From 6be413bd7e3c85a8835b562bd8cced7e833ecbd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kyle=20=F0=9F=90=86?= Date: Tue, 17 Feb 2026 13:09:40 -0500 Subject: [PATCH] Fix duplicateExit authorization bypass --- src/servers/CNLoginServer.cpp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/servers/CNLoginServer.cpp b/src/servers/CNLoginServer.cpp index fda4387f..4ff4a297 100644 --- a/src/servers/CNLoginServer.cpp +++ b/src/servers/CNLoginServer.cpp @@ -595,17 +595,15 @@ void CNLoginServer::changeName(CNSocket* sock, CNPacketData* data) { } void CNLoginServer::duplicateExit(CNSocket* sock, CNPacketData* data) { - // TODO: FIX THIS PACKET - sP_CL2LS_REQ_PC_EXIT_DUPLICATE* exit = (sP_CL2LS_REQ_PC_EXIT_DUPLICATE*)data->buf; Database::Account account = {}; Database::findAccount(&account, AUTOU16TOU8(exit->szID)); - // sanity check - if (account.AccountID == 0) { - std::cout << "[WARN] P_CL2LS_REQ_PC_EXIT_DUPLICATE submitted unknown username: " << exit->szID << std::endl; + if (account.AccountID == 0) + return; + + if (loginSessions.find(sock) == loginSessions.end() || loginSessions[sock].userID != account.AccountID) return; - } exitDuplicate(account.AccountID); }