Core/PacketIO: Validate AddonInfo size

Closes #24734
author: Shauren <shauren.trinity@gmail.com> 2020-06-01 23:43:38 +0200
committer: Shauren <shauren.trinity@gmail.com> 2020-06-01 23:43:38 +0200
commit: 0e9eb8e7f5eac85531ce25d214cf6018bef4114b (patch)
tree: 62457268b65a5fbfa6dc37da1c3b6033663931e7 /src
parent: 43ef610fe059c3da4cc1ad2036f83cfa67ce0fee (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp
index ff85f71c769..ab43f6f36a0 100644
--- a/src/server/game/Server/WorldSocket.cpp
+++ b/src/server/game/Server/WorldSocket.cpp
@@ -434,7 +434,8 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
     recvPacket >> authSession->RealmID;               // realmId from auth_database.realmlist table
     recvPacket >> authSession->DosResponse;
     recvPacket.read(authSession->Digest, 20);
-    authSession->AddonInfo.append(recvPacket.contents() + recvPacket.rpos(), recvPacket.size() - recvPacket.rpos());
+    authSession->AddonInfo.resize(recvPacket.size() - recvPacket.rpos());
+    recvPacket.read(authSession->AddonInfo.contents(), authSession->AddonInfo.size()); // .contents will throw if empty, thats what we want
 
     // Get the account information from the auth database
     LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
author	Shauren <shauren.trinity@gmail.com>	2020-06-01 23:43:38 +0200
committer	Shauren <shauren.trinity@gmail.com>	2020-06-01 23:43:38 +0200
commit	0e9eb8e7f5eac85531ce25d214cf6018bef4114b (patch)
tree	62457268b65a5fbfa6dc37da1c3b6033663931e7 /src
parent	43ef610fe059c3da4cc1ad2036f83cfa67ce0fee (diff)