Fix exploit to reset player by sending wrong serverId

If client sends wrong serverId but is already active in the world (CS_ACTIVE) don't resend initial gamestate for the map. This isn't a valid situation. The player should be CS_CONNECTED or CS_PRIMED. Resending gamestate to an active player will cause them to respawn without dying or disconnecting. If the player had a CTF flag it gets lost until the map is changed or restarted. Reported by Ensiform at: https://bugzilla.icculus.org/show_bug.cgi?id=6324
2024-11-10 06:31:47 +00:00 · 2018-04-03 21:14:56 -05:00 · 2018-04-03 21:14:56 -05:00 · b61e2998f3
commit b61e2998f3
parent 1284205012
1 changed files with 1 additions and 1 deletions
--- a/code/server/sv_client.c
+++ b/code/server/sv_client.c
@ -1948,7 +1948,7 @@ void SV_ExecuteClientMessage( client_t *cl, msg_t *msg ) {
 		}
 		// if we can tell that the client has dropped the last
 		// gamestate we sent them, resend it
-		if ( cl->messageAcknowledge > cl->gamestateMessageNum ) {
+		if ( cl->state != CS_ACTIVE && cl->messageAcknowledge > cl->gamestateMessageNum ) {
 			Com_DPrintf( "%s : dropped gamestate, resending\n", cl->name );
 			SV_SendClientGameState( cl );
 		}