Merge pull request #6741 from Faless/network_no_spoof

Better checks for Multiplayer API, prevent packet source spoofing.
author: Rémi Verschelde <remi@verschelde.fr> 2016-10-09 14:52:35 +0200
committer: GitHub <noreply@github.com> 2016-10-09 14:52:35 +0200
commit: 20773733ca59d4860caa61b2bab5f469a2f5b7aa (patch)
tree: 1d06b934fd4ff81b9561aa71d54d47a08366d117
parent: bff13f395001a76de6e67e88a0df8a326e15429b (diff)
parent: b80d72e662339fe43552a16e64a1a7d531428f22 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/enet/networked_multiplayer_enet.cpp b/modules/enet/networked_multiplayer_enet.cpp
index c1dc72a32f..ac89c0e9e9 100644
--- a/modules/enet/networked_multiplayer_enet.cpp
+++ b/modules/enet/networked_multiplayer_enet.cpp
@@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){
 					//some config message
 					ERR_CONTINUE( event.packet->dataLength < 8);
 
+					// Only server can send config messages
+					ERR_CONTINUE( server );
+
 					int msg = decode_uint32(&event.packet->data[0]);
 					int id = decode_uint32(&event.packet->data[4]);
 
@@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){
 					Packet packet;
 					packet.packet = event.packet;
 
-					int *id = (int*)event.peer -> data;
+					uint32_t *id = (uint32_t*)event.peer->data;
 
 					ERR_CONTINUE(event.packet->dataLength<12)
 
@@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){
 					packet.from=source;
 
 					if (server) {
+						// Someone is cheating and trying to fake the source!
+						ERR_CONTINUE(source!=*id);
 
 						packet.from=*id;
author	Rémi Verschelde <remi@verschelde.fr>	2016-10-09 14:52:35 +0200
committer	GitHub <noreply@github.com>	2016-10-09 14:52:35 +0200
commit	20773733ca59d4860caa61b2bab5f469a2f5b7aa (patch)
tree	1d06b934fd4ff81b9561aa71d54d47a08366d117
parent	bff13f395001a76de6e67e88a0df8a326e15429b (diff)
parent	b80d72e662339fe43552a16e64a1a7d531428f22 (diff)