mirror of
https://github.com/nzp-team/fteqw.git
synced 2024-11-26 05:41:52 +00:00
Lets try to NOT crash QEx servers.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@6164 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
parent
b21a648a4b
commit
ceee660184
2 changed files with 39 additions and 4 deletions
|
@ -1302,6 +1302,21 @@ static int GetPSKForServer(gnutls_session_t sess, char **username, gnutls_datum_
|
||||||
|
|
||||||
if ((!*dtls_psk_hint.string&&*dtls_psk_user.string) || (*dtls_psk_hint.string&&!strcmp(svhint, dtls_psk_hint.string)))
|
if ((!*dtls_psk_hint.string&&*dtls_psk_user.string) || (*dtls_psk_hint.string&&!strcmp(svhint, dtls_psk_hint.string)))
|
||||||
{ //okay, hints match (or ours is unset), report our user as appropriate.
|
{ //okay, hints match (or ours is unset), report our user as appropriate.
|
||||||
|
#ifndef NOLEGACY
|
||||||
|
if (*svhint)
|
||||||
|
{
|
||||||
|
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
|
||||||
|
if (CalcHashInt(&hash_sha1, svhint, strlen(svhint)) == 0xb6c27b61)
|
||||||
|
{
|
||||||
|
if (strcmp(svhint, dtls_psk_user.string) || CalcHashInt(&hash_sha1, dtls_psk_key.string, strlen(dtls_psk_key.string)) != 0x3dd348e4)
|
||||||
|
{
|
||||||
|
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", dtls_psk_user.name,dtls_psk_user.name, dtls_psk_key.name,dtls_psk_key.name);
|
||||||
|
return 0; //don't report anything.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
*username = strcpy((*qgnutls_malloc)(strlen(dtls_psk_user.string)+1), dtls_psk_user.string);
|
*username = strcpy((*qgnutls_malloc)(strlen(dtls_psk_user.string)+1), dtls_psk_user.string);
|
||||||
|
|
||||||
key->size = (strlen(dtls_psk_key.string)+1)/2;
|
key->size = (strlen(dtls_psk_key.string)+1)/2;
|
||||||
|
|
|
@ -680,11 +680,31 @@ unsigned int OSSL_CL_Validate_PSK(SSL *ssl, const char *hint, char *identity, un
|
||||||
{ //if our hint cvar matches, then report our user+key cvars to the server
|
{ //if our hint cvar matches, then report our user+key cvars to the server
|
||||||
if ((!*hint && *pdtls_psk_user->string && !*pdtls_psk_hint->string) || (*hint && !strcmp(hint, pdtls_psk_hint->string)))
|
if ((!*hint && *pdtls_psk_user->string && !*pdtls_psk_hint->string) || (*hint && !strcmp(hint, pdtls_psk_hint->string)))
|
||||||
{
|
{
|
||||||
//FIXME: avoid crashing QE
|
#ifndef NOLEGACY
|
||||||
|
if (*hint)
|
||||||
|
{
|
||||||
|
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
|
||||||
|
quint32_t digest[SHA_DIGEST_LENGTH/4];
|
||||||
|
|
||||||
|
SHA1(hint, strlen(hint), (qbyte*)digest);
|
||||||
|
if ((digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) == 0xb6c27b61)
|
||||||
|
{
|
||||||
|
SHA1(pdtls_psk_key->string, strlen(pdtls_psk_key->string), (qbyte*)digest);
|
||||||
|
if (strcmp(hint, pdtls_psk_user->string) || (digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) != 0x3dd348e4)
|
||||||
|
{
|
||||||
|
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
|
||||||
|
return 0; //don't report anything.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
Q_strlcpy(identity, pdtls_psk_user->string, max_identity_len);
|
Q_strlcpy(identity, pdtls_psk_user->string, max_identity_len);
|
||||||
return Base16_DecodeBlock_(pdtls_psk_key->string, psk, max_psk_len);
|
return Base16_DecodeBlock_(pdtls_psk_key->string, psk, max_psk_len);
|
||||||
}
|
}
|
||||||
|
else if (*hint)
|
||||||
|
Con_Printf(CON_WARNING "Unable to supply PSK response to server (hint is \"%s\").\n"
|
||||||
|
"Please set ^[%s\\type\\%s^], ^[%s\\type\\%s^], and ^[%s\\type\\%s^] cvars to match the server.\n", hint, pdtls_psk_hint->name,pdtls_psk_hint->name, pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
|
||||||
return 0; //we don't know what to report.
|
return 0; //we don't know what to report.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -733,7 +753,7 @@ static void *OSSL_CreateContext(const char *remotehost, void *cbctx, neterr_t(*p
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (*pdtls_psk_user->string)
|
// if (*pdtls_psk_user->string)
|
||||||
SSL_CTX_set_psk_client_callback(n->ctx, OSSL_CL_Validate_PSK);
|
SSL_CTX_set_psk_client_callback(n->ctx, OSSL_CL_Validate_PSK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -859,7 +879,7 @@ static neterr_t OSSL_Transmit(void *ctx, const qbyte *data, size_t datasize)
|
||||||
}
|
}
|
||||||
if (BIO_should_retry(o->bio))
|
if (BIO_should_retry(o->bio))
|
||||||
return 0;
|
return 0;
|
||||||
return NETERR_NOROUTE; //eof or something
|
return NETERR_DISCONNECTED; //eof or something
|
||||||
}
|
}
|
||||||
return NETERR_SENT;
|
return NETERR_SENT;
|
||||||
}
|
}
|
||||||
|
@ -900,7 +920,7 @@ static neterr_t OSSL_Received(void *ctx, sizebuf_t *message)
|
||||||
}
|
}
|
||||||
if (BIO_should_retry(o->bio))
|
if (BIO_should_retry(o->bio))
|
||||||
return 0;
|
return 0;
|
||||||
return NETERR_NOROUTE; //eof or something
|
return NETERR_DISCONNECTED; //eof or something
|
||||||
}
|
}
|
||||||
return NETERR_NOROUTE;
|
return NETERR_NOROUTE;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue