tech
/
engine
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Lets try to NOT crash QEx servers. 

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@6164 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
Spoike 2022-01-16 18:41:59 +00:00
parent b21a648a4b
commit ceee660184
2 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
engine/common/net_ssl_gnutls.c
View File

@ -1302,6 +1302,21 @@ static int GetPSKForServer(gnutls_session_t sess, char **username, gnutls_datum_
if ((!*dtls_psk_hint.string&&*dtls_psk_user.string) || (*dtls_psk_hint.string&&!strcmp(svhint, dtls_psk_hint.string)))
{ //okay, hints match (or ours is unset), report our user as appropriate.
#ifndef NOLEGACY
if (*svhint)
{
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
if (CalcHashInt(&hash_sha1, svhint, strlen(svhint)) == 0xb6c27b61)
{
if (strcmp(svhint, dtls_psk_user.string) || CalcHashInt(&hash_sha1, dtls_psk_key.string, strlen(dtls_psk_key.string)) != 0x3dd348e4)
{
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", dtls_psk_user.name,dtls_psk_user.name, dtls_psk_key.name,dtls_psk_key.name);
return 0; //don't report anything.
}
}
}
#endif
*username = strcpy((*qgnutls_malloc)(strlen(dtls_psk_user.string)+1), dtls_psk_user.string);
key->size = (strlen(dtls_psk_key.string)+1)/2;

28
plugins/net_ssl_openssl.c
View File

@ -680,11 +680,31 @@ unsigned int OSSL_CL_Validate_PSK(SSL *ssl, const char *hint, char *identity, un
{ //if our hint cvar matches, then report our user+key cvars to the server
if ((!*hint && *pdtls_psk_user->string && !*pdtls_psk_hint->string) || (*hint && !strcmp(hint, pdtls_psk_hint->string)))
{
//FIXME: avoid crashing QE
#ifndef NOLEGACY
if (*hint)
{
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
quint32_t digest[SHA_DIGEST_LENGTH/4];
SHA1(hint, strlen(hint), (qbyte*)digest);
if ((digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) == 0xb6c27b61)
{
SHA1(pdtls_psk_key->string, strlen(pdtls_psk_key->string), (qbyte*)digest);
if (strcmp(hint, pdtls_psk_user->string) || (digest[0]^digest[1]^digest[2]^digest[3]^digest[4]) != 0x3dd348e4)
{
Con_Printf(CON_WARNING "Possible QEx Server, please set your ^[%s\\type\\%s^] and ^[%s\\type\\%s^] cvars correctly, their current values are likely to crash the server.\n", pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
return 0; //don't report anything.
}
}
}
#endif
Q_strlcpy(identity, pdtls_psk_user->string, max_identity_len);
return Base16_DecodeBlock_(pdtls_psk_key->string, psk, max_psk_len);
}
else if (*hint)
Con_Printf(CON_WARNING "Unable to supply PSK response to server (hint is \"%s\").\n"
"Please set ^[%s\\type\\%s^], ^[%s\\type\\%s^], and ^[%s\\type\\%s^] cvars to match the server.\n", hint, pdtls_psk_hint->name,pdtls_psk_hint->name, pdtls_psk_user->name,pdtls_psk_user->name, pdtls_psk_key->name,pdtls_psk_key->name);
return 0; //we don't know what to report.
}
@ -733,7 +753,7 @@ static void *OSSL_CreateContext(const char *remotehost, void *cbctx, neterr_t(*p
}
else
{
if (*pdtls_psk_user->string)
// if (*pdtls_psk_user->string)
SSL_CTX_set_psk_client_callback(n->ctx, OSSL_CL_Validate_PSK);
}
@ -859,7 +879,7 @@ static neterr_t OSSL_Transmit(void *ctx, const qbyte *data, size_t datasize)
}
if (BIO_should_retry(o->bio))
return 0;
return NETERR_NOROUTE; //eof or something
return NETERR_DISCONNECTED; //eof or something
}
return NETERR_SENT;
}
@ -900,7 +920,7 @@ static neterr_t OSSL_Received(void *ctx, sizebuf_t *message)
}
if (BIO_should_retry(o->bio))
return 0;
return NETERR_NOROUTE; //eof or something
return NETERR_DISCONNECTED; //eof or something
}
return NETERR_NOROUTE;
}