summaryrefslogtreecommitdiff
path: root/src/char/char.c
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2015-07-05 00:17:35 +0300
committerAndrei Karas <akaras@inbox.ru>2015-08-05 15:54:00 +0300
commit838321a36c79e71117320154c9b611c99e93af03 (patch)
tree409793dfd26296feeed7b14d4a4a4e489833028d /src/char/char.c
parent2c1976035dd87ce630fc0ec1feae20be54d8f2d5 (diff)
downloadhercules-838321a36c79e71117320154c9b611c99e93af03.tar.gz
hercules-838321a36c79e71117320154c9b611c99e93af03.tar.bz2
hercules-838321a36c79e71117320154c9b611c99e93af03.tar.xz
hercules-838321a36c79e71117320154c9b611c99e93af03.zip
Add checks for servers ip address in inter server connections.
If ip not in configured subnet, connection refused. This can protect servers from brutforcing attacks.
Diffstat (limited to 'src/char/char.c')
-rw-r--r--src/char/char.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/char/char.c b/src/char/char.c
index 5f5dad539..7b1078e37 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -4959,18 +4959,20 @@ void char_login_map_server_ack(int fd, uint8 flag)
WFIFOSET(fd,3);
}
-void char_parse_char_login_map_server(int fd)
+void char_parse_char_login_map_server(int fd, uint32 ipl)
{
char* l_user = (char*)RFIFOP(fd,2);
char* l_pass = (char*)RFIFOP(fd,26);
int i;
l_user[23] = '\0';
l_pass[23] = '\0';
+
ARR_FIND( 0, ARRAYLENGTH(chr->server), i, chr->server[i].fd <= 0 );
- if( runflag != CHARSERVER_ST_RUNNING ||
+ if (runflag != CHARSERVER_ST_RUNNING ||
i == ARRAYLENGTH(chr->server) ||
strcmp(l_user, chr->userid) != 0 ||
- strcmp(l_pass, chr->passwd) != 0 )
+ strcmp(l_pass, chr->passwd) != 0 ||
+ !chr->lan_subnetcheck(ipl))
{
chr->login_map_server_ack(fd, 3); // Failure
} else {
@@ -5220,7 +5222,7 @@ int char_parse_char(int fd)
if (RFIFOREST(fd) < 60)
return 0;
{
- chr->parse_char_login_map_server(fd);
+ chr->parse_char_login_map_server(fd, ipl);
}
return 0; // avoid processing of follow-up packets here