nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-30 09:03:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Warden) Warden Anti-Cheat Timing Attack Protection MAC (#21824)

Browse Source
This commit is contained in:
blinkysc
2025-03-31 11:50:48 -05:00
committed by GitHub
parent f1f56bf1db
commit 5562d722d6
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/server/game/Warden/WardenMac.cpp
View File

@@ -26,6 +26,7 @@
#include "WardenModuleMac.h"
#include "WorldPacket.h"
#include "WorldSession.h"
#include <openssl/crypto.h>
WardenMac::WardenMac() : Warden()
{
@@ -152,8 +153,8 @@ void WardenMac::HandleHashResult(ByteBuffer& buff)
//const uint8 validHash[20] = { 0x56, 0x8C, 0x05, 0x4C, 0x78, 0x1A, 0x97, 0x2A, 0x60, 0x37, 0xA2, 0x29, 0x0C, 0x22, 0xB5, 0x25, 0x71, 0xA0, 0x6F, 0x4E };
// Verify key
if (memcmp(buff.contents() + 1, sha1.GetDigest().data(), 20) != 0)
// Verify key using constant-time comparison
if (CRYPTO_memcmp(buff.contents() + 1, sha1.GetDigest().data(), 20) != 0)
{
LOG_DEBUG("warden", "Request hash reply: failed");
ApplyPenalty(0, "Request hash reply: failed");