asgardius/virtualx-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6741 from Faless/network_no_spoof

Browse source 
Better checks for Multiplayer API, prevent packet source spoofing.
This commit is contained in:
Rémi Verschelde 2016-10-09 14:52:35 +02:00 committed by GitHub
commit 20773733ca
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
modules/enet/networked_multiplayer_enet.cpp
View file

@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){
//some config message //some config message
ERR_CONTINUE( event.packet->dataLength < 8); ERR_CONTINUE( event.packet->dataLength < 8);
// Only server can send config messages
ERR_CONTINUE( server );
int msg = decode_uint32(&event.packet->data[0]); int msg = decode_uint32(&event.packet->data[0]);
int id = decode_uint32(&event.packet->data[4]); int id = decode_uint32(&event.packet->data[4]);
@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){
Packet packet; Packet packet;
packet.packet = event.packet; packet.packet = event.packet;
int *id = (int*)event.peer -> data; uint32_t *id = (uint32_t*)event.peer->data;
ERR_CONTINUE(event.packet->dataLength<12) ERR_CONTINUE(event.packet->dataLength<12)
@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){
packet.from=source; packet.from=source;
if (server) { if (server) {
// Someone is cheating and trying to fake the source!
ERR_CONTINUE(source!=*id);
packet.from=*id; packet.from=*id;