2 files changed, 19 insertions, 0 deletions

diff --git a/NorthstarDedicatedTest/miscserverfixes.cpp b/NorthstarDedicatedTest/miscserverfixes.cpp
index 334c5fa3..fca9c169 100644
--- a/NorthstarDedicatedTest/miscserverfixes.cpp
+++ b/NorthstarDedicatedTest/miscserverfixes.cpp
@@ -21,4 +21,17 @@ void InitialiseMiscServerFixes(HMODULE baseAddress)
 		*(ptr++) = 0x90; // nop
 		*ptr = 0x90;	 // nop
 	}
+
+	// ret at the start of CServerGameClients::ClientCommandKeyValues as it has no benefit and is forwarded to client (i.e. security issue)
+	// this prevents the attack vector of client=>server=>client, however server=>client also has clientside patches
+	{
+		char* ptr = reinterpret_cast<char*>(baseAddress) + 0x153920;
+		TempReadWrite rw(ptr);
+		*ptr = 0xC3;
+	}
+}
+
+void InitialiseMiscEngineServerFixes(HMODULE baseAddress) 
+{
+	
 }
\ No newline at end of file
diff --git a/NorthstarDedicatedTest/securitypatches.cpp b/NorthstarDedicatedTest/securitypatches.cpp
index ee16593b..9352559a 100644
--- a/NorthstarDedicatedTest/securitypatches.cpp
+++ b/NorthstarDedicatedTest/securitypatches.cpp
@@ -16,12 +16,18 @@ bool IsValveModHook()
 	return !CommandLine()->CheckParm("-norestrictservercommands");
 }
 
+typedef bool (*SVC_CmdKeyValues__ReadFromBufferType)(void* a1, void* a2);
+SVC_CmdKeyValues__ReadFromBufferType SVC_CmdKeyValues__ReadFromBuffer;
+// never parse server=>client keyvalues for clientcommandkeyvalues
+bool SVC_CmdKeyValues__ReadFromBufferHook(void* a1, void* a2) { return false; }
+
 void InitialiseClientEngineSecurityPatches(HMODULE baseAddress)
 {
 	HookEnabler hook;
 
 	// note: this could break some things
 	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1C6360, &IsValveModHook, reinterpret_cast<LPVOID*>(&IsValveMod));
+	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x222E70, &SVC_CmdKeyValues__ReadFromBufferHook, reinterpret_cast<LPVOID*>(&SVC_CmdKeyValues__ReadFromBuffer));
 
 	// patches to make commands run from client/ui script still work
 	// note: this is likely preventable in a nicer way? test prolly