From ce30c08fbcf3cbe527a1811890ce1341ca47bddb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefano=20Borz=C3=AC?= <stefanoborzi32@gmail.com>
Date: Wed, 30 Oct 2019 08:18:00 +0100
Subject: [PATCH] fix(Core/AuthSocket): Added check for AuthFlooder (#2387)

---
 src/server/authserver/Server/AuthSocket.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index fef4e5f49..d7ef7221f 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -208,6 +208,10 @@ void AuthSocket::OnRead()
 {
     #define MAX_AUTH_LOGON_CHALLENGES_IN_A_ROW 3
     uint32 challengesInARow = 0;
+
+    #define MAX_AUTH_GET_REALM_LIST 10
+    uint32 challengesInARowRealmList = 0;
+
     uint8 _cmd;
     while (1)
     {
@@ -224,6 +228,15 @@ void AuthSocket::OnRead()
                 return;
             }
         }
+        else if (_cmd == REALM_LIST) {
+          challengesInARowRealmList++;
+          if (challengesInARowRealmList == MAX_AUTH_GET_REALM_LIST)
+          {
+              sLog->outString("Got %u REALM_LIST in a row from '%s', possible ongoing DoS", challengesInARowRealmList, socket().getRemoteAddress().c_str());
+              socket().shutdown();
+              return;
+          }
+        }
 
         size_t i;