summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabio Alessandrelli <fabio.alessandrelli@gmail.com>2016-10-07 16:44:53 +0200
committerFabio Alessandrelli <fabio.alessandrelli@gmail.com>2016-10-07 16:48:55 +0200
commitb80d72e662339fe43552a16e64a1a7d531428f22 (patch)
tree463ff2568a6ab39482179d2088845060a12b095f
parent1f9e16119f2b17fa507bdee8529459ed91f27b8c (diff)
Better checks for Multiplayer API, prevent packet source spoofing.
Fixes the following problems. A malicious client was able to contact another peer faking its identity (even looking like he was the server). A malicious client was able to force other client disconnections by sending bogus system packets to the server.
-rw-r--r--modules/enet/networked_multiplayer_enet.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/enet/networked_multiplayer_enet.cpp b/modules/enet/networked_multiplayer_enet.cpp
index 4134ed037f..265b4bee7f 100644
--- a/modules/enet/networked_multiplayer_enet.cpp
+++ b/modules/enet/networked_multiplayer_enet.cpp
@@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){
//some config message
ERR_CONTINUE( event.packet->dataLength < 8);
+ // Only server can send config messages
+ ERR_CONTINUE( server );
+
int msg = decode_uint32(&event.packet->data[0]);
int id = decode_uint32(&event.packet->data[4]);
@@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){
Packet packet;
packet.packet = event.packet;
- int *id = (int*)event.peer -> data;
+ uint32_t *id = (uint32_t*)event.peer->data;
ERR_CONTINUE(event.packet->dataLength<12)
@@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){
packet.from=source;
if (server) {
+ // Someone is cheating and trying to fake the source!
+ ERR_CONTINUE(source!=*id);
packet.from=*id;