Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=760
charserver:
CODE
// acknowledgement of account authentication request
case 0x2713:
// find the session with this account id
ARR_FIND( 0, fd_max, i, session[i] && (sd = (struct char_session_data*)session[i]->session_data) && sd->account_id == RFIFOL(fd,2) );
if( i < fd_max )
char_auth_ok(i, sd); // i = fd of client
CODE
if (online_check && (character = idb_get(online_char_db, sd->account_id)))
{ // check if character is not online already. [Skotlex]
if (character->fd >= 0 && character->fd != fd)
{ //There's already a connection from this account that hasn't picked a char yet.
WFIFOW(fd,0) = 0x81;
WFIFOB(fd,2) = 8;
WFIFOSET(fd,3);
return;
}
what happens here is, that when there are 2 people connecting with this acc, the ARR_FIND up there will find the socket/session of the first guy that's already online, and since the fd will match, the online check will let him through... making this check absolutely useless. But the connection will fail anyway, because the server will feed the char data to the player already online instead of the second client. The only problematic case would be if the session data entries would get stored in reverse order, so that both requests would succeed.
I think some sort of 'unique session id' check is needed here. Using just the account id, you will always get a positive result, as the guy who's already online is always there to find in that array.
This post has been edited by theultramage: Mar 25 2008, 03:10 AM