From dc583a6225faf5aa8e4a2891f559cc391d619fc8 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Wed, 20 Feb 2019 16:28:53 +0100 Subject: Add check to validate client IDs in ENet. Server now checks that the ID received from the client is not already used by someone else and is a valid ID (>=2) --- modules/enet/networked_multiplayer_enet.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules') diff --git a/modules/enet/networked_multiplayer_enet.cpp b/modules/enet/networked_multiplayer_enet.cpp index e53846e269..871c33bb35 100644 --- a/modules/enet/networked_multiplayer_enet.cpp +++ b/modules/enet/networked_multiplayer_enet.cpp @@ -231,6 +231,13 @@ void NetworkedMultiplayerENet::poll() { break; } + // A client joined with an invalid ID (neagtive values, 0, and 1 are reserved). + // Probably trying to exploit us. + if (server && ((int)event.data < 2 || peer_map.has((int)event.data))) { + enet_peer_reset(event.peer); + ERR_CONTINUE(true); + } + int *new_id = memnew(int); *new_id = event.data; -- cgit v1.2.3