- Joined
- Jul 6, 2013
- Messages
- 1,224
- Reaction score
- 506
Hey guys, i'm wondering if anyone knows the fix for this:
Some 3rd party is crashing the auth of the server by entering usernames that have characters that are not taken by the Auth.
We've tested it by making an account with chinese letters and then spam log it. Indeed, the auth crashed.
We tried changing auths, updating protocols etc.. but it doesn't seem to work.
Is there anywhere in the client where we can lock certain combinations from being entered in the username field?
Or are we just looking the complete wrong way on this issue?
Thnx
Code:
gauthd: 17 Apr 2015 12:12:15,286 INFO GAuthServer:? - UserLogin:userid=6160,sid=44419,aid=1,zoneid=1,remaintime=0,free_time_left=0,free_time_end=0,func=0,funcparm=0,creatime=1428396641,adduppoint=0,soldpoint=0GQueryPasswd:account is xiaoÄshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
at application.procedure.handler.execute(handler.java:197)
at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
at protocol.MatrixPasswd.Server(Unknown Source)
at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
at com.goldhuman.Common.ThreadPool.run(Unknown Source)
at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoÄshu
gauthd: 17 Apr 2015 12:13:32,360 INFO GAuthServer:? - GQueryPasswd:can not find user xiaoÄshu
Prepare procedure call:{call recordoffline(?,?,?,?,?)}
gauthd: 17 Apr 2015 12:13:33,886 INFO GAuthServer:? - UserLogout::User 29056 logout successfully.
GQueryPasswd:account is xiaoÄshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
at application.procedure.handler.execute(handler.java:197)
at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
at protocol.MatrixPasswd.Server(Unknown Source)
at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
at com.goldhuman.Common.ThreadPool.run(Unknown Source)
at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoÄshu
gauthd: 17 Apr 2015 12:13:36,066 INFO GAuthServer:? - GQueryPasswd:can not find user xiaoÄshu
GQueryPasswd:account is xiaoÄshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 198
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
at application.procedure.handler.execute(handler.java:197)
at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
at protocol.MatrixPasswd.Server(Unknown Source)
at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
at com.goldhuman.Common.ThreadPool.run(Unknown Source)
at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoÄshu
gauthd: 17 Apr 2015 12:13:39,527 INFO GAuthServer:? - GQueryPasswd:can not find user xiaoÄshu
Some 3rd party is crashing the auth of the server by entering usernames that have characters that are not taken by the Auth.
We've tested it by making an account with chinese letters and then spam log it. Indeed, the auth crashed.
We tried changing auths, updating protocols etc.. but it doesn't seem to work.
Is there anywhere in the client where we can lock certain combinations from being entered in the username field?
Or are we just looking the complete wrong way on this issue?
Thnx