thirdpartymirrors/RingRacers
1
0
Fork 0
mirror of https://github.com/KartKrewDev/RingRacers.git synced 2025-10-30 08:01:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

It's mediocre security fixup time

Browse source
This commit is contained in:
AJ Martinez 2023-03-22 00:45:01 -07:00 committed by James R
parent f9832eb77f
commit a57901babf
1 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/d_clisrv.c
View file

@ -4713,6 +4713,11 @@ static void HandlePacketFromAwayNode(SINT8 node)
} }
break; break;
case PT_SERVERCHALLENGE: case PT_SERVERCHALLENGE:
if (server && serverrunning && node != servernode)
{
Net_CloseConnection(node);
break;
}
if (cl_mode != CL_WAITCHALLENGE) if (cl_mode != CL_WAITCHALLENGE)
break; break;
memcpy(awaitingChallenge, netbuffer->u.serverchallenge.secret, sizeof(awaitingChallenge)); memcpy(awaitingChallenge, netbuffer->u.serverchallenge.secret, sizeof(awaitingChallenge));
@ -5250,8 +5255,8 @@ static void HandlePacketFromPlayer(SINT8 node)
CL_PrepareDownloadLuaFile(); CL_PrepareDownloadLuaFile();
break; break;
case PT_CHALLENGEALL: ; // -Wpedantic case PT_CHALLENGEALL: ; // -Wpedantic
int challengeplayers; if (server)
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll)); break;
if (demo.playback) if (demo.playback)
break; break;
@ -5259,6 +5264,9 @@ static void HandlePacketFromPlayer(SINT8 node)
if (node != servernode) if (node != servernode)
break; break;
int challengeplayers;
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll));
netbuffer->packettype = PT_RESPONSEALL; netbuffer->packettype = PT_RESPONSEALL;
#ifdef DEVELOP #ifdef DEVELOP
@ -5355,6 +5363,9 @@ static void HandlePacketFromPlayer(SINT8 node)
if (server) if (server)
break; break;
if (node != servernode)
break;
if (!expectChallenge) if (!expectChallenge)
break; break;
@ -6234,11 +6245,13 @@ static void UpdateChallenges(void)
} }
#endif #endif
memset(knownWhenChallenged, 0, sizeof(knownWhenChallenged));
// Random noise so it's difficult to reuse the response // Random noise so it's difficult to reuse the response
// Current time so that difficult to reuse the challenge (TODO: ACTUALLY DO THIS) // Current time so that difficult to reuse the challenge (TODO: ACTUALLY DO THIS)
const time_t now = time(NULL);
CONS_Printf("now: %d\n", now);
csprng(netbuffer->u.serverchallenge.secret, sizeof(netbuffer->u.serverchallenge.secret)); csprng(netbuffer->u.serverchallenge.secret, sizeof(netbuffer->u.serverchallenge.secret));
// Why the fuck doesn't this work
// memcpy(netbuffer->u.serverchallenge.secret, time(NULL), sizeof(int));
memcpy(lastChallengeAll, netbuffer->u.serverchallenge.secret, sizeof(lastChallengeAll)); memcpy(lastChallengeAll, netbuffer->u.serverchallenge.secret, sizeof(lastChallengeAll));
@ -6250,6 +6263,7 @@ static void UpdateChallenges(void)
{ {
CONS_Printf("challenge to node %d, player %d\n", i, nodetoplayer[i]); CONS_Printf("challenge to node %d, player %d\n", i, nodetoplayer[i]);
HSendPacket(i, true, 0, sizeof(serverchallenge_pak)); HSendPacket(i, true, 0, sizeof(serverchallenge_pak));
memcpy(knownWhenChallenged[nodetoplayer[i]], players[nodetoplayer[i]].public_key, sizeof(knownWhenChallenged[nodetoplayer[i]]));
} }
} }
} }
@ -6265,10 +6279,13 @@ static void UpdateChallenges(void)
continue; continue;
if (memcmp(lastReceivedSignature[i], allZero, sizeof(allZero)) == 0) // We never got a response! if (memcmp(lastReceivedSignature[i], allZero, sizeof(allZero)) == 0) // We never got a response!
{ {
if (!IsPlayerGuest(i)) if (!IsPlayerGuest(i) && memcmp(knownWhenChallenged[i], players[i].public_key, sizeof(knownWhenChallenged[i]) == 0))
{ {
CONS_Printf("We never got a response from player %d, goodbye\n", i); if (playernode[i] != servernode)
SendKick(i, KICK_MSG_SIGFAIL); {
CONS_Printf("We never got a response from player %d, goodbye\n", i);
SendKick(i, KICK_MSG_SIGFAIL);
}
} }
} }
} }