mirror of
https://github.com/nzp-team/fteqw.git
synced 2025-01-19 06:51:11 +00:00
Lets try to NOT crash QEx servers.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@6164 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
parent
b21a648a4b
commit
ceee660184
2 changed files with 39 additions and 4 deletions
|
@ -1302,6 +1302,21 @@ static int GetPSKForServer(gnutls_session_t sess, char **username, gnutls_datum_
|
|||
|
||||
if ((!*dtls_psk_hint.string&&*dtls_psk_user.string) || (*dtls_psk_hint.string&&!strcmp(svhint, dtls_psk_hint.string)))
|
||||
{ //okay, hints match (or ours is unset), report our user as appropriate.
|
||||
#ifndef NOLEGACY
|
||||
if (*svhint)
|
||||
{
|
||||
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
|
||||
if (CalcHashInt(&hash_sha1, svhint, strlen(svhint)) == 0xb6c27b61)
|
||||
{
|
||||
if (strcmp(svhint, dtls_psk_user.string) || CalcHashInt(&hash_sha1, dtls_psk_key.string, strlen(dtls_psk_key.string)) != 0x3dd348e4)
|
||||
{
|
||||
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", dtls_psk_user.name,dtls_psk_user.name, dtls_psk_key.name,dtls_psk_key.name);
|
||||
return 0; //don't report anything.
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
*username = strcpy((*qgnutls_malloc)(strlen(dtls_psk_user.string)+1), dtls_psk_user.string);
|
||||
|
||||
key->size = (strlen(dtls_psk_key.string)+1)/2;
|
||||
|
|
|
@ -680,11 +680,31 @@ unsigned int OSSL_CL_Validate_PSK(SSL *ssl, const char *hint, char *identity, un
|
|||
{ //if our hint cvar matches, then report our user+key cvars to the server
|
||||
if ((!*hint && *pdtls_psk_user->string && !*pdtls_psk_hint->string) || (*hint && !strcmp(hint, pdtls_psk_hint->string)))
|
||||
{
|
||||
//FIXME: avoid crashing QE
|
||||
#ifndef NOLEGACY
|
||||
if (*hint)
|
||||
{
|
||||
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
|
||||
quint32_t digest[SHA_DIGEST_LENGTH/4];
|
||||
|
||||
SHA1(hint, strlen(hint), (qbyte*)digest);
|
||||
if ((digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) == 0xb6c27b61)
|
||||
{
|
||||
SHA1(pdtls_psk_key->string, strlen(pdtls_psk_key->string), (qbyte*)digest);
|
||||
if (strcmp(hint, pdtls_psk_user->string) || (digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) != 0x3dd348e4)
|
||||
{
|
||||
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
|
||||
return 0; //don't report anything.
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
Q_strlcpy(identity, pdtls_psk_user->string, max_identity_len);
|
||||
return Base16_DecodeBlock_(pdtls_psk_key->string, psk, max_psk_len);
|
||||
}
|
||||
else if (*hint)
|
||||
Con_Printf(CON_WARNING "Unable to supply PSK response to server (hint is \"%s\").\n"
|
||||
"Please set ^[%s\\type\\%s^], ^[%s\\type\\%s^], and ^[%s\\type\\%s^] cvars to match the server.\n", hint, pdtls_psk_hint->name,pdtls_psk_hint->name, pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
|
||||
return 0; //we don't know what to report.
|
||||
}
|
||||
|
||||
|
@ -733,7 +753,7 @@ static void *OSSL_CreateContext(const char *remotehost, void *cbctx, neterr_t(*p
|
|||
}
|
||||
else
|
||||
{
|
||||
if (*pdtls_psk_user->string)
|
||||
// if (*pdtls_psk_user->string)
|
||||
SSL_CTX_set_psk_client_callback(n->ctx, OSSL_CL_Validate_PSK);
|
||||
}
|
||||
|
||||
|
@ -859,7 +879,7 @@ static neterr_t OSSL_Transmit(void *ctx, const qbyte *data, size_t datasize)
|
|||
}
|
||||
if (BIO_should_retry(o->bio))
|
||||
return 0;
|
||||
return NETERR_NOROUTE; //eof or something
|
||||
return NETERR_DISCONNECTED; //eof or something
|
||||
}
|
||||
return NETERR_SENT;
|
||||
}
|
||||
|
@ -900,7 +920,7 @@ static neterr_t OSSL_Received(void *ctx, sizebuf_t *message)
|
|||
}
|
||||
if (BIO_should_retry(o->bio))
|
||||
return 0;
|
||||
return NETERR_NOROUTE; //eof or something
|
||||
return NETERR_DISCONNECTED; //eof or something
|
||||
}
|
||||
return NETERR_NOROUTE;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue