From 8f9e7c16cb950581248bf771f27109f024161a63 Mon Sep 17 00:00:00 2001
From: s1lentq <s1lentsk@yandex.ru>
Date: Mon, 5 Aug 2024 19:14:36 +0700
Subject: [PATCH] Validate entity index of bounds for set values of
 edict/pev/pvdata

---
 reapi/src/natives/natives_helper.h    | 2 ++
 reapi/src/natives/natives_members.cpp | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/reapi/src/natives/natives_helper.h b/reapi/src/natives/natives_helper.h
index 7ae53d8..efc5ac0 100644
--- a/reapi/src/natives/natives_helper.h
+++ b/reapi/src/natives/natives_helper.h
@@ -11,6 +11,8 @@
 #define CHECK_INSTANCE_OF(x, y)         if (unlikely(dynamic_cast<x *>((x::BaseClass *)y) == nullptr)) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: invalid entity %d ('%s'), is not an instance of the base class '%s'", __FUNCTION__, indexOfEdict(y->pev), STRING(y->pev->classname), #x); return FALSE; }
 #define CHECK_REQUIREMENTS(x)           if (unlikely(!api_cfg.has##x())) { AMXX_LogError(amx, AMX_ERR_NATIVE, "Native '%s' is not available, %s required.", __FUNCTION__, #x); return FALSE; } if (!g_RehldsMessageManager) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: %s message manager not initialized.", __FUNCTION__, #x); return FALSE; }
 
+#define ENTITY_VALIDATE(x)              if (unlikely(x < 0 || x > gpGlobals->maxEntities)) { AMXX_LogError(amx, AMX_ERR_NATIVE, "%s: invalid entity index %i", __FUNCTION__, x); return FALSE; }
+
 class CAmxArg
 {
 public:
diff --git a/reapi/src/natives/natives_members.cpp b/reapi/src/natives/natives_members.cpp
index 1819010..2ebf939 100644
--- a/reapi/src/natives/natives_members.cpp
+++ b/reapi/src/natives/natives_members.cpp
@@ -939,6 +939,7 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 	switch (member->type) {
 	case MEMBER_CLASSPTR:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			CBaseEntity *pEntity = getPrivate<CBaseEntity>(*value);
 			set_member<CBaseEntity *>(pdata, member->offset, pEntity, element);
@@ -946,6 +947,7 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 		}
 	case MEMBER_EHANDLE:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			EHANDLE& ehandle = get_member<EHANDLE>(pdata, member->offset, element);
 			edict_t *pEdictValue = edictByIndexAmx(*value);
@@ -954,6 +956,7 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 		}
 	case MEMBER_EDICT:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			edict_t *pEdictValue = edictByIndexAmx(*value);
 			set_member<edict_t *>(pdata, member->offset, pEdictValue, element);
@@ -961,6 +964,7 @@ cell set_member(AMX *amx, void* pdata, const member_t *member, cell* value, size
 		}
 	case MEMBER_EVARS:
 		{
+			ENTITY_VALIDATE(*value);
 			// native set_member(_index, any:_member, _value, _elem);
 			entvars_t *pev = PEV(*value);
 			set_member<entvars_t *>(pdata, member->offset, pev, element);