diff options
| author | Anubisss <anubisss210@gmail.com> | 2011-04-01 03:11:57 +0200 |
|---|---|---|
| committer | Anubisss <anubisss210@gmail.com> | 2011-04-01 03:11:57 +0200 |
| commit | 5fe6c225e23ee3575ad6b91185dc7f4ef2ad5387 (patch) | |
| tree | ba3a3dfb9a6f3d94597a4300238ec4a1217b5509 /src | |
| parent | 24dae7dd9a782145783f68769dd7f7a9a61fbeee (diff) | |
Fix a login exploit.
Make a list of GUIDs that purpose is which characters can login per account.
This fixes an exploit that player can login (but shouldn't) with packet manipulation.
Signed-off-by: Anubisss <anubisss210@gmail.com>
Diffstat (limited to 'src')
| -rwxr-xr-x | src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp | 10 | ||||
| -rwxr-xr-x | src/server/game/Server/WorldSession.h | 13 |
2 files changed, 23 insertions, 0 deletions
diff --git a/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp b/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp index 077f332ec6a..9ca3432ec99 100755 --- a/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp +++ b/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp @@ -212,7 +212,10 @@ void WorldSession::HandleCharEnum(QueryResult result) uint32 guidlow = (*result)[0].GetUInt32(); sLog->outDetail("Loading char guid %u from account %u.",guidlow,GetAccountId()); if (Player::BuildEnumData(result, &data)) + { + m_AllowedCharsToLogin.push_back(guidlow); ++num; + } } while (result->NextRow()); } @@ -660,6 +663,13 @@ void WorldSession::HandlePlayerLoginOpcode(WorldPacket & recv_data) recv_data >> playerGuid; + if (!CharCanLogin(GUID_LOPART(playerGuid))) + { + sLog->outError("Account (%u) can't login with that character (%u).", GetAccountId(), GUID_LOPART(playerGuid)); + KickPlayer(); + return; + } + LoginQueryHolder *holder = new LoginQueryHolder(GetAccountId(), playerGuid); if (!holder->Initialize()) { diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h index 59ff2bc3e08..b881b0b4140 100755 --- a/src/server/game/Server/WorldSession.h +++ b/src/server/game/Server/WorldSession.h @@ -882,6 +882,19 @@ class WorldSession void LogUnexpectedOpcode(WorldPacket *packet, const char* status, const char *reason); void LogUnprocessedTail(WorldPacket *packet); + // EnumData helpers + bool CharCanLogin(uint32 LowGUID) + { + if (find(m_AllowedCharsToLogin.begin(), + m_AllowedCharsToLogin.end(), + LowGUID) == m_AllowedCharsToLogin.end()) + return false; + return true; + } + // this stores the GUIDs of the characters who can login + // characters who failed on Player::BuildEnumData shouldn't login + std::list<uint32> m_AllowedCharsToLogin; + uint32 m_GUIDLow; // set loggined or recently logout player (while m_playerRecentlyLogout set) Player *_player; WorldSocket *m_Socket; |