thirdpartymirrors/RingRacers
1
0
Fork 0
mirror of https://github.com/KartKrewDev/RingRacers.git synced 2025-10-30 08:01:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

It's mediocre security fixup time

Browse source
This commit is contained in:
AJ Martinez 2023-03-22 00:45:01 -07:00 committed by James R
parent f9832eb77f
commit a57901babf
1 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/d_clisrv.c
View file

@ -4713,6 +4713,11 @@ static void HandlePacketFromAwayNode(SINT8 node)
}
break;
case PT_SERVERCHALLENGE:
if (server && serverrunning && node != servernode)
{
Net_CloseConnection(node);
break;
}
if (cl_mode != CL_WAITCHALLENGE)
break;
memcpy(awaitingChallenge, netbuffer->u.serverchallenge.secret, sizeof(awaitingChallenge));
@ -5250,14 +5255,17 @@ static void HandlePacketFromPlayer(SINT8 node)
CL_PrepareDownloadLuaFile();
break;
case PT_CHALLENGEALL: ; // -Wpedantic
int challengeplayers;
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll));
if (server)
break;
if (demo.playback)
break;
if (node != servernode)
break;
int challengeplayers;
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll));
netbuffer->packettype = PT_RESPONSEALL;
@ -5355,6 +5363,9 @@ static void HandlePacketFromPlayer(SINT8 node)
if (server)
break;
if (node != servernode)
break;
if (!expectChallenge)
break;
@ -6234,11 +6245,13 @@ static void UpdateChallenges(void)
}
#endif
memset(knownWhenChallenged, 0, sizeof(knownWhenChallenged));
// Random noise so it's difficult to reuse the response
// Current time so that difficult to reuse the challenge (TODO: ACTUALLY DO THIS)
const time_t now = time(NULL);
CONS_Printf("now: %d\n", now);
csprng(netbuffer->u.serverchallenge.secret, sizeof(netbuffer->u.serverchallenge.secret));
// Why the fuck doesn't this work
// memcpy(netbuffer->u.serverchallenge.secret, time(NULL), sizeof(int));
memcpy(lastChallengeAll, netbuffer->u.serverchallenge.secret, sizeof(lastChallengeAll));
@ -6250,6 +6263,7 @@ static void UpdateChallenges(void)
{
CONS_Printf("challenge to node %d, player %d\n", i, nodetoplayer[i]);
HSendPacket(i, true, 0, sizeof(serverchallenge_pak));
memcpy(knownWhenChallenged[nodetoplayer[i]], players[nodetoplayer[i]].public_key, sizeof(knownWhenChallenged[nodetoplayer[i]]));
}
}
}
@ -6265,10 +6279,13 @@ static void UpdateChallenges(void)
continue;
if (memcmp(lastReceivedSignature[i], allZero, sizeof(allZero)) == 0) // We never got a response!
{
if (!IsPlayerGuest(i))
if (!IsPlayerGuest(i) && memcmp(knownWhenChallenged[i], players[i].public_key, sizeof(knownWhenChallenged[i]) == 0))
{
CONS_Printf("We never got a response from player %d, goodbye\n", i);
SendKick(i, KICK_MSG_SIGFAIL);
if (playernode[i] != servernode)
{
CONS_Printf("We never got a response from player %d, goodbye\n", i);
SendKick(i, KICK_MSG_SIGFAIL);
}
}
}
}