From 3fadd9f8d685943ea00c6b260c4cdd71a2b17288 Mon Sep 17 00:00:00 2001
From: killerwife <killerwife@gmail.com>
Date: Wed, 24 Jul 2024 22:18:44 +0200
Subject: [PATCH] Anticheat: Safeguard length against unsafe access in
 WARDEN_CMSG_CHEAT_CHECKS_RESULT

---
 src/game/Anticheat/module/Warden/warden.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/game/Anticheat/module/Warden/warden.cpp b/src/game/Anticheat/module/Warden/warden.cpp
index 68c0a172c76..67a596e377e 100644
--- a/src/game/Anticheat/module/Warden/warden.cpp
+++ b/src/game/Anticheat/module/Warden/warden.cpp
@@ -418,6 +418,14 @@ void Warden::HandlePacket(WorldPacket& recvData)
                 uint32 checksum;
                 recvData >> length >> checksum;
 
+                if (length > (recvData.size() - (recvData.rpos() + 1)))
+                {
+                    recvData.rpos(recvData.wpos());
+                    _anticheat->RecordCheatInternal(CheatType::CHEAT_TYPE_WARDEN, "Packet checksum length fail");
+                    _session->KickPlayer();
+                    return;
+                }
+
                 if (BuildChecksum(recvData.contents() + recvData.rpos(), length) != checksum)
                 {
                     recvData.rpos(recvData.wpos());