crypto: some simplifications; also apply policies properly to NQ legacy accept messages

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@11566 d7cf8633-e32d-0410-b094-e92efae38249

diff --git a/crypto.c b/crypto.c
index 09c164e2293240baf404a1138bc3759ae86ea4d6..2847e048b2bfd18c578e66834cd2c5af51b6cd75 100644 (file)
--- a/crypto.c
+++ b/crypto.c
@@ -2017,7 +2017,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
        {
                int wantserverid = -1;
                Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
-               if(!crypto || !crypto->authenticated)
+               //if(!crypto || !crypto->authenticated)
                {
                        if(wantserverid >= 0)
                                return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
@@ -2026,11 +2026,33 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
                }
                return CRYPTO_NOMATCH;
        }
-       else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll && crypto_aeslevel.integer >= 3)
+       else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll)
        {
                int wantserverid = -1;
                Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
-               if(!crypto || !crypto->authenticated)
+               //if(!crypto || !crypto->authenticated)
+               {
+                       if(wantserverid >= 0)
+                               return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
+                       if(crypto_aeslevel.integer >= 3)
+                               return Crypto_ClientError(data_out, len_out, "This server requires encryption to be not required (crypto_aeslevel <= 2)");
+               }
+               return CRYPTO_NOMATCH;
+       }
+       else if (len_in >= 5 && BuffLittleLong((unsigned char *) string) == ((int)NETFLAG_CTL | (int)len_in))
+       {
+               int wantserverid = -1;
+
+               // these three are harmless
+               if(string[4] == CCREP_SERVER_INFO)
+                       return CRYPTO_NOMATCH;
+               if(string[4] == CCREP_PLAYER_INFO)
+                       return CRYPTO_NOMATCH;
+               if(string[4] == CCREP_RULE_INFO)
+                       return CRYPTO_NOMATCH;
+
+               Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+               //if(!crypto || !crypto->authenticated)
                {
                        if(wantserverid >= 0)
                                return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");

diff --git a/netconn.c b/netconn.c
index c5858c807155edf82ede94d42a7ec2768bf6e91b..f01c3e05264a13b0016737ae1abcad01e3dec9d0 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -1685,7 +1685,7 @@ static void NetConn_ClientParsePacket_ServerList_ParseDPList(lhnetaddress_t *sen
 static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress)
 {
        qboolean fromserver;
-       int ret, c, control;
+       int ret, c;
        const char *s;
        char *string, addressstring2[128], ipstring[32];
        char stringbuf[16384];
@@ -2064,7 +2064,7 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                return ret;
        }
        // netquake control packets, supported for compatibility only
-       if (length >= 5 && (control = BuffBigLong(data)) && (control & (~NETFLAG_LENGTH_MASK)) == (int)NETFLAG_CTL && (control & NETFLAG_LENGTH_MASK) == length && !ENCRYPTION_REQUIRED)
+       if (length >= 5 && BuffBigLong(data) == ((int)NETFLAG_CTL | length) && !ENCRYPTION_REQUIRED)
        {
                int n;
                serverlist_info_t *info;