From: divverent Date: Wed, 23 Nov 2011 06:36:30 +0000 (+0000) Subject: crypto: some simplifications; also apply policies properly to NQ legacy accept messages X-Git-Tag: xonotic-v0.6.0~156 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=3b3f81abf2e89fd12e349415bed16203f97476d9;p=xonotic%2Fdarkplaces.git crypto: some simplifications; also apply policies properly to NQ legacy accept messages git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@11566 d7cf8633-e32d-0410-b094-e92efae38249 ::stable-branch::merge=1003437071042f3dd3d7c6a7880d73b66a77c1f6 --- diff --git a/crypto.c b/crypto.c index 09c164e2..2847e048 100644 --- a/crypto.c +++ b/crypto.c @@ -2017,7 +2017,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, { int wantserverid = -1; Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL); - if(!crypto || !crypto->authenticated) + //if(!crypto || !crypto->authenticated) { if(wantserverid >= 0) return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present"); @@ -2026,11 +2026,33 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out, } return CRYPTO_NOMATCH; } - else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll && crypto_aeslevel.integer >= 3) + else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll) { int wantserverid = -1; Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL); - if(!crypto || !crypto->authenticated) + //if(!crypto || !crypto->authenticated) + { + if(wantserverid >= 0) + return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present"); + if(crypto_aeslevel.integer >= 3) + return Crypto_ClientError(data_out, len_out, "This server requires encryption to be not required (crypto_aeslevel <= 2)"); + } + return CRYPTO_NOMATCH; + } + else if (len_in >= 5 && BuffLittleLong((unsigned char *) string) == ((int)NETFLAG_CTL | (int)len_in)) + { + int wantserverid = -1; + + // these three are harmless + if(string[4] == CCREP_SERVER_INFO) + return CRYPTO_NOMATCH; + if(string[4] == CCREP_PLAYER_INFO) + return CRYPTO_NOMATCH; + if(string[4] == CCREP_RULE_INFO) + return CRYPTO_NOMATCH; + + Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL); + //if(!crypto || !crypto->authenticated) { if(wantserverid >= 0) return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present"); diff --git a/netconn.c b/netconn.c index c5858c80..f01c3e05 100755 --- a/netconn.c +++ b/netconn.c @@ -1685,7 +1685,7 @@ static void NetConn_ClientParsePacket_ServerList_ParseDPList(lhnetaddress_t *sen static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress) { qboolean fromserver; - int ret, c, control; + int ret, c; const char *s; char *string, addressstring2[128], ipstring[32]; char stringbuf[16384]; @@ -2064,7 +2064,7 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat return ret; } // netquake control packets, supported for compatibility only - if (length >= 5 && (control = BuffBigLong(data)) && (control & (~NETFLAG_LENGTH_MASK)) == (int)NETFLAG_CTL && (control & NETFLAG_LENGTH_MASK) == length && !ENCRYPTION_REQUIRED) + if (length >= 5 && BuffBigLong(data) == ((int)NETFLAG_CTL | length) && !ENCRYPTION_REQUIRED) { int n; serverlist_info_t *info;