Changeset - r25236:0bc989768444
Parent rev.
Child rev.
[Not reviewed]
master
0 1 0
rubidium42 - 3 years ago 2021-04-23 17:27:48
rubidium@openttd.org
Add: [Network] Validate the client name when receiving one from the server

This so names from other clients are known valid in the client as well, instead allowing some compromised/bad server to potentially crash clients upon certain expectations.
1 file changed with 4 insertions and 0 deletions:
src/network/network_client.cpp
4
0 comments (0 inline, 0 general)
src/network/network_client.cpp
Show inline comments
 
@@ -623,6 +623,10 @@ NetworkRecvStatus ClientNetworkGameSocke
 

			




	
	
	
		
 
	if (this->status < STATUS_AUTHORIZED) return NETWORK_RECV_STATUS_MALFORMED_PACKET;

			




	
	
	
		
 
	if (this->HasClientQuit()) return NETWORK_RECV_STATUS_CONN_LOST;

			




	
	
	
		
 
	/* The server validates the name when receiving it from clients, so when it is wrong

			




	
	
	
		
 
	 * here something went really wrong. In the best case the packet got malformed on its

			




	
	
	
		
 
	 * way too us, in the worst case the server is broken or compromised. */

			




	
	
	
		
 
	if (!NetworkIsValidClientName(name)) return NETWORK_RECV_STATUS_MALFORMED_PACKET;

			




	
	
	
		
 

			




	
	
	
		
 
	ci = NetworkClientInfo::GetByClientID(client_id);

			




	
	
	
		
 
	if (ci != nullptr) {

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: code.theleruby.com-48
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2022 by various authors & licensed under GPLv3.
            – Support