From 9d29b59db69bef02e6683704441ea528b4b96e3d Mon Sep 17 00:00:00 2001
From: killerwife <killerwife@gmail.com>
Date: Sun, 20 Oct 2024 15:33:12 +0200
Subject: [PATCH] Auth: Add safeguard against too high pin count

---
 src/realmd/AuthSocket.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/realmd/AuthSocket.cpp b/src/realmd/AuthSocket.cpp
index 0f8ab81ed2..0969cc0b65 100644
--- a/src/realmd/AuthSocket.cpp
+++ b/src/realmd/AuthSocket.cpp
@@ -583,7 +583,7 @@ bool AuthSocket::_HandleLogonProof()
                 std::shared_ptr<uint8> pinCount = std::make_shared<uint8>();
                 self->Read((char*)pinCount.get(), sizeof(uint8), [self, pinCount, lp](const boost::system::error_code& error, std::size_t read)
                 {
-                    if (error)
+                    if (error || *pinCount > 16)
                     {
                         self->Write(logonProofUnknownAccountPinInvalid, sizeof(logonProofUnknownAccountPinInvalid), [self](const boost::system::error_code& error, std::size_t read) { self->Close();});
                         return;