From 8d6bf1f4dc031aab720f1f14bf6b3c676ba7e5ab Mon Sep 17 00:00:00 2001
From: Nefertumm <nefertum.dev@protonmail.com>
Date: Tue, 17 Mar 2020 18:11:07 -0300
Subject: [PATCH] Fix(Core/Packet): Calendar events exploits (#2753)

* Calendar handler exploit fix

* Travis and sugestions

* What a noob <.<
---
 src/server/game/Handlers/CalendarHandler.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/server/game/Handlers/CalendarHandler.cpp b/src/server/game/Handlers/CalendarHandler.cpp
index b77e30cad..a9aaf9c66 100644
--- a/src/server/game/Handlers/CalendarHandler.cpp
+++ b/src/server/game/Handlers/CalendarHandler.cpp
@@ -35,6 +35,7 @@ Copied events should probably have a new owner
 #include "ArenaTeamMgr.h"
 #include "WorldSession.h"
 #include "GameEventMgr.h"
+#include "utf8.h"
 
 void WorldSession::HandleCalendarGetCalendar(WorldPacket& /*recvData*/)
 {
@@ -207,6 +208,17 @@ void WorldSession::HandleCalendarArenaTeam(WorldPacket& recvData)
         team->MassInviteToEvent(this);
 }
 
+bool validUtf8String(WorldPacket& recvData, std::string& s, std::string action, uint64 playerGUID)
+{
+    if (!utf8::is_valid(s.begin(), s.end()))
+    {
+        sLog->outString("CalendarHandler: Player with guid %lu attempt to %s an event with invalid name or description (packet modification)", playerGUID, action.c_str());
+        recvData.rfinish();
+        return false;
+    }
+    return true;
+}
+
 void WorldSession::HandleCalendarAddEvent(WorldPacket& recvData)
 {
     uint64 guid = _player->GetGUID();
@@ -226,6 +238,10 @@ void WorldSession::HandleCalendarAddEvent(WorldPacket& recvData)
     recvData.ReadPackedTime(unkPackedTime);
     recvData >> flags;
 
+    // prevent attacks with non-utf8 chars -> with multiple packets it will hang up the db due to errors.
+    if (!validUtf8String(recvData, title, "create", guid) || !validUtf8String(recvData, description, "create", guid))
+        return;
+
     // prevent events in the past
     // To Do: properly handle timezones and remove the "- time_t(86400L)" hack
     if (time_t(eventPackedTime) < (time(NULL) - time_t(86400L)))
@@ -318,6 +334,10 @@ void WorldSession::HandleCalendarUpdateEvent(WorldPacket& recvData)
     recvData.ReadPackedTime(timeZoneTime);
     recvData >> flags;
 
+    // prevent attacks with non-utf8 chars -> with multiple packets it will hang up the db due to errors.
+    if (!validUtf8String(recvData, title, "update", guid) || !validUtf8String(recvData, description, "update", guid))
+        return;
+
     // prevent events in the past
     // To Do: properly handle timezones and remove the "- time_t(86400L)" hack
     if (time_t(eventPackedTime) < (time(NULL) - time_t(86400L)))