Core/Networking: Added safety checks against linking instance socket with incorrect/old session

Ref #15892
author: Shauren <shauren.trinity@gmail.com> 2015-12-29 21:22:31 +0100
committer: Shauren <shauren.trinity@gmail.com> 2015-12-29 21:22:31 +0100
commit: 6ace6aabbff91ebc487f43276d5b1861968c59db (patch)
tree: dba0af009f07c8f2616d26da584fe6b23ec05be5 /src/server/game/Server
parent: 7b15207902843b9e69df07d11246cd3590980c5a (diff)
3 files changed, 31 insertions, 5 deletions
diff --git a/src/server/game/Server/WorldSession.cpp b/src/server/game/Server/WorldSession.cpp
index f0126cd2782..e7106583025 100644
--- a/src/server/game/Server/WorldSession.cpp
+++ b/src/server/game/Server/WorldSession.cpp
@@ -146,6 +146,7 @@ WorldSession::WorldSession(uint32 id, std::string&& name, uint32 battlenetAccoun
     }
 
     m_Socket[CONNECTION_TYPE_REALM] = sock;
+    _instanceConnectKey.Raw = UI64LIT(0);
 
     InitializeQueryCallbackParameters();
 }
@@ -716,8 +717,12 @@ void WorldSession::SendConnectToInstance(WorldPackets::Auth::ConnectToSerial ser
     boost::asio::ip::tcp::endpoint instanceAddress = realm.GetAddressForClient(boost::asio::ip::address::from_string(GetRemoteAddress(), ignored_error));
     instanceAddress.port(sWorld->getIntConfig(CONFIG_PORT_INSTANCE));
 
+    _instanceConnectKey.Fields.AccountId = GetAccountId();
+    _instanceConnectKey.Fields.ConnectionType = CONNECTION_TYPE_INSTANCE;
+    _instanceConnectKey.Fields.Key = urand(0, 0x7FFFFFFF);
+
     WorldPackets::Auth::ConnectTo connectTo;
-    connectTo.Key = MAKE_PAIR64(GetAccountId(), CONNECTION_TYPE_INSTANCE);
+    connectTo.Key = _instanceConnectKey.Raw;
     connectTo.Serial = serial;
     connectTo.Payload.Where = instanceAddress;
     connectTo.Con = CONNECTION_TYPE_INSTANCE;
diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h
index 795f5efc600..48ee884af01 100644
--- a/src/server/game/Server/WorldSession.h
+++ b/src/server/game/Server/WorldSession.h
@@ -1634,6 +1634,19 @@ class WorldSession
         void HandleBattlePetSummon(WorldPackets::BattlePet::BattlePetSummon& battlePetSummon);
         void HandleCageBattlePet(WorldPackets::BattlePet::CageBattlePet& cageBattlePet);
 
+        union ConnectToKey
+        {
+            struct
+            {
+                uint64 AccountId : 32;
+                uint64 ConnectionType : 1;
+                uint64 Key : 31;
+            } Fields;
+
+            uint64 Raw;
+        };
+
+        uint64 GetConnectToInstanceKey() const { return _instanceConnectKey.Raw; }
     private:
         void InitializeQueryCallbackParameters();
         void ProcessQueryCallbacks();
@@ -1750,6 +1763,8 @@ class WorldSession
 
         std::unique_ptr<CollectionMgr> _collectionMgr;
 
+        ConnectToKey _instanceConnectKey;
+
         WorldSession(WorldSession const& right) = delete;
         WorldSession& operator=(WorldSession const& right) = delete;
 };
diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp
index 030ca1966f8..0514c03d12e 100644
--- a/src/server/game/Server/WorldSocket.cpp
+++ b/src/server/game/Server/WorldSocket.cpp
@@ -782,7 +782,10 @@ void WorldSocket::LoadSessionPermissionsCallback(PreparedQueryResult result)
 
 void WorldSocket::HandleAuthContinuedSession(std::shared_ptr<WorldPackets::Auth::AuthContinuedSession> authSession)
 {
-    _type = ConnectionType(PAIR64_HIPART(authSession->Key));
+    WorldSession::ConnectToKey key;
+    key.Raw = authSession->Key;
+
+    _type = ConnectionType(key.Fields.ConnectionType);
     if (_type != CONNECTION_TYPE_INSTANCE)
     {
         SendAuthResponseError(AUTH_UNKNOWN_ACCOUNT);
@@ -793,7 +796,7 @@ void WorldSocket::HandleAuthContinuedSession(std::shared_ptr<WorldPackets::Auth:
     // Client switches packet headers after sending CMSG_AUTH_CONTINUED_SESSION
     _headerBuffer.Resize(SizeOfClientHeader[1][1]);
 
-    uint32 accountId = PAIR64_LOPART(authSession->Key);
+    uint32 accountId = uint32(key.Fields.AccountId);
     PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_CONTINUED_SESSION);
     stmt->setUInt32(0, accountId);
 
@@ -813,7 +816,10 @@ void WorldSocket::HandleAuthContinuedSessionCallback(std::shared_ptr<WorldPacket
         return;
     }
 
-    uint32 accountId = PAIR64_LOPART(authSession->Key);
+    WorldSession::ConnectToKey key;
+    key.Raw = authSession->Key;
+
+    uint32 accountId = uint32(key.Fields.AccountId);
     Field* fields = result->Fetch();
     std::string login = fields[0].GetString();
     BigNumber k;
@@ -835,7 +841,7 @@ void WorldSocket::HandleAuthContinuedSessionCallback(std::shared_ptr<WorldPacket
         return;
     }
 
-    sWorld->AddInstanceSocket(shared_from_this(), accountId);
+    sWorld->AddInstanceSocket(shared_from_this(), authSession->Key);
     AsyncRead();
 }
author	Shauren <shauren.trinity@gmail.com>	2015-12-29 21:22:31 +0100
committer	Shauren <shauren.trinity@gmail.com>	2015-12-29 21:22:31 +0100
commit	6ace6aabbff91ebc487f43276d5b1861968c59db (patch)
tree	dba0af009f07c8f2616d26da584fe6b23ec05be5 /src/server/game/Server
parent	7b15207902843b9e69df07d11246cd3590980c5a (diff)