From 3b3f81abf2e89fd12e349415bed16203f97476d9 Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Wed, 23 Nov 2011 06:36:30 +0000
Subject: [PATCH] crypto: some simplifications; also apply policies properly to
 NQ legacy accept messages

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@11566 d7cf8633-e32d-0410-b094-e92efae38249
::stable-branch::merge=1003437071042f3dd3d7c6a7880d73b66a77c1f6
---
 crypto.c  | 28 +++++++++++++++++++++++++---
 netconn.c |  4 ++--
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/crypto.c b/crypto.c
index 09c164e2..2847e048 100644
--- a/crypto.c
+++ b/crypto.c
@@ -2017,7 +2017,7 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
 	{
 		int wantserverid = -1;
 		Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
-		if(!crypto || !crypto->authenticated)
+		//if(!crypto || !crypto->authenticated)
 		{
 			if(wantserverid >= 0)
 				return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
@@ -2026,11 +2026,33 @@ int Crypto_ClientParsePacket(const char *data_in, size_t len_in, char *data_out,
 		}
 		return CRYPTO_NOMATCH;
 	}
-	else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll && crypto_aeslevel.integer >= 3)
+	else if (len_in >= 1 && string[0] == 'j' && cls.connect_trying && d0_rijndael_dll)
 	{
 		int wantserverid = -1;
 		Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
-		if(!crypto || !crypto->authenticated)
+		//if(!crypto || !crypto->authenticated)
+		{
+			if(wantserverid >= 0)
+				return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
+			if(crypto_aeslevel.integer >= 3)
+				return Crypto_ClientError(data_out, len_out, "This server requires encryption to be not required (crypto_aeslevel <= 2)");
+		}
+		return CRYPTO_NOMATCH;
+	}
+	else if (len_in >= 5 && BuffLittleLong((unsigned char *) string) == ((int)NETFLAG_CTL | (int)len_in))
+	{
+		int wantserverid = -1;
+
+		// these three are harmless
+		if(string[4] == CCREP_SERVER_INFO)
+			return CRYPTO_NOMATCH;
+		if(string[4] == CCREP_PLAYER_INFO)
+			return CRYPTO_NOMATCH;
+		if(string[4] == CCREP_RULE_INFO)
+			return CRYPTO_NOMATCH;
+
+		Crypto_RetrieveHostKey(&cls.connect_address, &wantserverid, NULL, 0, NULL, 0, NULL);
+		//if(!crypto || !crypto->authenticated)
 		{
 			if(wantserverid >= 0)
 				return Crypto_ClientError(data_out, len_out, "Server tried an unauthenticated connection even though a host key is present");
diff --git a/netconn.c b/netconn.c
index c5858c80..f01c3e05 100755
--- a/netconn.c
+++ b/netconn.c
@@ -1685,7 +1685,7 @@ static void NetConn_ClientParsePacket_ServerList_ParseDPList(lhnetaddress_t *sen
 static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress)
 {
 	qboolean fromserver;
-	int ret, c, control;
+	int ret, c;
 	const char *s;
 	char *string, addressstring2[128], ipstring[32];
 	char stringbuf[16384];
@@ -2064,7 +2064,7 @@ static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
 		return ret;
 	}
 	// netquake control packets, supported for compatibility only
-	if (length >= 5 && (control = BuffBigLong(data)) && (control & (~NETFLAG_LENGTH_MASK)) == (int)NETFLAG_CTL && (control & NETFLAG_LENGTH_MASK) == length && !ENCRYPTION_REQUIRED)
+	if (length >= 5 && BuffBigLong(data) == ((int)NETFLAG_CTL | length) && !ENCRYPTION_REQUIRED)
 	{
 		int n;
 		serverlist_info_t *info;
-- 
2.39.5