Better checks for Multiplayer API, prevent packet source spoofing.
Fixes the following problems. A malicious client was able to contact another peer faking its identity (even looking like he was the server). A malicious client was able to force other client disconnections by sending bogus system packets to the server.
This commit is contained in:
parent
1f9e16119f
commit
b80d72e662
1 changed files with 6 additions and 1 deletions
|
@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){
|
||||||
//some config message
|
//some config message
|
||||||
ERR_CONTINUE( event.packet->dataLength < 8);
|
ERR_CONTINUE( event.packet->dataLength < 8);
|
||||||
|
|
||||||
|
// Only server can send config messages
|
||||||
|
ERR_CONTINUE( server );
|
||||||
|
|
||||||
int msg = decode_uint32(&event.packet->data[0]);
|
int msg = decode_uint32(&event.packet->data[0]);
|
||||||
int id = decode_uint32(&event.packet->data[4]);
|
int id = decode_uint32(&event.packet->data[4]);
|
||||||
|
|
||||||
|
@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){
|
||||||
Packet packet;
|
Packet packet;
|
||||||
packet.packet = event.packet;
|
packet.packet = event.packet;
|
||||||
|
|
||||||
int *id = (int*)event.peer -> data;
|
uint32_t *id = (uint32_t*)event.peer->data;
|
||||||
|
|
||||||
ERR_CONTINUE(event.packet->dataLength<12)
|
ERR_CONTINUE(event.packet->dataLength<12)
|
||||||
|
|
||||||
|
@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){
|
||||||
packet.from=source;
|
packet.from=source;
|
||||||
|
|
||||||
if (server) {
|
if (server) {
|
||||||
|
// Someone is cheating and trying to fake the source!
|
||||||
|
ERR_CONTINUE(source!=*id);
|
||||||
|
|
||||||
packet.from=*id;
|
packet.from=*id;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue