+        for (int i = 0; i < count; i++) {
            int chatUserId = this.packet.readInt();
            String username = this.packet.readInt() == info.getId() ? info.getUsername() : this.client.getHabbo().getHabboInfo().getUsername();
+            String chatMessage = ModToolReportInputGuard.normalize(this.packet.readString());

-            chatLogs.add(new ModToolChatLog(0, chatUserId, username, this.packet.readString()));
+            if (!ModToolReportInputGuard.isPositiveId(chatUserId) ||
+                    !ModToolReportInputGuard.isValidChatLogMessage(chatMessage)) {
+                return;
+            }
+
+            chatLogs.add(new ModToolChatLog(0, chatUserId, username, chatMessage));
        }

        ModToolIssue issue = new ModToolIssue(this.client.getHabbo().getHabboInfo().getId(), this.client.getHabbo().getHabboInfo().getUsername(), userId, info.getUsername(), 0, message, ModToolTicketType.IM);
@@ -28,6 +28,12 @@ public class ReportPhotoEvent extends MessageHandler {
        int topicId = this.packet.readInt();
        int itemId = this.packet.readInt();

+        if (!ModToolReportInputGuard.isPositiveId(roomId) ||
+                !ModToolReportInputGuard.isPositiveId(topicId) ||
+                !ModToolReportInputGuard.isPositiveId(itemId)) {
+            return;
+        }
+
        CfhTopic topic = Emulator.getGameEnvironment().getModToolManager().getCfhTopic(topicId);

        if (topic == null) return;
@@ -16,7 +16,14 @@ public class ReportThreadEvent extends MessageHandler {
        int groupId = this.packet.readInt();
        int threadId = this.packet.readInt();
        int topicId = this.packet.readInt();
-        String message = this.packet.readString();
+        String message = ModToolReportInputGuard.normalize(this.packet.readString());
+
+        if (!ModToolReportInputGuard.isPositiveId(groupId) ||
+                !ModToolReportInputGuard.isPositiveId(threadId) ||
+                !ModToolReportInputGuard.isPositiveId(topicId) ||
+                !ModToolReportInputGuard.isValidReportMessage(message)) {
+            return;
+        }

        CfhTopic topic = Emulator.getGameEnvironment().getModToolManager().getCfhTopic(topicId);