From a1f079879204518413f0fc391eb8e970f084c65f Mon Sep 17 00:00:00 2001
From: Dehravor <dehravor@gmail.com>
Date: Sun, 12 Jan 2014 00:12:38 +0000
Subject: DB/Guild: Fix incorrect input length limits

There is one incorrect field length related to guilds in the database, which can be used to cause an overflow client-side, by sending CMSG_GUILD_INFO_TEXT with long strings.

The guild information has the same 500 characters client-side limit as the guild bank tab information, but on server-side it can be 65k characters long. A lengthy guild info makes the whole Guild panel unusable.

Length of the other fields match the client's limits in the database: guild bank tab name (16), public note (31), officer note (31), motd (128), guild bank tab info (500).

Closes #11395

Signed-off-by: DDuarte <dnpd.dd@gmail.com>
---
 sql/base/characters_database.sql                          | 2 +-
 sql/updates/characters/2014_01_14_00_characters_guild.sql | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 sql/updates/characters/2014_01_14_00_characters_guild.sql

(limited to 'sql')

diff --git a/sql/base/characters_database.sql b/sql/base/characters_database.sql
index f414424cfd3..f880f009893 100644
--- a/sql/base/characters_database.sql
+++ b/sql/base/characters_database.sql
@@ -1662,7 +1662,7 @@ CREATE TABLE `guild` (
   `BorderStyle` tinyint(3) unsigned NOT NULL DEFAULT '0',
   `BorderColor` tinyint(3) unsigned NOT NULL DEFAULT '0',
   `BackgroundColor` tinyint(3) unsigned NOT NULL DEFAULT '0',
-  `info` text NOT NULL,
+  `info` VARCHAR(500) NOT NULL DEFAULT '',
   `motd` varchar(128) NOT NULL DEFAULT '',
   `createdate` int(10) unsigned NOT NULL DEFAULT '0',
   `BankMoney` bigint(20) unsigned NOT NULL DEFAULT '0',
diff --git a/sql/updates/characters/2014_01_14_00_characters_guild.sql b/sql/updates/characters/2014_01_14_00_characters_guild.sql
new file mode 100644
index 00000000000..23a2cada153
--- /dev/null
+++ b/sql/updates/characters/2014_01_14_00_characters_guild.sql
@@ -0,0 +1 @@
+ALTER TABLE `guild` CHANGE `info` `info` VARCHAR(500) NOT NULL DEFAULT '';
-- 
cgit v1.2.3