Merge pull request #553 from ineedbots/main

Fix negativeAck exploit (crash DOS)
This commit is contained in:
Maurice Heumann 2023-04-18 06:23:22 +02:00 committed by GitHub
commit 3d440eabc5
2 changed files with 28 additions and 4 deletions

View File

@ -12,6 +12,19 @@ namespace patches
{ {
namespace namespace
{ {
utils::hook::detour sv_executeclientmessages_hook;
void sv_executeclientmessages_stub(game::client_s* client, game::msg_t* msg)
{
if (client->reliableAcknowledge < 0)
{
client->reliableAcknowledge = client->reliableSequence;
return;
}
sv_executeclientmessages_hook.invoke<void>(client, msg);
}
void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...) void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...)
{ {
char buffer[0x1000]; char buffer[0x1000];
@ -39,6 +52,9 @@ namespace patches
utils::hook::set<uint8_t>(game::select(0x14224DBB4, 0x1405312A8), 3); utils::hook::set<uint8_t>(game::select(0x14224DBB4, 0x1405312A8), 3);
utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3); utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);
// make sure client's reliableAck are not negative
sv_executeclientmessages_hook.create(game::select(0x14224A460, 0x14052F840), sv_executeclientmessages_stub);
scheduler::once([] scheduler::once([]
{ {
game::register_dvar_string("password", "", game::DVAR_USERINFO, "password"); game::register_dvar_string("password", "", game::DVAR_USERINFO, "password");

View File

@ -1583,15 +1583,23 @@ namespace game
int client_state; int client_state;
char __pad0[0x28]; char __pad0[0x28];
netadr_t address; netadr_t address;
char __pad1[0x5588]; char gap_3C[20468];
int reliableSequence;
int reliableAcknowledge;
char gap_5038[4];
int messageAcknowledge;
char gap_5040[1416];
uint64_t xuid; uint64_t xuid;
char __pad2[0xB5D84]; char __pad2[0xB5D84];
int guid; int guid;
char __pad3[0x8]; char __pad3[0x8];
bool bIsTestClient; bool bIsTestClient;
char __pad4[0x29DAC]; char gap_BB361[3];
int serverId;
char gap_BB368[171432];
}; };
#ifdef __cplusplus #ifdef __cplusplus
static_assert(sizeof(client_s) == 0xE5110); static_assert(sizeof(client_s) == 0xE5110);