From 204a558402678ad1b120397ea5da20b5695842a7 Mon Sep 17 00:00:00 2001 From: shennetsind Date: Sat, 20 Sep 2014 21:40:00 -0300 Subject: Fixed Bug 7926 Login server will now reject login requests with empty userids. Special Thanks to Haruna, Kisuka! http://hercules.ws/board/tracker/issue-7926-login-and-password-empty/ Signed-off-by: shennetsind --- src/login/login.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/login/login.c b/src/login/login.c index c8e219602..828afb22b 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -995,6 +995,11 @@ int mmo_auth(struct login_session_data* sd, bool isServer) { return result;// Failed to make account. [Skotlex]. } } + + if( len <= 0 ) { /** a empty password is fine, a userid is not. **/ + ShowNotice("Empty userid (received pass: '%s', ip: %s)\n", sd->passwd, ip); + return 0; // 0 = Unregistered ID + } if( !accounts->load_str(accounts, &acc, sd->userid) ) { ShowNotice("Unknown account (account: %s, received pass: %s, ip: %s)\n", sd->userid, sd->passwd, ip); -- cgit v1.2.3-70-g09d2