From b0d6b6ee70b72a4a3409b9332f9b54a2061c054f Mon Sep 17 00:00:00 2001 From: Ercules76 Date: Thu, 7 Mar 2019 22:20:02 +0100 Subject: [PATCH] fix(core): prevent unsupported-by-client passwords (#1547) --- .../updates/pending_db_world/rev_1551539925032805900.sql | 8 ++++++++ src/server/game/Accounts/AccountMgr.cpp | 3 +++ src/server/game/Accounts/AccountMgr.h | 1 + src/server/game/Miscellaneous/Language.h | 3 ++- src/server/scripts/Commands/cs_account.cpp | 4 ++++ 5 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 data/sql/updates/pending_db_world/rev_1551539925032805900.sql diff --git a/data/sql/updates/pending_db_world/rev_1551539925032805900.sql b/data/sql/updates/pending_db_world/rev_1551539925032805900.sql new file mode 100644 index 000000000..8d4d43df8 --- /dev/null +++ b/data/sql/updates/pending_db_world/rev_1551539925032805900.sql @@ -0,0 +1,8 @@ +INSERT INTO `version_db_world` (`sql_rev`) VALUES ('1551539925032805900'); + +DELETE FROM `trinity_string` WHERE `entry` = 1031; +INSERT INTO `trinity_string` (`entry`, `content_default`) VALUES +(1031, 'An account password can NOT be longer than 16 characters (client limit). Account NOT created.'); + +UPDATE `trinity_string` SET `content_default` = 'Account name can\'t be longer than 20 characters (client limit), account not created!' WHERE (`entry` = '1005'); + diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp index 3aa62de83..b5eda30cf 100644 --- a/src/server/game/Accounts/AccountMgr.cpp +++ b/src/server/game/Accounts/AccountMgr.cpp @@ -21,6 +21,9 @@ namespace AccountMgr if (utf8length(username) > MAX_ACCOUNT_STR) return AOR_NAME_TOO_LONG; // username's too long + if (utf8length(password) > MAX_PASS_STR) + return AccountOpResult::AOR_PASS_TOO_LONG; // password's too long + normalizeString(username); normalizeString(password); diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h index ccc5be673..db5cead4e 100644 --- a/src/server/game/Accounts/AccountMgr.h +++ b/src/server/game/Accounts/AccountMgr.h @@ -21,6 +21,7 @@ enum AccountOpResult }; #define MAX_ACCOUNT_STR 20 +#define MAX_PASS_STR 16 namespace AccountMgr { diff --git a/src/server/game/Miscellaneous/Language.h b/src/server/game/Miscellaneous/Language.h index 9148a8a8e..6fa20db51 100644 --- a/src/server/game/Miscellaneous/Language.h +++ b/src/server/game/Miscellaneous/Language.h @@ -876,8 +876,9 @@ enum TrinityStrings LANG_SQLDRIVER_QUERY_LOGGING_ENABLED = 1027, LANG_SQLDRIVER_QUERY_LOGGING_DISABLED = 1028, // 1029-1030 used in other client versions - // Room for more level 4 1031-1099 not used + LANG_ACCOUNT_PASS_TOO_LONG = 1031, + // Level 3 (continue) LANG_ACCOUNT_SETADDON = 1100, diff --git a/src/server/scripts/Commands/cs_account.cpp b/src/server/scripts/Commands/cs_account.cpp index fb8e07f15..a5b361775 100644 --- a/src/server/scripts/Commands/cs_account.cpp +++ b/src/server/scripts/Commands/cs_account.cpp @@ -113,6 +113,10 @@ public: handler->SendSysMessage(LANG_ACCOUNT_TOO_LONG); handler->SetSentErrorMessage(true); return false; + case AOR_PASS_TOO_LONG: + handler->SendSysMessage(LANG_ACCOUNT_PASS_TOO_LONG); + handler->SetSentErrorMessage(true); + return false; case AOR_NAME_ALREDY_EXIST: handler->SendSysMessage(LANG_ACCOUNT_ALREADY_EXIST); handler->SetSentErrorMessage(true);