Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-20 09:17:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/QuestPOI: Mitigate possible DoS with CMSG_QUEST_POI_QUERY

Browse Source 
Avoid sending POIs for same quest if the client somehow sent duplicates quest id in same CMSG_QUEST_POI_QUERY packet. This also reduce the effects of possible DoS and increases the difficulty to cause it.
Fix a typo which caused no quest POIs to be sent at all if the client queried data for 25 quests.
This commit is contained in:
jackpoz
2014-06-01 13:33:46 +02:00
parent 6a54ed88c6
commit 70bd70080d
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/server/game/Handlers/QueryHandler.cpp
View File

@@ -405,19 +405,23 @@ void WorldSession::HandleQuestPOIQuery(WorldPacket& recvData)
uint32 count;
recvData >> count; // quest count, max=25
if (count >= MAX_QUEST_LOG_SIZE)
if (count > MAX_QUEST_LOG_SIZE)
{
recvData.rfinish();
return;
}
WorldPacket data(SMSG_QUEST_POI_QUERY_RESPONSE, 4+(4+4)*count);
data << uint32(count); // count
// Read quest ids and add the in a unordered_set so we don't send POIs for the same quest multiple times
std::unordered_set<uint32> questIds;
for (uint32 i = 0; i < count; ++i)
questIds.insert(recvData.read<uint32>()); // quest id
WorldPacket data(SMSG_QUEST_POI_QUERY_RESPONSE, 4 + (4 + 4)*questIds.size());
data << uint32(questIds.size()); // count
for (auto itr = questIds.begin(); itr != questIds.end(); ++itr)
{
uint32 questId;
recvData >> questId; // quest id
uint32 questId = *itr;
bool questOk = false;