X-Git-Url: https://git.xonotic.org/?a=blobdiff_plain;f=netconn.c;h=56e6e467d40121e869ab0713cab501393e8b2304;hb=f244ef2525c9c018f1b077d49959df3c77ebc7b1;hp=97f07bac167179115afd2ab3f8c45a3bf6f6d1ad;hpb=cf8dfc912d76d0a26c5d80202fb0b8089df0901f;p=xonotic%2Fdarkplaces.git diff --git a/netconn.c b/netconn.c index 97f07bac..56e6e467 100755 --- a/netconn.c +++ b/netconn.c @@ -44,9 +44,9 @@ static cvar_t sv_masters [] = {CVAR_SAVE, "sv_master2", "", "user-chosen master server 2"}, {CVAR_SAVE, "sv_master3", "", "user-chosen master server 3"}, {CVAR_SAVE, "sv_master4", "", "user-chosen master server 4"}, - {0, "sv_masterextra1", "ghdigital.com", "ghdigital.com - default master server 1 (admin: LordHavoc)"}, // admin: LordHavoc - {0, "sv_masterextra2", "dpmaster.deathmask.net", "dpmaster.deathmask.net - default master server 2 (admin: Willis)"}, // admin: Willis - {0, "sv_masterextra3", "dpmaster.tchr.no", "dpmaster.tchr.no - default master server 3 (admin: tChr)"}, // admin: tChr + {0, "sv_masterextra1", "dpmaster.deathmask.net", "dpmaster.deathmask.net - default master server 1 (admin: Willis)"}, + {0, "sv_masterextra2", "dpmaster.tchr.no", "dpmaster.tchr.no - default master server 2 (admin: tChr)"}, + {0, "sv_masterextra3", "dpm.dpmaster.org:27777", "dpm.dpmaster.org - default master server 3 (admin: gazby/soylent_cow)"}, {0, NULL, NULL, NULL} }; @@ -2739,6 +2739,11 @@ static qboolean hmac_mdfour_time_matching(lhnetaddress_t *peeraddress, const cha char mdfourbuf[16]; long t1, t2; + if (!password[0]) { + Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n"); + return false; + } + t1 = (long) time(NULL); t2 = strtol(s, NULL, 0); if(abs(t1 - t2) > rcon_secure_maxdiff.integer) @@ -2755,6 +2760,11 @@ static qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, cons char mdfourbuf[16]; int i; + if (!password[0]) { + Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n"); + return false; + } + if(slen < (int)(sizeof(challenges[0].string)) - 1) return false; @@ -2781,6 +2791,11 @@ static qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, cons static qboolean plaintext_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen) { + if (!password[0]) { + Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n"); + return false; + } + return !strcmp(password, hash); } @@ -2799,12 +2814,12 @@ static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *pa { have_usernames = true; strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1)); - if(buf[0]) + if(buf[0]) // Ignore empty entries due to leading/duplicate space. if(comparator(peeraddress, buf, password, cs, cslen)) goto allow; userpass_start = userpass_end + 1; } - if(userpass_start[0]) + if(userpass_start[0]) // Ignore empty trailing entry due to trailing space or password not set. { userpass_end = userpass_start + strlen(userpass_start); if(comparator(peeraddress, userpass_start, password, cs, cslen)) @@ -2818,12 +2833,12 @@ static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *pa { have_usernames = true; strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1)); - if(buf[0]) + if(buf[0]) // Ignore empty entries due to leading/duplicate space. if(comparator(peeraddress, buf, password, cs, cslen)) goto check; userpass_start = userpass_end + 1; } - if(userpass_start[0]) + if(userpass_start[0]) // Ignore empty trailing entry due to trailing space or password not set. { userpass_end = userpass_start + strlen(userpass_start); if(comparator(peeraddress, userpass_start, password, cs, cslen)) @@ -2925,7 +2940,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat { int i, ret, clientnum, best; double besttime; - char *string, response[1400], addressstring2[128]; + char *string, response[2800], addressstring2[128]; static char stringbuf[16384]; // server only qboolean islocal = (LHNETADDRESS_GetAddressType(peeraddress) == LHNETADDRESSTYPE_LOOP); char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];