From fe1003bdbd88e2bccf2ac91ffd18804a6d9b6fb3 Mon Sep 17 00:00:00 2001 From: Shauren Date: Sat, 27 Jul 2019 01:00:37 +0200 Subject: Core/DBLayer: Prevent using prepared statements on wrong database (cherry picked from commit e8e89f58fb800014f53341f12505f60ee2b5fb6f) # Conflicts: # src/server/bnetserver/REST/LoginRESTService.cpp # src/server/bnetserver/Server/Session.cpp # src/server/database/Database/DatabaseWorkerPool.cpp # src/server/database/Database/Implementation/HotfixDatabase.h # src/server/database/Database/MySQLConnection.cpp # src/server/database/Database/MySQLConnection.h # src/server/database/Database/PreparedStatement.cpp # src/server/database/Database/PreparedStatement.h # src/server/database/Database/QueryHolder.cpp # src/server/database/Database/SQLOperation.h # src/server/database/Database/Transaction.h # src/server/game/Accounts/BattlenetAccountMgr.cpp # src/server/game/Achievements/AchievementMgr.cpp # src/server/game/AuctionHouse/AuctionHouseMgr.cpp # src/server/game/AuctionHouseBot/AuctionHouseBot.cpp # src/server/game/AuctionHouseBot/AuctionHouseBotBuyer.cpp # src/server/game/BattlePets/BattlePetMgr.cpp # src/server/game/Battlegrounds/ArenaTeam.cpp # src/server/game/BlackMarket/BlackMarketMgr.cpp # src/server/game/Chat/Channels/Channel.cpp # src/server/game/Entities/Corpse/Corpse.cpp # src/server/game/Entities/Creature/Creature.cpp # src/server/game/Entities/GameObject/GameObject.cpp # src/server/game/Entities/Item/Item.cpp # src/server/game/Entities/Pet/Pet.cpp # src/server/game/Entities/Player/CollectionMgr.cpp # src/server/game/Entities/Player/Player.cpp # src/server/game/Garrison/Garrison.cpp # src/server/game/Globals/ObjectMgr.cpp # src/server/game/Groups/Group.cpp # src/server/game/Guilds/Guild.cpp # src/server/game/Guilds/GuildFinderMgr.cpp # src/server/game/Guilds/GuildMgr.cpp # src/server/game/Handlers/AuctionHouseHandler.cpp # src/server/game/Handlers/CharacterHandler.cpp # src/server/game/Handlers/ItemHandler.cpp # src/server/game/Handlers/MailHandler.cpp # src/server/game/Handlers/MiscHandler.cpp # src/server/game/Handlers/PetitionsHandler.cpp # src/server/game/Handlers/SpellHandler.cpp # src/server/game/Handlers/TicketHandler.cpp # src/server/game/Loot/Loot.cpp # src/server/game/Mails/Mail.cpp # src/server/game/Maps/Map.cpp # src/server/game/Movement/Waypoints/WaypointManager.cpp # src/server/game/OutdoorPvP/OutdoorPvP.cpp # src/server/game/Pools/PoolMgr.cpp # src/server/game/Quests/QuestObjectiveCriteriaMgr.cpp # src/server/game/Reputation/ReputationMgr.cpp # src/server/game/Scenarios/InstanceScenario.cpp # src/server/game/Server/WorldSession.cpp # src/server/game/Server/WorldSocket.cpp # src/server/game/Spells/SpellHistory.cpp # src/server/game/Support/SupportMgr.cpp # src/server/game/Tools/PlayerDump.cpp # src/server/game/World/World.cpp # src/server/scripts/Commands/cs_account.cpp # src/server/scripts/Commands/cs_ban.cpp # src/server/scripts/Commands/cs_battlenet_account.cpp # src/server/scripts/Commands/cs_group.cpp # src/server/scripts/Commands/cs_lfg.cpp # src/server/scripts/Commands/cs_list.cpp # src/server/scripts/Commands/cs_message.cpp # src/server/scripts/Commands/cs_misc.cpp # src/server/scripts/Commands/cs_npc.cpp # src/server/scripts/Commands/cs_tele.cpp # src/server/scripts/Commands/cs_wp.cpp # src/server/shared/DataStores/DB2DatabaseLoader.cpp # src/server/shared/Realm/RealmList.cpp --- src/server/authserver/Server/AuthSession.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src/server/authserver/Server/AuthSession.cpp') diff --git a/src/server/authserver/Server/AuthSession.cpp b/src/server/authserver/Server/AuthSession.cpp index 6f6162cf2ff..8d23c84dd11 100644 --- a/src/server/authserver/Server/AuthSession.cpp +++ b/src/server/authserver/Server/AuthSession.cpp @@ -172,7 +172,7 @@ void AuthSession::Start() std::string ip_address = GetRemoteIpAddress().to_string(); TC_LOG_TRACE("session", "Accepted connection from %s", ip_address.c_str()); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO); stmt->setString(0, ip_address); _queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::CheckIpCallback, this, std::placeholders::_1))); @@ -305,7 +305,7 @@ bool AuthSession::HandleLogonChallenge() _localizationName[i] = challenge->country[4 - i - 1]; // Get the account details from the account table - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE); stmt->setString(0, login); _queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::LogonChallengeCallback, this, std::placeholders::_1))); @@ -602,7 +602,7 @@ bool AuthSession::HandleLogonProof() // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account // No SQL injection (escaped user name) and IP address as received by socket - PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF); + LoginDatabasePreparedStatement*stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF); stmt->setString(0, K.AsHexStr()); stmt->setString(1, GetRemoteIpAddress().to_string()); stmt->setUInt32(2, GetLocaleByName(_localizationName)); @@ -660,7 +660,7 @@ bool AuthSession::HandleLogonProof() // We can not include the failed account login hook. However, this is a workaround to still log this. if (sConfigMgr->GetBoolDefault("WrongPass.Logging", false)) { - PreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING); + LoginDatabasePreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING); logstmt->setUInt32(0, _accountInfo.Id); logstmt->setString(1, GetRemoteIpAddress().to_string()); logstmt->setString(2, "Logged on failed AccountLogin due wrong password"); @@ -671,7 +671,7 @@ bool AuthSession::HandleLogonProof() if (MaxWrongPassCount > 0) { //Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS); stmt->setString(0, _accountInfo.Login); LoginDatabase.Execute(stmt); @@ -733,7 +733,7 @@ bool AuthSession::HandleReconnectChallenge() _localizationName[i] = challenge->country[4 - i - 1]; // Get the account details from the account table - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE); stmt->setString(0, login); _queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::ReconnectChallengeCallback, this, std::placeholders::_1))); @@ -817,7 +817,7 @@ bool AuthSession::HandleRealmList() { TC_LOG_DEBUG("server.authserver", "Entering _HandleRealmList"); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS); stmt->setUInt32(0, _accountInfo.Id); _queryProcessor.AddQuery(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::RealmListCallback, this, std::placeholders::_1))); @@ -948,7 +948,7 @@ void AuthSession::SetVSFields(const std::string& rI) v = g.ModExp(x, N); // No SQL injection (username escaped) - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS); + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS); stmt->setString(0, v.AsHexStr()); stmt->setString(1, s.AsHexStr()); stmt->setString(2, _accountInfo.Login); -- cgit v1.2.3