Core/LFG: Sanitize LFG roles sent by clients

(cherry picked from commit 3778f23c579ad1050c2b985b5f42b365a7736c24)
author: jackpoz <giacomopoz@gmail.com> 2020-06-21 20:19:11 +0200
committer: Shauren <shauren.trinity@gmail.com> 2022-01-06 23:31:40 +0100
commit: 4431df1f136372319dd6f73c4d28c4e0ef0dcb2c (patch)
tree: c96d8e9c71b40a18e9c1f019c766f3bfe8b0155e /src/server/game/DungeonFinding/LFGMgr.cpp
parent: 959e84e715fb4a47e66c0df5c35e820d5d6bc0c3 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/server/game/DungeonFinding/LFGMgr.cpp b/src/server/game/DungeonFinding/LFGMgr.cpp
index 69820676e53..0bb2c62d2b6 100644
--- a/src/server/game/DungeonFinding/LFGMgr.cpp
+++ b/src/server/game/DungeonFinding/LFGMgr.cpp
@@ -397,6 +397,13 @@ void LFGMgr::JoinLfg(Player* player, uint8 roles, LfgDungeonSet& dungeons)
     if (!player || !player->GetSession() || dungeons.empty())
         return;
 
+    // At least 1 role must be selected
+    if (!(roles & (PLAYER_ROLE_TANK | PLAYER_ROLE_HEALER | PLAYER_ROLE_DAMAGE)))
+        return;
+
+    // Sanitize input roles
+    roles &= PLAYER_ROLE_ANY;
+
     Group* grp = player->GetGroup();
     ObjectGuid guid = player->GetGUID();
     ObjectGuid gguid = grp ? grp->GetGUID() : guid;
@@ -716,6 +723,9 @@ void LFGMgr::UpdateRoleCheck(ObjectGuid gguid, ObjectGuid guid /* = ObjectGuid::
     if (itRoleCheck == RoleChecksStore.end())
         return;
 
+    // Sanitize input roles
+    roles &= PLAYER_ROLE_ANY;
+
     LfgRoleCheck& roleCheck = itRoleCheck->second;
     bool sendRoleChosen = roleCheck.state != LFG_ROLECHECK_DEFAULT && !guid.IsEmpty();
author	jackpoz <giacomopoz@gmail.com>	2020-06-21 20:19:11 +0200
committer	Shauren <shauren.trinity@gmail.com>	2022-01-06 23:31:40 +0100
commit	4431df1f136372319dd6f73c4d28c4e0ef0dcb2c (patch)
tree	c96d8e9c71b40a18e9c1f019c766f3bfe8b0155e /src/server/game/DungeonFinding/LFGMgr.cpp
parent	959e84e715fb4a47e66c0df5c35e820d5d6bc0c3 (diff)