aboutsummaryrefslogtreecommitdiff
path: root/primedev/shared/exploit_fixes
diff options
context:
space:
mode:
authorBobTheBob <32057864+BobTheBob9@users.noreply.github.com>2024-07-04 21:53:38 +0100
committerGitHub <noreply@github.com>2024-07-04 22:53:38 +0200
commit193ab4905664259cbb5035b0ec9b2cb3e0e6a994 (patch)
treed0a022523bf3eed03f6d0382ef24e95ac9a385c8 /primedev/shared/exploit_fixes
parentfc087d804464cc6cb12498e171248186eb7b7c26 (diff)
downloadNorthstarLauncher-193ab4905664259cbb5035b0ec9b2cb3e0e6a994.tar.gz
NorthstarLauncher-193ab4905664259cbb5035b0ec9b2cb3e0e6a994.zip
Properly handle invalid cvar replications without blocking netmessage (#408)v1.26.0-rc1
Properly handle invalid cvar replications without blocking netmessage entirely and restore `ns_server_name` replication
Diffstat (limited to 'primedev/shared/exploit_fixes')
-rw-r--r--primedev/shared/exploit_fixes/exploitfixes.cpp36
1 files changed, 24 insertions, 12 deletions
diff --git a/primedev/shared/exploit_fixes/exploitfixes.cpp b/primedev/shared/exploit_fixes/exploitfixes.cpp
index d96bc41e..1b3069f5 100644
--- a/primedev/shared/exploit_fixes/exploitfixes.cpp
+++ b/primedev/shared/exploit_fixes/exploitfixes.cpp
@@ -120,19 +120,31 @@ bool, __fastcall, (void* pMsg)) // 48 8B D1 48 8B 49 18 48 8B 01 48 FF 60 10
if (!nameValid || !valValid)
return BLOCKED_INFO("Missing null terminators");
- ConVar* pVar = g_pCVar->FindVar(entry->name);
-
- if (pVar)
+ // we only need to check if these cvars are valid on client as it will set actual cvars there
+ // on server this won't set any actual convars, only keyvalues in the player, which doesn't have really any potential for dumb
+ // stuff
+ if (!bIsServerFrame)
{
- memcpy(
- entry->name,
- pVar->m_ConCommandBase.m_pszName,
- strlen(pVar->m_ConCommandBase.m_pszName) + 1); // Force name to match case
-
- int iFlags = bIsServerFrame ? FCVAR_USERINFO : FCVAR_REPLICATED;
- if (!pVar->IsFlagSet(iFlags))
- return BLOCKED_INFO(
- "Invalid flags (" << std::hex << "0x" << pVar->m_ConCommandBase.m_nFlags << "), var is " << entry->name);
+ ConVar* pVar = g_pCVar->FindVar(entry->name);
+ if (pVar)
+ {
+ memcpy(
+ entry->name,
+ pVar->m_ConCommandBase.m_pszName,
+ strlen(pVar->m_ConCommandBase.m_pszName) + 1); // Force name to match case
+
+ if (!pVar->IsFlagSet(FCVAR_REPLICATED))
+ {
+ spdlog::warn(
+ "Blocking replication of remote cvar {} from server (server's var has flag REPLICATED, while ours does not)",
+ entry->name);
+
+ // don't block, as non-malicious servers might send bad cvars, and we still want those clients to be able to
+ // connect
+ memset(entry->name, 0, ENTRY_STR_LEN);
+ memset(entry->val, 0, ENTRY_STR_LEN);
+ }
+ }
}
}
else