Merge pull request #6741 from Faless/network_no_spoof

Better checks for Multiplayer API, prevent packet source spoofing.
2016-10-09 14:52:35 +02:00 · 2016-10-09 14:52:35 +02:00 · 20773733ca
commit 20773733ca
parent bff13f3950 b80d72e662
1 changed files with 6 additions and 1 deletions
--- a/modules/enet/networked_multiplayer_enet.cpp
+++ b/modules/enet/networked_multiplayer_enet.cpp
@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){
 					//some config message
 					ERR_CONTINUE( event.packet->dataLength < 8);

+					// Only server can send config messages
+					ERR_CONTINUE( server );
+
 					int msg = decode_uint32(&event.packet->data[0]);
 					int id = decode_uint32(&event.packet->data[4]);

@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){
 					Packet packet;
 					packet.packet = event.packet;

-					int *id = (int*)event.peer -> data;
+					uint32_t *id = (uint32_t*)event.peer->data;

 					ERR_CONTINUE(event.packet->dataLength<12)

@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){
 					packet.from=source;

 					if (server) {
+						// Someone is cheating and trying to fake the source!
+						ERR_CONTINUE(source!=*id);

 						packet.from=*id;