From 80cde8aa105290c3f1b5dfb022d45015e964ba24 Mon Sep 17 00:00:00 2001
From: MitchesD <majklprofik@seznam.cz>
Date: Sun, 24 Aug 2014 23:54:28 +0200
Subject: Core/Channels: fixed possible exploit with channel password You were
 able to setup longer password than you can write into the dialog window.
 Limit in dialog is 31 chars, in DB is varchar(32) but there was no limit in
 command /pass <channel> <password>, so that was the problem.

---
 src/server/game/Handlers/ChannelHandler.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/server/game/Handlers/ChannelHandler.cpp')

diff --git a/src/server/game/Handlers/ChannelHandler.cpp b/src/server/game/Handlers/ChannelHandler.cpp
index cda6e7a4efb..d528aed6f34 100644
--- a/src/server/game/Handlers/ChannelHandler.cpp
+++ b/src/server/game/Handlers/ChannelHandler.cpp
@@ -100,6 +100,9 @@ void WorldSession::HandleChannelPassword(WorldPacket& recvPacket)
     TC_LOG_DEBUG("chat.system", "CMSG_CHANNEL_PASSWORD %s Channel: %s, Password: %s",
         GetPlayerInfo().c_str(), channelName.c_str(), password.c_str());
 
+    if (password.length() > MAX_CHANNEL_PASS_STR)
+        return;
+
     if (ChannelMgr* cMgr = ChannelMgr::forTeam(GetPlayer()->GetTeam()))
         if (Channel* channel = cMgr->GetChannel(channelName, GetPlayer()))
             channel->Password(GetPlayer(), password);
-- 
cgit v1.2.3