thirdpartymirrors/RingRacers
1
0
Fork 0
mirror of https://github.com/KartKrewDev/RingRacers.git synced 2026-04-27 04:21:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Instead of using gamemap, make client-client challenges more resistant by including IP

Browse source
This commit is contained in:
AJ Martinez 2023-03-23 04:28:17 -07:00 committed by James R
parent 96a71bb60d
commit f0e6e5c962
1 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/d_clisrv.c
View file

@ -5328,7 +5328,7 @@ static void HandlePacketFromPlayer(SINT8 node)
int challengeplayers; int challengeplayers;
time_t now, then; time_t now, then;
INT16 sentmap; // if gamemap ever needs to change type, god forbid, change this too UINT32 claimedIP;
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll)); memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll));
@ -5343,11 +5343,14 @@ static void HandlePacketFromPlayer(SINT8 node)
break; break;
} }
memcpy(&sentmap, lastChallengeAll + sizeof(then), sizeof(sentmap)); memcpy(&claimedIP, lastChallengeAll + sizeof(then), sizeof(claimedIP));
CONS_Printf("Got map %hd, current map %hd\n", sentmap, gamemap); UINT32 realIP = *I_GetNodeAddressInt(servernode);
if (sentmap != gamemap)
CONS_Printf("Got IP %u, known IP %u\n", claimedIP, gamemap);
if (realIP != claimedIP && IsExternalAddress(&realIP))
{ {
HandleSigfail("Bad challenge - wrong gamemap"); HandleSigfail("Bad challenge - server claimed wrong IP");
break; break;
} }
@ -6332,8 +6335,6 @@ static void UpdateChallenges(void)
memset(knownWhenChallenged, 0, sizeof(knownWhenChallenged)); memset(knownWhenChallenged, 0, sizeof(knownWhenChallenged));
// Random noise so it's difficult to reuse the response
// Current time so that difficult to reuse the challenge
time_t now = time(NULL); time_t now = time(NULL);
#ifdef DEVELOP #ifdef DEVELOP
if (cv_badchallengetime.value) if (cv_badchallengetime.value)
@ -6343,10 +6344,10 @@ static void UpdateChallenges(void)
now = 0; now = 0;
} }
#endif #endif
CONS_Printf("now: %ld, gamemap: %hd\n", now, gamemap); CONS_Printf("now: %ld, ip: %u\n", now, ourIP);
csprng(netbuffer->u.challengeall.secret, sizeof(netbuffer->u.challengeall.secret)); csprng(netbuffer->u.challengeall.secret, sizeof(netbuffer->u.challengeall.secret)); // Random noise so the client can't guess...
memcpy(netbuffer->u.challengeall.secret, &now, sizeof(now)); // First few bytes are the timestamp... memcpy(netbuffer->u.challengeall.secret, &now, sizeof(now)); // ...timestamp...
memcpy(netbuffer->u.challengeall.secret + sizeof(now), &gamemap, sizeof(gamemap)); // And the next two are the current map. (TODO: This works but I don't think it's doing what I think it's doing, pointers suck.) memcpy(netbuffer->u.challengeall.secret + sizeof(now), &ourIP, sizeof(ourIP)); // ...and server IP so the server can't reuse it.
memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll)); memcpy(lastChallengeAll, netbuffer->u.challengeall.secret, sizeof(lastChallengeAll));