Techwizz/pvpgn-server
1
0
Fork 0
Code Issues68 Pull requests2 Projects Releases8 Packages Wiki Activity Actions

WOL login possible with any password (pgsql storage) #427

New issue
Open
opened 2020-11-14 05:27:47 -07:00 by use-strict · 0 comments
use-strict commented 2020-11-14 05:27:47 -07:00 (Migrated from github.com)

Whenever the server is (re)started, it's possible to log in using any password for any existing nickname. Server is configured with storage set to pgsql. What seems to happen is that passwords (apgar hash) aren't loaded from the wol db table. When the user logs in, no password exists in account attrs and so it is assumed to be a new account, ending up overwriting the old password with the new (incorrect) one.

This line https://github.com/pvpgn/pvpgn-server/blob/master/src/bnetd/handle_wol.cpp#L235 doesn't return anything, and we end up in the "Account auto-creating" branch.

I've tracked the responsible code to this line:
https://github.com/pvpgn/pvpgn-server/blob/master/src/bnetd/sql_common.cpp#L70

Issue seems to be fixed simply by adding the "WOL" string to the list.

Whenever the server is (re)started, it's possible to log in using any password for any existing nickname. Server is configured with storage set to pgsql. What seems to happen is that passwords (apgar hash) aren't loaded from the `wol` db table. When the user logs in, no password exists in account attrs and so it is assumed to be a new account, ending up overwriting the old password with the new (incorrect) one. This line https://github.com/pvpgn/pvpgn-server/blob/master/src/bnetd/handle_wol.cpp#L235 doesn't return anything, and we end up in the "Account auto-creating" branch. I've tracked the responsible code to this line: https://github.com/pvpgn/pvpgn-server/blob/master/src/bnetd/sql_common.cpp#L70 Issue seems to be fixed simply by adding the `"WOL"` string to the list.
👀 1
Sign in to join this conversation.
No labels
bug
duplicate
enhancement
help wanted
in progress...
information
invalid
not enough info
priority high
priority low
priority normal
question
request
research
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Techwizz/pvpgn-server#427
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?