From 4431df1f136372319dd6f73c4d28c4e0ef0dcb2c Mon Sep 17 00:00:00 2001 From: jackpoz Date: Sun, 21 Jun 2020 20:19:11 +0200 Subject: Core/LFG: Sanitize LFG roles sent by clients (cherry picked from commit 3778f23c579ad1050c2b985b5f42b365a7736c24) --- src/server/game/DungeonFinding/LFG.h | 3 ++- src/server/game/DungeonFinding/LFGMgr.cpp | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/server/game/DungeonFinding/LFG.h b/src/server/game/DungeonFinding/LFG.h index ebf38444c62..98f43cf63f1 100644 --- a/src/server/game/DungeonFinding/LFG.h +++ b/src/server/game/DungeonFinding/LFG.h @@ -40,7 +40,8 @@ enum LfgRoles PLAYER_ROLE_LEADER = 0x01, PLAYER_ROLE_TANK = 0x02, PLAYER_ROLE_HEALER = 0x04, - PLAYER_ROLE_DAMAGE = 0x08 + PLAYER_ROLE_DAMAGE = 0x08, + PLAYER_ROLE_ANY = PLAYER_ROLE_LEADER | PLAYER_ROLE_TANK | PLAYER_ROLE_HEALER | PLAYER_ROLE_DAMAGE }; enum LfgUpdateType diff --git a/src/server/game/DungeonFinding/LFGMgr.cpp b/src/server/game/DungeonFinding/LFGMgr.cpp index 69820676e53..0bb2c62d2b6 100644 --- a/src/server/game/DungeonFinding/LFGMgr.cpp +++ b/src/server/game/DungeonFinding/LFGMgr.cpp @@ -397,6 +397,13 @@ void LFGMgr::JoinLfg(Player* player, uint8 roles, LfgDungeonSet& dungeons) if (!player || !player->GetSession() || dungeons.empty()) return; + // At least 1 role must be selected + if (!(roles & (PLAYER_ROLE_TANK | PLAYER_ROLE_HEALER | PLAYER_ROLE_DAMAGE))) + return; + + // Sanitize input roles + roles &= PLAYER_ROLE_ANY; + Group* grp = player->GetGroup(); ObjectGuid guid = player->GetGUID(); ObjectGuid gguid = grp ? grp->GetGUID() : guid; @@ -716,6 +723,9 @@ void LFGMgr::UpdateRoleCheck(ObjectGuid gguid, ObjectGuid guid /* = ObjectGuid:: if (itRoleCheck == RoleChecksStore.end()) return; + // Sanitize input roles + roles &= PLAYER_ROLE_ANY; + LfgRoleCheck& roleCheck = itRoleCheck->second; bool sendRoleChosen = roleCheck.state != LFG_ROLECHECK_DEFAULT && !guid.IsEmpty(); -- cgit v1.2.3