From c70839334e180869279c84f5d40360afdcc43bdc Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Mon, 22 May 2017 22:17:51 +0100
Subject: [PATCH] Added a bunch of missing checks to prevent non-server players
 from sending other non-server players stuff

---
 src/d_clisrv.c | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/d_clisrv.c b/src/d_clisrv.c
index 36b03be63..c6b8bbd64 100644
--- a/src/d_clisrv.c
+++ b/src/d_clisrv.c
@@ -3433,8 +3433,8 @@ static void HandlePacketFromAwayNode(SINT8 node)
 			{
 				SV_SendServerInfo(node, (tic_t)LONG(netbuffer->u.askinfo.time));
 				SV_SendPlayerInfo(node); // Send extra info
-				Net_CloseConnection(node);
 			}
+			Net_CloseConnection(node);
 			break;
 
 		case PT_SERVERREFUSE: // Negative response of client join request
@@ -3443,6 +3443,11 @@ static void HandlePacketFromAwayNode(SINT8 node)
 				Net_CloseConnection(node);
 				break;
 			}
+			if (node != servernode) // nope you're not the server
+			{
+				Net_CloseConnection(node);
+				break;
+			}
 			if (cl_mode == CL_WAITJOINRESPONSE)
 			{
 				// Save the reason so it can be displayed after quitting the netgame
@@ -3474,6 +3479,11 @@ static void HandlePacketFromAwayNode(SINT8 node)
 				Net_CloseConnection(node);
 				break;
 			}
+			if (node != servernode) // nope you're not the server
+			{
+				Net_CloseConnection(node);
+				break;
+			}
 			/// \note how would this happen? and is it doing the right thing if it does?
 			if (cl_mode != CL_WAITJOINRESPONSE)
 				break;
@@ -3537,11 +3547,20 @@ static void HandlePacketFromAwayNode(SINT8 node)
 				Net_CloseConnection(node);
 				break;
 			}
-			else
-				Got_Filetxpak();
+			if (node != servernode) // nope you're not the server
+			{
+				Net_CloseConnection(node);
+				break;
+			}
+			Got_Filetxpak();
 			break;
 
 		case PT_REQUESTFILE:
+			if (node != servernode) // nope you're not the server
+			{
+				Net_CloseConnection(node);
+				break;
+			}
 			if (server)
 				Got_RequestFilePak(node);
 			break;
@@ -3926,6 +3945,21 @@ FILESTAMP
 		case PT_SERVERCFG:
 			break;
 		case PT_FILEFRAGMENT:
+			// Only accept PT_FILEFRAGMENT from the server.
+			if (node != servernode)
+			{
+				CONS_Alert(CONS_WARNING, M_GetText("%s received from non-host %d\n"), "PT_FILEFRAGMENT", node);
+
+				if (server)
+				{
+					XBOXSTATIC UINT8 buf[2];
+					buf[0] = (UINT8)node;
+					buf[1] = KICK_MSG_CON_FAIL;
+					SendNetXCmd(XD_KICK, &buf, 2);
+				}
+
+				break;
+			}
 			if (client)
 				Got_Filetxpak();
 			break;