From 6001044ae6b04a92c8ead32dfe4380aacbd438bd Mon Sep 17 00:00:00 2001 From: Edo Date: Fri, 5 May 2023 19:14:53 +0100 Subject: [PATCH] [Network]: Better reverse of print OOB handler (#1011) --- CHANGELOG.md | 4 ++++ src/Components/Modules/Gamepad.cpp | 8 ++++---- src/Components/Modules/Network.cpp | 13 +++++++------ src/Game/Functions.cpp | 2 +- src/Game/Functions.hpp | 4 ++-- 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index baa46085..8e493d53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,10 @@ The format is based on [Keep a Changelog v0.3.0](http://keepachangelog.com/en/0. - Chat system will go back to using `SV_CMD_CAN_IGNORE` commands (#972) +### Security + +- Check the address of the sender for the `print` OOB packet (#969) + ### Fixed - Fix bug with how `sv_mapRotationCurrent` is parsed (#977) diff --git a/src/Components/Modules/Gamepad.cpp b/src/Components/Modules/Gamepad.cpp index f2515a65..b7552c67 100644 --- a/src/Components/Modules/Gamepad.cpp +++ b/src/Components/Modules/Gamepad.cpp @@ -1235,11 +1235,11 @@ namespace Components if (Game::Key_IsCatcherActive(localClientNum, Game::KEYCATCH_LOCATION_SELECTION) && pressedOrUpdated) { - if (key == Game::K_BUTTON_B || keyState.keys[key].binding && strcmp(keyState.keys[key].binding, "+actionslot 4") == 0) + if (key == Game::K_BUTTON_B || keyState.keys[key].binding && std::strcmp(keyState.keys[key].binding, "+actionslot 4") == 0) { keyState.locSelInputState = Game::LOC_SEL_INPUT_CANCEL; } - else if (key == Game::K_BUTTON_A || keyState.keys[key].binding && strcmp(keyState.keys[key].binding, "+attack") == 0) + else if (key == Game::K_BUTTON_A || keyState.keys[key].binding && std::strcmp(keyState.keys[key].binding, "+attack") == 0) { keyState.locSelInputState = Game::LOC_SEL_INPUT_CONFIRM; } @@ -1926,7 +1926,7 @@ namespace Components continue; } - if (Game::playerKeys[0].keys[keyNum].binding && strcmp(Game::playerKeys[0].keys[keyNum].binding, gamePadCmd) == 0) + if (Game::playerKeys[0].keys[keyNum].binding && std::strcmp(Game::playerKeys[0].keys[keyNum].binding, gamePadCmd) == 0) { (*keys)[keyCount++] = keyNum; @@ -1946,7 +1946,7 @@ namespace Components continue; } - if (Game::playerKeys[0].keys[keyNum].binding && strcmp(Game::playerKeys[0].keys[keyNum].binding, cmd) == 0) + if (Game::playerKeys[0].keys[keyNum].binding && std::strcmp(Game::playerKeys[0].keys[keyNum].binding, cmd) == 0) { (*keys)[keyCount++] = keyNum; diff --git a/src/Components/Modules/Network.cpp b/src/Components/Modules/Network.cpp index 800b4ce0..38ccc6ef 100644 --- a/src/Components/Modules/Network.cpp +++ b/src/Components/Modules/Network.cpp @@ -408,19 +408,20 @@ namespace Components SendRaw(address, address.getString()); }); - OnClientPacket("print", []([[maybe_unused]] const Address& address, [[maybe_unused]] const std::string& data) + OnClientPacketRaw("print", [](Game::netadr_t* address, Game::msg_t* msg) { auto* clc = Game::CL_GetLocalClientConnection(0); - if (!Game::NET_CompareBaseAdr(clc->serverAddress, *address.get())) + if (!Game::NET_CompareBaseAdr(clc->serverAddress, *address)) { return; } - char buffer[2048]{}; + char printBuf[2048]{}; - Game::I_strncpyz(clc->serverMessage, data.data(), sizeof(clc->serverMessage)); - Game::Com_sprintf(buffer, sizeof(buffer), "%s", data.data()); - Game::Com_PrintMessage(Game::CON_CHANNEL_CLIENT, buffer, 0); + const auto* s = Game::MSG_ReadBigString(msg); + Game::I_strncpyz(clc->serverMessage, s, sizeof(clc->serverMessage)); + Game::Com_sprintf(printBuf, sizeof(printBuf), "%s", s); + Game::Com_PrintMessage(Game::CON_CHANNEL_CLIENT, printBuf, false); }); } } diff --git a/src/Game/Functions.cpp b/src/Game/Functions.cpp index 51e4e8d6..97de97b1 100644 --- a/src/Game/Functions.cpp +++ b/src/Game/Functions.cpp @@ -93,7 +93,7 @@ namespace Game MSG_ReadLong_t MSG_ReadLong = MSG_ReadLong_t(0x4C9550); MSG_ReadShort_t MSG_ReadShort = MSG_ReadShort_t(0x40BDD0); MSG_ReadInt64_t MSG_ReadInt64 = MSG_ReadInt64_t(0x4F1850); - MSG_ReadString_t MSG_ReadString = MSG_ReadString_t(0x60E2B0); + MSG_ReadBigString_t MSG_ReadBigString = MSG_ReadBigString_t(0x60E2B0); MSG_ReadStringLine_t MSG_ReadStringLine = MSG_ReadStringLine_t(0x4FEF30); MSG_WriteByte_t MSG_WriteByte = MSG_WriteByte_t(0x48C520); MSG_WriteData_t MSG_WriteData = MSG_WriteData_t(0x4F4120); diff --git a/src/Game/Functions.hpp b/src/Game/Functions.hpp index a34bea03..b694b0b8 100644 --- a/src/Game/Functions.hpp +++ b/src/Game/Functions.hpp @@ -233,8 +233,8 @@ namespace Game typedef __int64(*MSG_ReadInt64_t)(msg_t* msg); extern MSG_ReadInt64_t MSG_ReadInt64; - typedef char*(*MSG_ReadString_t)(msg_t* msg, char* string, unsigned int maxChars); - extern MSG_ReadString_t MSG_ReadString; + typedef char*(*MSG_ReadBigString_t)(msg_t* msg); + extern MSG_ReadBigString_t MSG_ReadBigString; typedef char*(*MSG_ReadStringLine_t)(msg_t *msg, char *string, unsigned int maxChars); extern MSG_ReadStringLine_t MSG_ReadStringLine;