From e035660150390bbcc54f9f3f05909a752a5b37fa Mon Sep 17 00:00:00 2001
From: Fryguy <fryguy503@gmail.com>
Date: Mon, 8 Jan 2024 23:24:15 -0500
Subject: [PATCH] [Crash Fix] Character Creation Class/Race out of Range.
 (#3920)

* [Crash Fix] Character Creation Class/Race out of Range.

Known bug to crash the world server from character creation.

You can send a packet with a manual race or class entry below 0 or above 255 will cause world crash.

* Requested changes

* Compile fixes and logging change

* Fixed compile issues
---
 world/client.cpp | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/world/client.cpp b/world/client.cpp
index dae48d94d..5431da7b8 100644
--- a/world/client.cpp
+++ b/world/client.cpp
@@ -35,6 +35,7 @@
 #include "../common/random.h"
 #include "../common/shareddb.h"
 #include "../common/opcodemgr.h"
+#include "../common/data_verification.h"
 
 #include "client.h"
 #include "worlddb.h"
@@ -535,10 +536,21 @@ bool Client::HandleNameApprovalPacket(const EQApplicationPacket *app)
 	}
 
 	auto length = snprintf(char_name, 64, "%s", (char*)app->pBuffer);
-	uchar race = app->pBuffer[64];
-	uchar clas = app->pBuffer[68];
 
-	LogInfo("Name approval request. Name=[{}], race=[{}], class=[{}]", char_name, GetRaceIDName(race), GetClassIDName(clas));
+	uchar race_selection  = app->pBuffer[64];
+	uchar class_selection = app->pBuffer[68];
+
+	if (!IsPlayerRace(race_selection)) {
+		LogInfo("Invalid Race ID.");
+		return false;
+	}
+
+	if (!EQ::ValueWithin(class_selection, Class::Warrior, Class::Berserker)) {
+		LogInfo("Invalid Class ID.");
+		return false;
+	}
+	
+	LogInfo("Name approval request. Name=[{}], race_selection=[{}], class=[{}]", char_name, GetRaceIDName(race_selection), GetClassIDName(class_selection));
 
 	EQApplicationPacket *outapp;
 	outapp = new EQApplicationPacket;