diff options
author | BobTheBob <32057864+BobTheBob9@users.noreply.github.com> | 2024-07-04 21:53:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-07-04 22:53:38 +0200 |
commit | 193ab4905664259cbb5035b0ec9b2cb3e0e6a994 (patch) | |
tree | d0a022523bf3eed03f6d0382ef24e95ac9a385c8 /primedev/shared/exploit_fixes | |
parent | fc087d804464cc6cb12498e171248186eb7b7c26 (diff) | |
download | NorthstarLauncher-193ab4905664259cbb5035b0ec9b2cb3e0e6a994.tar.gz NorthstarLauncher-193ab4905664259cbb5035b0ec9b2cb3e0e6a994.zip |
Properly handle invalid cvar replications without blocking netmessage (#408)v1.26.0-rc1
Properly handle invalid cvar replications without blocking netmessage entirely and restore `ns_server_name` replication
Diffstat (limited to 'primedev/shared/exploit_fixes')
-rw-r--r-- | primedev/shared/exploit_fixes/exploitfixes.cpp | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/primedev/shared/exploit_fixes/exploitfixes.cpp b/primedev/shared/exploit_fixes/exploitfixes.cpp index d96bc41e..1b3069f5 100644 --- a/primedev/shared/exploit_fixes/exploitfixes.cpp +++ b/primedev/shared/exploit_fixes/exploitfixes.cpp @@ -120,19 +120,31 @@ bool, __fastcall, (void* pMsg)) // 48 8B D1 48 8B 49 18 48 8B 01 48 FF 60 10 if (!nameValid || !valValid) return BLOCKED_INFO("Missing null terminators"); - ConVar* pVar = g_pCVar->FindVar(entry->name); - - if (pVar) + // we only need to check if these cvars are valid on client as it will set actual cvars there + // on server this won't set any actual convars, only keyvalues in the player, which doesn't have really any potential for dumb + // stuff + if (!bIsServerFrame) { - memcpy( - entry->name, - pVar->m_ConCommandBase.m_pszName, - strlen(pVar->m_ConCommandBase.m_pszName) + 1); // Force name to match case - - int iFlags = bIsServerFrame ? FCVAR_USERINFO : FCVAR_REPLICATED; - if (!pVar->IsFlagSet(iFlags)) - return BLOCKED_INFO( - "Invalid flags (" << std::hex << "0x" << pVar->m_ConCommandBase.m_nFlags << "), var is " << entry->name); + ConVar* pVar = g_pCVar->FindVar(entry->name); + if (pVar) + { + memcpy( + entry->name, + pVar->m_ConCommandBase.m_pszName, + strlen(pVar->m_ConCommandBase.m_pszName) + 1); // Force name to match case + + if (!pVar->IsFlagSet(FCVAR_REPLICATED)) + { + spdlog::warn( + "Blocking replication of remote cvar {} from server (server's var has flag REPLICATED, while ours does not)", + entry->name); + + // don't block, as non-malicious servers might send bad cvars, and we still want those clients to be able to + // connect + memset(entry->name, 0, ENTRY_STR_LEN); + memset(entry->val, 0, ENTRY_STR_LEN); + } + } } } else |