From b80da061523e9b730a84c0776a4706d043abe785 Mon Sep 17 00:00:00 2001
From: 55Honey <71938210+55Honey@users.noreply.github.com>
Date: Tue, 18 Feb 2025 20:41:11 +0100
Subject: [PATCH] fix(Core/Auth): prevent expansion overflow in
 SendAuthResponse (#21503)

---
 src/server/game/Handlers/AuthHandler.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/server/game/Handlers/AuthHandler.cpp b/src/server/game/Handlers/AuthHandler.cpp
index 174d0f3c9..45a87579b 100644
--- a/src/server/game/Handlers/AuthHandler.cpp
+++ b/src/server/game/Handlers/AuthHandler.cpp
@@ -26,7 +26,12 @@ void WorldSession::SendAuthResponse(uint8 code, bool shortForm, uint32 queuePos)
     packet << uint32(0);                                   // BillingTimeRemaining
     packet << uint8(0);                                    // BillingPlanFlags
     packet << uint32(0);                                   // BillingTimeRested
-    packet << uint8(Expansion());                          // 0 - normal, 1 - TBC, 2 - WOTLK, must be set in database manually for each account
+    uint8 exp = Expansion();                               // 0 - normal, 1 - TBC, 2 - WOTLK, must be set in database manually for each account
+
+    if (exp >= MAX_EXPANSIONS)
+        exp = MAX_EXPANSIONS - 1;
+
+    packet << uint8(exp);
 
     if (!shortForm)
     {