From 3a3c33243614b9aeefd08b85960a915de93bdc44 Mon Sep 17 00:00:00 2001 From: velinath Date: Wed, 23 Apr 2014 08:05:29 -0400 Subject: Correct display of output for .rbac account list command. (thanks Spp-) --- src/server/scripts/Commands/cs_rbac.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/server/scripts/Commands/cs_rbac.cpp b/src/server/scripts/Commands/cs_rbac.cpp index df4ce993433..47fa01837f6 100644 --- a/src/server/scripts/Commands/cs_rbac.cpp +++ b/src/server/scripts/Commands/cs_rbac.cpp @@ -320,7 +320,7 @@ public: handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); } } - handler->PSendSysMessage(LANG_RBAC_LIST_HEADER_DENIED, command->rbac->GetId(), command->rbac->GetName().c_str()); + handler->PSendSysMessage(LANG_RBAC_LIST_HEADER_BY_SEC_LEVEL, command->rbac->GetId(), command->rbac->GetName().c_str(), command->rbac->GetSecurityLevel()); rbac::RBACPermissionContainer const& defaultPermissions = sAccountMgr->GetRBACDefaultPermissions(command->rbac->GetSecurityLevel()); if (defaultPermissions.empty()) handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); -- cgit v1.2.3 From 6b42f99540dda13b622fe1653993e3b84709efc7 Mon Sep 17 00:00:00 2001 From: jackpoz Date: Wed, 23 Apr 2014 20:01:20 +0200 Subject: Core/AuctionHouse: Fix AuctionHouse exploit Fix an exploit in Auction House using either CheatEngine or WPE that allowed to sell more items than the Player had in inventory or to crash worldserver. Fixes #11831 Fixes #11928 --- src/server/game/Handlers/AuctionHouseHandler.cpp | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/server/game/Handlers/AuctionHouseHandler.cpp b/src/server/game/Handlers/AuctionHouseHandler.cpp index d9e4feb7f85..86fa0429cce 100644 --- a/src/server/game/Handlers/AuctionHouseHandler.cpp +++ b/src/server/game/Handlers/AuctionHouseHandler.cpp @@ -119,7 +119,9 @@ void WorldSession::HandleAuctionSellItem(WorldPacket& recvData) recvData >> itemsCount; uint64 itemGUIDs[MAX_AUCTION_ITEMS]; // 160 slot = 4x 36 slot bag + backpack 16 slot + memset(itemGUIDs, 0, sizeof(itemGUIDs)); uint32 count[MAX_AUCTION_ITEMS]; + memset(count, 0, sizeof(count)); if (itemsCount > MAX_AUCTION_ITEMS) { @@ -187,6 +189,7 @@ void WorldSession::HandleAuctionSellItem(WorldPacket& recvData) Item* items[MAX_AUCTION_ITEMS]; uint32 finalCount = 0; + uint32 itemEntry = 0; for (uint32 i = 0; i < itemsCount; ++i) { @@ -198,9 +201,12 @@ void WorldSession::HandleAuctionSellItem(WorldPacket& recvData) return; } + if (itemEntry == 0) + itemEntry = item->GetTemplate()->ItemId; + if (sAuctionMgr->GetAItem(item->GetGUIDLow()) || !item->CanBeTraded() || item->IsNotEmptyBag() || item->GetTemplate()->Flags & ITEM_PROTO_FLAG_CONJURED || item->GetUInt32Value(ITEM_FIELD_DURATION) || - item->GetCount() < count[i]) + item->GetCount() < count[i] || itemEntry != item->GetTemplate()->ItemId) { SendAuctionCommandResult(0, AUCTION_SELL_ITEM, ERR_AUCTION_DATABASE_ERROR); return; @@ -216,6 +222,19 @@ void WorldSession::HandleAuctionSellItem(WorldPacket& recvData) return; } + // check if there are 2 identical guids, in this case user is most likely cheating + for (uint32 i = 0; i < itemsCount - 1; ++i) + { + for (uint32 j = i + 1; j < itemsCount; ++j) + { + if (itemGUIDs[i] == itemGUIDs[j]) + { + SendAuctionCommandResult(0, AUCTION_SELL_ITEM, ERR_AUCTION_DATABASE_ERROR); + return; + } + } + } + for (uint32 i = 0; i < itemsCount; ++i) { Item* item = items[i]; -- cgit v1.2.3