Added sanity checks to pincode decryption (#8404)
This commit is contained in:
Jittapan Pluemsumran
GitHub
parent
92722db3ab
commit
9267c2bf8a
@ -2158,16 +2158,23 @@ int char_pincode_compare( int fd, struct char_session_data* sd, char* pin ){
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool char_pincode_decrypt( uint32 userSeed, char* pin ){
|
||||||
void char_pincode_decrypt( uint32 userSeed, char* pin ){
|
|
||||||
int i;
|
int i;
|
||||||
char tab[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
|
char tab[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
|
||||||
char *buf;
|
char *buf;
|
||||||
|
|
||||||
|
if (safestrnlen(pin, 4) != PINCODE_LENGTH)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
for (i = 0; i < PINCODE_LENGTH; ++i) {
|
||||||
|
if (!ISDIGIT(pin[i]))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
for( i = 1; i < 10; i++ ){
|
for( i = 1; i < 10; i++ ){
|
||||||
int pos;
|
int pos;
|
||||||
uint32 multiplier = 0x3498, baseSeed = 0x881234;
|
uint32 multiplier = 0x3498, baseSeed = 0x881234;
|
||||||
|
|
||||||
userSeed = baseSeed + userSeed * multiplier;
|
userSeed = baseSeed + userSeed * multiplier;
|
||||||
pos = userSeed % ( i + 1 );
|
pos = userSeed % ( i + 1 );
|
||||||
if( i != pos ){
|
if( i != pos ){
|
||||||
@ -2184,6 +2191,8 @@ void char_pincode_decrypt( uint32 userSeed, char* pin ){
|
|||||||
}
|
}
|
||||||
strcpy( pin, buf );
|
strcpy( pin, buf );
|
||||||
aFree( buf );
|
aFree( buf );
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -318,7 +318,7 @@ int char_family(int pl1,int pl2,int pl3);
|
|||||||
int char_loadName(uint32 char_id, char* name);
|
int char_loadName(uint32 char_id, char* name);
|
||||||
int char_check_char_name(char * name, char * esc_name);
|
int char_check_char_name(char * name, char * esc_name);
|
||||||
|
|
||||||
void char_pincode_decrypt( uint32 userSeed, char* pin );
|
bool char_pincode_decrypt( uint32 userSeed, char* pin );
|
||||||
int char_pincode_compare( int fd, struct char_session_data* sd, char* pin );
|
int char_pincode_compare( int fd, struct char_session_data* sd, char* pin );
|
||||||
void char_auth_ok(int fd, struct char_session_data *sd);
|
void char_auth_ok(int fd, struct char_session_data *sd);
|
||||||
void char_set_charselect(uint32 account_id);
|
void char_set_charselect(uint32 account_id);
|
||||||
|
|||||||
@ -167,14 +167,20 @@ int chclif_parse_pincode_check( int fd, struct char_session_data* sd ){
|
|||||||
|
|
||||||
char pin[PINCODE_LENGTH+1];
|
char pin[PINCODE_LENGTH+1];
|
||||||
|
|
||||||
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id )
|
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id ) {
|
||||||
|
set_eof(fd);
|
||||||
return 1;
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
memset(pin,0,PINCODE_LENGTH+1);
|
memset(pin,0,PINCODE_LENGTH+1);
|
||||||
strncpy((char*)pin, RFIFOCP(fd, 6), PINCODE_LENGTH);
|
strncpy((char*)pin, RFIFOCP(fd, 6), PINCODE_LENGTH);
|
||||||
RFIFOSKIP(fd,10);
|
RFIFOSKIP(fd,10);
|
||||||
|
|
||||||
char_pincode_decrypt(sd->pincode_seed, pin );
|
if (!char_pincode_decrypt(sd->pincode_seed, pin )) {
|
||||||
|
set_eof(fd);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if( char_pincode_compare( fd, sd, pin ) ){
|
if( char_pincode_compare( fd, sd, pin ) ){
|
||||||
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
||||||
}
|
}
|
||||||
@ -257,28 +263,33 @@ bool pincode_allowed( char* pincode ){
|
|||||||
int chclif_parse_pincode_change( int fd, struct char_session_data* sd ){
|
int chclif_parse_pincode_change( int fd, struct char_session_data* sd ){
|
||||||
FIFOSD_CHECK(14);
|
FIFOSD_CHECK(14);
|
||||||
|
|
||||||
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id )
|
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id ) {
|
||||||
|
set_eof(fd);
|
||||||
return 1;
|
return 1;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
char oldpin[PINCODE_LENGTH+1];
|
char oldpin[PINCODE_LENGTH+1];
|
||||||
char newpin[PINCODE_LENGTH+1];
|
char newpin[PINCODE_LENGTH+1];
|
||||||
|
|
||||||
memset(oldpin,0,PINCODE_LENGTH+1);
|
memset(oldpin,0,PINCODE_LENGTH+1);
|
||||||
memset(newpin,0,PINCODE_LENGTH+1);
|
memset(newpin,0,PINCODE_LENGTH+1);
|
||||||
strncpy(oldpin, RFIFOCP(fd,6), PINCODE_LENGTH);
|
strncpy(oldpin, RFIFOCP(fd,6), PINCODE_LENGTH);
|
||||||
strncpy(newpin, RFIFOCP(fd,10), PINCODE_LENGTH);
|
strncpy(newpin, RFIFOCP(fd,10), PINCODE_LENGTH);
|
||||||
RFIFOSKIP(fd,14);
|
RFIFOSKIP(fd,14);
|
||||||
|
|
||||||
char_pincode_decrypt(sd->pincode_seed,oldpin);
|
if (!char_pincode_decrypt(sd->pincode_seed,oldpin) || !char_pincode_decrypt(sd->pincode_seed,newpin)) {
|
||||||
|
set_eof(fd);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if( !char_pincode_compare( fd, sd, oldpin ) )
|
if( !char_pincode_compare( fd, sd, oldpin ) )
|
||||||
return 1;
|
return 1;
|
||||||
char_pincode_decrypt(sd->pincode_seed,newpin);
|
|
||||||
|
|
||||||
if( pincode_allowed(newpin) ){
|
if( pincode_allowed(newpin) ){
|
||||||
chlogif_pincode_notifyLoginPinUpdate( sd->account_id, newpin );
|
chlogif_pincode_notifyLoginPinUpdate( sd->account_id, newpin );
|
||||||
strncpy(sd->pincode, newpin, sizeof(newpin));
|
strncpy(sd->pincode, newpin, sizeof(newpin));
|
||||||
ShowInfo("Pincode changed for AID: %d\n", sd->account_id);
|
ShowInfo("Pincode changed for AID: %d\n", sd->account_id);
|
||||||
|
|
||||||
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
||||||
}else{
|
}else{
|
||||||
chclif_pincode_sendstate( fd, sd, PINCODE_ILLEGAL );
|
chclif_pincode_sendstate( fd, sd, PINCODE_ILLEGAL );
|
||||||
@ -293,21 +304,26 @@ int chclif_parse_pincode_change( int fd, struct char_session_data* sd ){
|
|||||||
int chclif_parse_pincode_setnew( int fd, struct char_session_data* sd ){
|
int chclif_parse_pincode_setnew( int fd, struct char_session_data* sd ){
|
||||||
FIFOSD_CHECK(10);
|
FIFOSD_CHECK(10);
|
||||||
|
|
||||||
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id )
|
if( charserv_config.pincode_config.pincode_enabled==0 || RFIFOL(fd,2) != sd->account_id ) {
|
||||||
|
set_eof(fd);
|
||||||
return 1;
|
return 1;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
char newpin[PINCODE_LENGTH+1];
|
char newpin[PINCODE_LENGTH+1];
|
||||||
memset(newpin,0,PINCODE_LENGTH+1);
|
memset(newpin,0,PINCODE_LENGTH+1);
|
||||||
strncpy( newpin, RFIFOCP(fd,6), PINCODE_LENGTH );
|
strncpy( newpin, RFIFOCP(fd,6), PINCODE_LENGTH );
|
||||||
RFIFOSKIP(fd,10);
|
RFIFOSKIP(fd,10);
|
||||||
|
|
||||||
char_pincode_decrypt( sd->pincode_seed, newpin );
|
if (!char_pincode_decrypt( sd->pincode_seed, newpin )) {
|
||||||
|
set_eof(fd);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if( pincode_allowed(newpin) ){
|
if( pincode_allowed(newpin) ){
|
||||||
chlogif_pincode_notifyLoginPinUpdate( sd->account_id, newpin );
|
chlogif_pincode_notifyLoginPinUpdate( sd->account_id, newpin );
|
||||||
strncpy( sd->pincode, newpin, sizeof( newpin ) );
|
strncpy( sd->pincode, newpin, sizeof( newpin ) );
|
||||||
|
|
||||||
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
chclif_pincode_sendstate( fd, sd, PINCODE_PASSED );
|
||||||
}else{
|
}else{
|
||||||
chclif_pincode_sendstate( fd, sd, PINCODE_ILLEGAL );
|
chclif_pincode_sendstate( fd, sd, PINCODE_ILLEGAL );
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user