From 4c64a37e1d32ef903b096c53b848576989aaa88d Mon Sep 17 00:00:00 2001 From: Paul Chote Date: Sat, 23 Dec 2017 11:06:06 +0000 Subject: [PATCH] Reject invalid orders from unvalidated clients. --- OpenRA.Game/Server/Connection.cs | 1 + OpenRA.Game/Server/Server.cs | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/OpenRA.Game/Server/Connection.cs b/OpenRA.Game/Server/Connection.cs index e368c73216..84b9d928b1 100644 --- a/OpenRA.Game/Server/Connection.cs +++ b/OpenRA.Game/Server/Connection.cs @@ -25,6 +25,7 @@ namespace OpenRA.Server public int ExpectLength = 8; public int Frame = 0; public int MostRecentFrame = 0; + public bool Validated; public long TimeSinceLastResponse { get { return Game.RunTime - lastReceivedTime; } } public bool TimeoutMessageShown = false; diff --git a/OpenRA.Game/Server/Server.cs b/OpenRA.Game/Server/Server.cs index 6c7d1e7648..9c5712b744 100644 --- a/OpenRA.Game/Server/Server.cs +++ b/OpenRA.Game/Server/Server.cs @@ -361,6 +361,8 @@ namespace OpenRA.Server PreConns.Remove(newConn); Conns.Add(newConn); LobbyInfo.Clients.Add(client); + newConn.Validated = true; + var clientPing = new Session.ClientPing { Index = client.Index }; LobbyInfo.ClientPings.Add(clientPing); @@ -477,6 +479,23 @@ namespace OpenRA.Server void InterpretServerOrder(Connection conn, ServerOrder so) { + // Only accept handshake responses from unvalidated clients + // Anything else may be an attempt to exploit the server + if (!conn.Validated) + { + if (so.Name == "HandshakeResponse") + ValidateClient(conn, so.Data); + else + { + Log.Write("server", "Rejected connection from {0}; Order `{1}` is not a `HandshakeResponse`.", + conn.Socket.RemoteEndPoint, so.Name); + + DropClient(conn); + } + + return; + } + switch (so.Name) { case "Command": @@ -493,9 +512,6 @@ namespace OpenRA.Server break; } - case "HandshakeResponse": - ValidateClient(conn, so.Data); - break; case "Chat": case "TeamChat": case "PauseGame":