nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-02-06 04:23:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Warden) Warden Anti-Cheat Timing Attack Protection WINDOWS (#21823)

Browse Source
This commit is contained in:
blinkysc
2025-03-31 11:50:28 -05:00
committed by GitHub
parent 555021ae1b
commit f1f56bf1db
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/server/game/Warden/WardenWin.cpp
View File

@@ -31,6 +31,7 @@
#include "World.h" #include "World.h"
#include "WorldPacket.h" #include "WorldPacket.h"
#include "WorldSession.h" #include "WorldSession.h"
#include <openssl/crypto.h>
// GUILD is the shortest string that has no client validation (RAID only sends if in a raid group) // GUILD is the shortest string that has no client validation (RAID only sends if in a raid group)
static constexpr char _luaEvalPrefix[] = "local S,T,R=SendAddonMessage,function()"; static constexpr char _luaEvalPrefix[] = "local S,T,R=SendAddonMessage,function()";
@@ -230,8 +231,8 @@ void WardenWin::HandleHashResult(ByteBuffer& buff)
{ {
buff.rpos(buff.wpos()); buff.rpos(buff.wpos());
// Verify key // Verify key using constant-time comparison
if (memcmp(buff.contents() + 1, Module.ClientKeySeedHash, Acore::Crypto::Constants::SHA1_DIGEST_LENGTH_BYTES) != 0) if (CRYPTO_memcmp(buff.contents() + 1, Module.ClientKeySeedHash, Acore::Crypto::Constants::SHA1_DIGEST_LENGTH_BYTES) != 0)
{ {
LOG_DEBUG("warden", "Request hash reply: failed"); LOG_DEBUG("warden", "Request hash reply: failed");
ApplyPenalty(0, "Request hash reply: failed"); ApplyPenalty(0, "Request hash reply: failed");
@@ -650,7 +651,7 @@ void WardenWin::HandleData(ByteBuffer& buff)
WardenCheckResult const* rs = sWardenCheckMgr->GetWardenResultById(checkId); WardenCheckResult const* rs = sWardenCheckMgr->GetWardenResultById(checkId);
std::vector<uint8> result = rs->Result.ToByteVector(0, false); std::vector<uint8> result = rs->Result.ToByteVector(0, false);
if (memcmp(buff.contents() + buff.rpos(), result.data(), rd->Length) != 0) if (CRYPTO_memcmp(buff.contents() + buff.rpos(), result.data(), rd->Length) != 0)
{ {
LOG_DEBUG("warden", "RESULT MEM_CHECK fail CheckId {} account Id {}", checkId, _session->GetAccountId()); LOG_DEBUG("warden", "RESULT MEM_CHECK fail CheckId {} account Id {}", checkId, _session->GetAccountId());
checkFailed = checkId; checkFailed = checkId;
@@ -668,7 +669,7 @@ void WardenWin::HandleData(ByteBuffer& buff)
case MODULE_CHECK: case MODULE_CHECK:
{ {
uint8 const byte = 0xE9; uint8 const byte = 0xE9;
if (memcmp(buff.contents() + buff.rpos(), &byte, sizeof(uint8)) != 0) if (CRYPTO_memcmp(buff.contents() + buff.rpos(), &byte, sizeof(uint8)) != 0)
{ {
if (type == PAGE_CHECK_A || type == PAGE_CHECK_B) if (type == PAGE_CHECK_A || type == PAGE_CHECK_B)
{ {
@@ -731,7 +732,7 @@ void WardenWin::HandleData(ByteBuffer& buff)
} }
WardenCheckResult const* rs = sWardenCheckMgr->GetWardenResultById(checkId); WardenCheckResult const* rs = sWardenCheckMgr->GetWardenResultById(checkId);
if (memcmp(buff.contents() + buff.rpos(), rs->Result.ToByteArray<20>(false).data(), Acore::Crypto::Constants::SHA1_DIGEST_LENGTH_BYTES) != 0) // SHA1 if (CRYPTO_memcmp(buff.contents() + buff.rpos(), rs->Result.ToByteArray<20>(false).data(), Acore::Crypto::Constants::SHA1_DIGEST_LENGTH_BYTES) != 0)
{ {
LOG_DEBUG("warden", "RESULT MPQ_CHECK fail, CheckId {} account Id {}", checkId, _session->GetAccountId()); LOG_DEBUG("warden", "RESULT MPQ_CHECK fail, CheckId {} account Id {}", checkId, _session->GetAccountId());
checkFailed = checkId; checkFailed = checkId;