Core/Auth: Resolved critical vulnerability on auth system bypass

2026-01-28 16:16:27 +00:00 · 2016-11-18 16:22:51 +01:00
parent aeb9406860
commit 096a77bac2
2 changed files with 43 additions and 19 deletions
--- a/src/authserver/Server/AuthSocket.h
+++ b/src/authserver/Server/AuthSocket.h
@@ -14,6 +14,16 @@
 class ACE_INET_Addr;
 struct Realm;

+enum eStatus
+{
+    STATUS_CHALLENGE,
+    STATUS_LOGON_PROOF,
+    STATUS_RECON_PROOF,
+    STATUS_PATCH,      // unused in CMaNGOS
+    STATUS_AUTHED,
+    STATUS_CLOSED
+};
+
 // Handle login commands
 class AuthSocket: public RealmSocket::Session
 {
@@ -54,7 +64,7 @@ private:
    BigNumber K;
    BigNumber _reconnectProof;

-    bool _authed;
+    eStatus _status;

    std::string _login;