ioquake
/
ioq3
mirror of https://github.com/ioquake/ioq3.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix bad client reliableAcknowledge DOS exploit 

Having a reliableAcknowledge of 0x7FFFFFFF causes a massive
loop to be executed in SV_UpdateServerCommandsToClient due to the + 1 overflow.
This commit is contained in:
ineed bots 2023-04-18 20:54:40 -06:00 committed by Tim Angus
parent 31c6d2f9d5
commit 47c9641939
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/server/sv_client.c
View File

@ -1917,7 +1917,7 @@ void SV_ExecuteClientMessage( client_t *cl, msg_t *msg ) {
// NOTE: when the client message is fux0red the acknowledgement numbers
// can be out of range, this could cause the server to send thousands of server
// commands which the server thinks are not yet acknowledged in SV_UpdateServerCommandsToClient
if (cl->reliableAcknowledge < cl->reliableSequence - MAX_RELIABLE_COMMANDS) {
if ((cl->reliableSequence - cl->reliableAcknowledge >= MAX_RELIABLE_COMMANDS) || (cl->reliableSequence - cl->reliableAcknowledge < 0)) {
// usually only hackers create messages like this
// it is more annoying for them to let them hanging
#ifndef NDEBUG