Core/QuestPOI: Mitigate possible DoS with CMSG_QUEST_POI_QUERY

Avoid sending POIs for same quest if the client somehow sent duplicates quest id in same CMSG_QUEST_POI_QUERY packet. This also reduce the effects of possible DoS and increases the difficulty to cause it.
Fix a typo which caused no quest POIs to be sent at all if the client queried data for 25 quests.

2 files changed, 11 insertions, 6 deletions

diff --git a/src/server/game/Handlers/QueryHandler.cpp b/src/server/game/Handlers/QueryHandler.cpp
index de08392b86a..dbcfb1c4970 100644
--- a/src/server/game/Handlers/QueryHandler.cpp
+++ b/src/server/game/Handlers/QueryHandler.cpp
@@ -405,19 +405,23 @@ void WorldSession::HandleQuestPOIQuery(WorldPacket& recvData)
     uint32 count;
     recvData >> count; // quest count, max=25
 
-    if (count >= MAX_QUEST_LOG_SIZE)
+    if (count > MAX_QUEST_LOG_SIZE)
     {
         recvData.rfinish();
         return;
     }
 
-    WorldPacket data(SMSG_QUEST_POI_QUERY_RESPONSE, 4+(4+4)*count);
-    data << uint32(count); // count
-
+    // Read quest ids and add the in a unordered_set so we don't send POIs for the same quest multiple times
+    std::unordered_set<uint32> questIds;
     for (uint32 i = 0; i < count; ++i)
+        questIds.insert(recvData.read<uint32>()); // quest id
+
+    WorldPacket data(SMSG_QUEST_POI_QUERY_RESPONSE, 4 + (4 + 4)*questIds.size());
+    data << uint32(questIds.size()); // count
+
+    for (auto itr = questIds.begin(); itr != questIds.end(); ++itr)
     {
-        uint32 questId;
-        recvData >> questId; // quest id
+        uint32 questId = *itr;
 
         bool questOk = false;
 
diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h
index 1b16ce88052..74d9584e711 100644
--- a/src/server/game/Server/WorldSession.h
+++ b/src/server/game/Server/WorldSession.h
@@ -32,6 +32,7 @@
 #include "WorldPacket.h"
 #include "Cryptography/BigNumber.h"
 #include "AccountMgr.h"
+#include <unordered_set>
 
 class Creature;
 class GameObject;