From b80d72e662339fe43552a16e64a1a7d531428f22 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Fri, 7 Oct 2016 16:44:53 +0200 Subject: [PATCH] Better checks for Multiplayer API, prevent packet source spoofing. Fixes the following problems. A malicious client was able to contact another peer faking its identity (even looking like he was the server). A malicious client was able to force other client disconnections by sending bogus system packets to the server. --- modules/enet/networked_multiplayer_enet.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/enet/networked_multiplayer_enet.cpp b/modules/enet/networked_multiplayer_enet.cpp index 4134ed037f4f..265b4bee7fd3 100644 --- a/modules/enet/networked_multiplayer_enet.cpp +++ b/modules/enet/networked_multiplayer_enet.cpp @@ -208,6 +208,9 @@ void NetworkedMultiplayerENet::poll(){ //some config message ERR_CONTINUE( event.packet->dataLength < 8); + // Only server can send config messages + ERR_CONTINUE( server ); + int msg = decode_uint32(&event.packet->data[0]); int id = decode_uint32(&event.packet->data[4]); @@ -231,7 +234,7 @@ void NetworkedMultiplayerENet::poll(){ Packet packet; packet.packet = event.packet; - int *id = (int*)event.peer -> data; + uint32_t *id = (uint32_t*)event.peer->data; ERR_CONTINUE(event.packet->dataLength<12) @@ -243,6 +246,8 @@ void NetworkedMultiplayerENet::poll(){ packet.from=source; if (server) { + // Someone is cheating and trying to fake the source! + ERR_CONTINUE(source!=*id); packet.from=*id;