Merge pull request #553 from ineedbots/main

Fix negativeAck exploit (crash DOS)
This commit is contained in:
Maurice Heumann 2023-04-18 06:23:22 +02:00 committed by GitHub
commit 3d440eabc5
2 changed files with 28 additions and 4 deletions

View File

@ -11,7 +11,20 @@
namespace patches
{
namespace
{
{
utils::hook::detour sv_executeclientmessages_hook;
void sv_executeclientmessages_stub(game::client_s* client, game::msg_t* msg)
{
if (client->reliableAcknowledge < 0)
{
client->reliableAcknowledge = client->reliableSequence;
return;
}
sv_executeclientmessages_hook.invoke<void>(client, msg);
}
void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...)
{
char buffer[0x1000];
@ -37,7 +50,10 @@ namespace patches
// Change 4 character name limit to 3 characters
utils::hook::set<uint8_t>(game::select(0x14224DA53, 0x140531143), 3);
utils::hook::set<uint8_t>(game::select(0x14224DBB4, 0x1405312A8), 3);
utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);
utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);
// make sure client's reliableAck are not negative
sv_executeclientmessages_hook.create(game::select(0x14224A460, 0x14052F840), sv_executeclientmessages_stub);
scheduler::once([]
{

View File

@ -1583,15 +1583,23 @@ namespace game
int client_state;
char __pad0[0x28];
netadr_t address;
char __pad1[0x5588];
char gap_3C[20468];
int reliableSequence;
int reliableAcknowledge;
char gap_5038[4];
int messageAcknowledge;
char gap_5040[1416];
uint64_t xuid;
char __pad2[0xB5D84];
int guid;
char __pad3[0x8];
bool bIsTestClient;
char __pad4[0x29DAC];
char gap_BB361[3];
int serverId;
char gap_BB368[171432];
};
#ifdef __cplusplus
static_assert(sizeof(client_s) == 0xE5110);