Core/Channels: fixed possible exploit with channel password

You were able to setup longer password than you can write into the dialog window. Limit in dialog is 31 chars, in DB is varchar(32) but there was no limit in command /pass <channel> <password>, so that was the problem.
author: MitchesD <majklprofik@seznam.cz> 2014-08-24 23:54:28 +0200
committer: MitchesD <majklprofik@seznam.cz> 2014-08-24 23:54:28 +0200
commit: 80cde8aa105290c3f1b5dfb022d45015e964ba24 (patch)
tree: eef41da4fa94cfb03cf3ebf66f3474a36a694c0f /src/server/game/Handlers/ChannelHandler.cpp
parent: a8ff0c990b68eda2bf3c22bbf4d72331bc8842b9 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/server/game/Handlers/ChannelHandler.cpp b/src/server/game/Handlers/ChannelHandler.cpp
index cda6e7a4efb..d528aed6f34 100644
--- a/src/server/game/Handlers/ChannelHandler.cpp
+++ b/src/server/game/Handlers/ChannelHandler.cpp
@@ -100,6 +100,9 @@ void WorldSession::HandleChannelPassword(WorldPacket& recvPacket)
     TC_LOG_DEBUG("chat.system", "CMSG_CHANNEL_PASSWORD %s Channel: %s, Password: %s",
         GetPlayerInfo().c_str(), channelName.c_str(), password.c_str());
 
+    if (password.length() > MAX_CHANNEL_PASS_STR)
+        return;
+
     if (ChannelMgr* cMgr = ChannelMgr::forTeam(GetPlayer()->GetTeam()))
         if (Channel* channel = cMgr->GetChannel(channelName, GetPlayer()))
             channel->Password(GetPlayer(), password);
author	MitchesD <majklprofik@seznam.cz>	2014-08-24 23:54:28 +0200
committer	MitchesD <majklprofik@seznam.cz>	2014-08-24 23:54:28 +0200
commit	80cde8aa105290c3f1b5dfb022d45015e964ba24 (patch)
tree	eef41da4fa94cfb03cf3ebf66f3474a36a694c0f /src/server/game/Handlers/ChannelHandler.cpp
parent	a8ff0c990b68eda2bf3c22bbf4d72331bc8842b9 (diff)