Browse files

[mr3176] Fix incorrect input length limits

There is one incorrect field length related to guilds in the database, which can be used to cause an overflow client-side, by sending CMSG_GUILD_INFO_TEXT with long strings.

The guild information has the same 500 characters client-side limit as the guild bank tab information, but on server-side it can be 65k characters long. A lengthy guild info makes the whole Guild panel unusable.

Length of the other fields match the client's limits in the database: guild bank tab name (16), public note (31), officer note (31), motd (128), guild bank tab info (500).

Picked from TC, author DDuarte.
  • Loading branch information...
1 parent d3cba57 commit dbf47a62ddaccffeaa3be955173991894f39b9e3 @boxa boxa committed Jan 12, 2014
Showing with 3 additions and 1 deletion.
  1. +2 −0 sql_mr/mr03176_characters_guild.sql
  2. +1 −1 src/shared/revision_R2.h
2 sql_mr/mr03176_characters_guild.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `guild` CHANGE `info` `info` VARCHAR(500) NOT NULL DEFAULT '';
2 src/shared/revision_R2.h
@@ -1,4 +1,4 @@
#ifndef __REVISION_R2_H__
#define __REVISION_R2_H__
- #define REVISION_R2 "3175"
+ #define REVISION_R2 "3176"
#endif // __REVISION_R2_H__

0 comments on commit dbf47a6

Please sign in to comment.