Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-26 20:02:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/DBLayer: Prevent using prepared statements on wrong database

Browse Source 
(cherry picked from commit e8e89f58fb)

# Conflicts:
#	src/server/bnetserver/REST/LoginRESTService.cpp
#	src/server/bnetserver/Server/Session.cpp
#	src/server/database/Database/DatabaseWorkerPool.cpp
#	src/server/database/Database/Implementation/HotfixDatabase.h
#	src/server/database/Database/MySQLConnection.cpp
#	src/server/database/Database/MySQLConnection.h
#	src/server/database/Database/PreparedStatement.cpp
#	src/server/database/Database/PreparedStatement.h
#	src/server/database/Database/QueryHolder.cpp
#	src/server/database/Database/SQLOperation.h
#	src/server/database/Database/Transaction.h
#	src/server/game/Accounts/BattlenetAccountMgr.cpp
#	src/server/game/Achievements/AchievementMgr.cpp
#	src/server/game/AuctionHouse/AuctionHouseMgr.cpp
#	src/server/game/AuctionHouseBot/AuctionHouseBot.cpp
#	src/server/game/AuctionHouseBot/AuctionHouseBotBuyer.cpp
#	src/server/game/BattlePets/BattlePetMgr.cpp
#	src/server/game/Battlegrounds/ArenaTeam.cpp
#	src/server/game/BlackMarket/BlackMarketMgr.cpp
#	src/server/game/Chat/Channels/Channel.cpp
#	src/server/game/Entities/Corpse/Corpse.cpp
#	src/server/game/Entities/Creature/Creature.cpp
#	src/server/game/Entities/GameObject/GameObject.cpp
#	src/server/game/Entities/Item/Item.cpp
#	src/server/game/Entities/Pet/Pet.cpp
#	src/server/game/Entities/Player/CollectionMgr.cpp
#	src/server/game/Entities/Player/Player.cpp
#	src/server/game/Garrison/Garrison.cpp
#	src/server/game/Globals/ObjectMgr.cpp
#	src/server/game/Groups/Group.cpp
#	src/server/game/Guilds/Guild.cpp
#	src/server/game/Guilds/GuildFinderMgr.cpp
#	src/server/game/Guilds/GuildMgr.cpp
#	src/server/game/Handlers/AuctionHouseHandler.cpp
#	src/server/game/Handlers/CharacterHandler.cpp
#	src/server/game/Handlers/ItemHandler.cpp
#	src/server/game/Handlers/MailHandler.cpp
#	src/server/game/Handlers/MiscHandler.cpp
#	src/server/game/Handlers/PetitionsHandler.cpp
#	src/server/game/Handlers/SpellHandler.cpp
#	src/server/game/Handlers/TicketHandler.cpp
#	src/server/game/Loot/Loot.cpp
#	src/server/game/Mails/Mail.cpp
#	src/server/game/Maps/Map.cpp
#	src/server/game/Movement/Waypoints/WaypointManager.cpp
#	src/server/game/OutdoorPvP/OutdoorPvP.cpp
#	src/server/game/Pools/PoolMgr.cpp
#	src/server/game/Quests/QuestObjectiveCriteriaMgr.cpp
#	src/server/game/Reputation/ReputationMgr.cpp
#	src/server/game/Scenarios/InstanceScenario.cpp
#	src/server/game/Server/WorldSession.cpp
#	src/server/game/Server/WorldSocket.cpp
#	src/server/game/Spells/SpellHistory.cpp
#	src/server/game/Support/SupportMgr.cpp
#	src/server/game/Tools/PlayerDump.cpp
#	src/server/game/World/World.cpp
#	src/server/scripts/Commands/cs_account.cpp
#	src/server/scripts/Commands/cs_ban.cpp
#	src/server/scripts/Commands/cs_battlenet_account.cpp
#	src/server/scripts/Commands/cs_group.cpp
#	src/server/scripts/Commands/cs_lfg.cpp
#	src/server/scripts/Commands/cs_list.cpp
#	src/server/scripts/Commands/cs_message.cpp
#	src/server/scripts/Commands/cs_misc.cpp
#	src/server/scripts/Commands/cs_npc.cpp
#	src/server/scripts/Commands/cs_tele.cpp
#	src/server/scripts/Commands/cs_wp.cpp
#	src/server/shared/DataStores/DB2DatabaseLoader.cpp
#	src/server/shared/Realm/RealmList.cpp
This commit is contained in:
Shauren
2019-07-27 01:00:37 +02:00
committed by Giacomo Pozzoni
parent f880132bb9
commit fe1003bdbd
86 changed files with 508 additions and 483 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/server/authserver/Server/AuthSession.cpp
View File

@@ -172,7 +172,7 @@ void AuthSession::Start()
std::string ip_address = GetRemoteIpAddress().to_string();
TC_LOG_TRACE("session", "Accepted connection from %s", ip_address.c_str());
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
stmt->setString(0, ip_address);
_queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::CheckIpCallback, this, std::placeholders::_1)));
@@ -305,7 +305,7 @@ bool AuthSession::HandleLogonChallenge()
_localizationName[i] = challenge->country[4 - i - 1];
// Get the account details from the account table
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, login);
_queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::LogonChallengeCallback, this, std::placeholders::_1)));
@@ -602,7 +602,7 @@ bool AuthSession::HandleLogonProof()
// Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
LoginDatabasePreparedStatement*stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
stmt->setString(0, K.AsHexStr());
stmt->setString(1, GetRemoteIpAddress().to_string());
stmt->setUInt32(2, GetLocaleByName(_localizationName));
@@ -660,7 +660,7 @@ bool AuthSession::HandleLogonProof()
// We can not include the failed account login hook. However, this is a workaround to still log this.
if (sConfigMgr->GetBoolDefault("WrongPass.Logging", false))
{
PreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
LoginDatabasePreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
logstmt->setUInt32(0, _accountInfo.Id);
logstmt->setString(1, GetRemoteIpAddress().to_string());
logstmt->setString(2, "Logged on failed AccountLogin due wrong password");
@@ -671,7 +671,7 @@ bool AuthSession::HandleLogonProof()
if (MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
stmt->setString(0, _accountInfo.Login);
LoginDatabase.Execute(stmt);
@@ -733,7 +733,7 @@ bool AuthSession::HandleReconnectChallenge()
_localizationName[i] = challenge->country[4 - i - 1];
// Get the account details from the account table
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
stmt->setString(0, login);
_queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::ReconnectChallengeCallback, this, std::placeholders::_1)));
@@ -817,7 +817,7 @@ bool AuthSession::HandleRealmList()
{
TC_LOG_DEBUG("server.authserver", "Entering _HandleRealmList");
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS);
stmt->setUInt32(0, _accountInfo.Id);
_queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::RealmListCallback, this, std::placeholders::_1)));
@@ -948,7 +948,7 @@ void AuthSession::SetVSFields(const std::string& rI)
v = g.ModExp(x, N);
// No SQL injection (username escaped)
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
stmt->setString(0, v.AsHexStr());
stmt->setString(1, s.AsHexStr());
stmt->setString(2, _accountInfo.Login);