ioquake/ioq3
0
0
Fork 0
mirror of https://github.com/ioquake/ioq3.git synced 2024-11-10 07:11:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix bad client reliableAcknowledge DOS exploit

Browse source 
Having a reliableAcknowledge of 0x7FFFFFFF causes a massive
loop to be executed in SV_UpdateServerCommandsToClient due to the + 1 overflow.
This commit is contained in:
ineed bots 2023-04-18 20:54:40 -06:00 committed by Tim Angus
parent 31c6d2f9d5
commit 47c9641939
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
code/server/sv_client.c
View file

@ -1917,7 +1917,7 @@ void SV_ExecuteClientMessage( client_t *cl, msg_t *msg ) {
// NOTE: when the client message is fux0red the acknowledgement numbers // NOTE: when the client message is fux0red the acknowledgement numbers
// can be out of range, this could cause the server to send thousands of server // can be out of range, this could cause the server to send thousands of server
// commands which the server thinks are not yet acknowledged in SV_UpdateServerCommandsToClient // commands which the server thinks are not yet acknowledged in SV_UpdateServerCommandsToClient
if (cl->reliableAcknowledge < cl->reliableSequence - MAX_RELIABLE_COMMANDS) { if ((cl->reliableSequence - cl->reliableAcknowledge >= MAX_RELIABLE_COMMANDS) || (cl->reliableSequence - cl->reliableAcknowledge < 0)) {
// usually only hackers create messages like this // usually only hackers create messages like this
// it is more annoying for them to let them hanging // it is more annoying for them to let them hanging
#ifndef NDEBUG #ifndef NDEBUG