From 2b1a028b3de69fb61af374c246613600ade1ae64 Mon Sep 17 00:00:00 2001
From: Gent <gentsemaj@live.com>
Date: Sat, 12 Sep 2020 11:41:31 -0400
Subject: [PATCH] Validate cookie data

---
 src/CNLoginServer.cpp | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/CNLoginServer.cpp b/src/CNLoginServer.cpp
index e1ac611..982f2a3 100644
--- a/src/CNLoginServer.cpp
+++ b/src/CNLoginServer.cpp
@@ -30,13 +30,17 @@ void CNLoginServer::handlePacket(CNSocket* sock, CNPacketData* data) {
             std::string userPassword((char*)login->szCookie_authid);
 
             /*
-             * The std::string -> char* -> std::string maneuver should remove any
-             * trailing garbage after the null terminator.
-             */
-            if (userLogin.length() == 0)
+            * Sometimes the client sends garbage cookie data.
+            * Validate it as normal credentials instead of using a length check before falling back.
+            */
+            if (!CNLoginServer::isLoginDataGood(userLogin, userPassword)) {
+                /*
+                 * The std::string -> char* -> std::string maneuver should remove any
+                 * trailing garbage after the null terminator.
+                 */
                 userLogin = std::string(U16toU8(login->szID).c_str());
-            if (userPassword.length() == 0)
                 userPassword = std::string(U16toU8(login->szPassword).c_str());
+            }
 
             bool success = false;
             int errorCode = 0;