From d760c06ff41b39d42ccf084a8a0dda12ff4d321c Mon Sep 17 00:00:00 2001
From: Ziggy <ziggyswg@outlook.com>
Date: Sat, 3 Sep 2022 08:08:15 +0200
Subject: [PATCH] Fixed a couple of image design packets having too few bytes
 allocated, causing a buffer overflow

---
 .../object_controller/ImageDesignChangeMessage.kt   | 13 ++++++++++++-
 .../zone/object_controller/ImageDesignEndMessage.kt | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignChangeMessage.kt b/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignChangeMessage.kt
index 3d21b32..89d8bc5 100644
--- a/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignChangeMessage.kt
+++ b/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignChangeMessage.kt
@@ -61,7 +61,18 @@ class ImageDesignChangeMessage : ObjectController {
 	}
 
 	override fun encode(): NetBuffer {
-		val data = NetBuffer.allocate(HEADER_LENGTH + 26)
+		val booleanBytes = 3
+		var morphParametersSize = Integer.BYTES
+		for (morphParameter in morphParameters) {
+			morphParametersSize += morphParameter.length
+		}
+		var indexParametersSize = Integer.BYTES
+		for (indexParameter in indexParameters) {
+			indexParametersSize += indexParameter.length
+		}
+		val holoemoteLength = 2 + holoemote.length
+		val hairLength = 2 + hair.length
+		val data = NetBuffer.allocate(HEADER_LENGTH + Long.SIZE_BYTES * 3 + booleanBytes + Integer.BYTES * 9 + hairLength + hairCustomization.length + morphParametersSize + indexParametersSize + holoemoteLength)
 		encodeHeader(data)
 		data.addLong(designerId)
 		data.addLong(clientId)
diff --git a/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignEndMessage.kt b/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignEndMessage.kt
index 5a969be..7d8b552 100644
--- a/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignEndMessage.kt
+++ b/src/main/java/com/projectswg/common/network/packets/swg/zone/object_controller/ImageDesignEndMessage.kt
@@ -61,7 +61,18 @@ class ImageDesignEndMessage : ObjectController {
 	}
 
 	override fun encode(): NetBuffer {
-		val data = NetBuffer.allocate(HEADER_LENGTH + 26)
+		val booleanBytes = 3
+		var morphParametersSize = Integer.BYTES
+		for (morphParameter in morphParameters) {
+			morphParametersSize += morphParameter.length
+		}
+		var indexParametersSize = Integer.BYTES
+		for (indexParameter in indexParameters) {
+			indexParametersSize += indexParameter.length
+		}
+		val holoemoteLength = 2 + holoemote.length
+		val hairLength = 2 + hair.length
+		val data = NetBuffer.allocate(HEADER_LENGTH + Long.SIZE_BYTES * 3 + booleanBytes + Integer.BYTES * 9 + hairLength + hairCustomization.length + morphParametersSize + indexParametersSize + holoemoteLength)
 		encodeHeader(data)
 		data.addLong(designerId)
 		data.addLong(clientId)