From 2cb92fc902153b0fb50b367271517fbbd0900ace Mon Sep 17 00:00:00 2001 From: BobTheBob <32057864+BobTheBob9@users.noreply.github.com> Date: Tue, 22 Mar 2022 19:46:13 +0000 Subject: remove ClientCommandKeyValues --- NorthstarDedicatedTest/miscserverfixes.cpp | 13 +++++++++++++ NorthstarDedicatedTest/securitypatches.cpp | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/NorthstarDedicatedTest/miscserverfixes.cpp b/NorthstarDedicatedTest/miscserverfixes.cpp index 334c5fa3..fca9c169 100644 --- a/NorthstarDedicatedTest/miscserverfixes.cpp +++ b/NorthstarDedicatedTest/miscserverfixes.cpp @@ -21,4 +21,17 @@ void InitialiseMiscServerFixes(HMODULE baseAddress) *(ptr++) = 0x90; // nop *ptr = 0x90; // nop } + + // ret at the start of CServerGameClients::ClientCommandKeyValues as it has no benefit and is forwarded to client (i.e. security issue) + // this prevents the attack vector of client=>server=>client, however server=>client also has clientside patches + { + char* ptr = reinterpret_cast(baseAddress) + 0x153920; + TempReadWrite rw(ptr); + *ptr = 0xC3; + } +} + +void InitialiseMiscEngineServerFixes(HMODULE baseAddress) +{ + } \ No newline at end of file diff --git a/NorthstarDedicatedTest/securitypatches.cpp b/NorthstarDedicatedTest/securitypatches.cpp index ee16593b..9352559a 100644 --- a/NorthstarDedicatedTest/securitypatches.cpp +++ b/NorthstarDedicatedTest/securitypatches.cpp @@ -16,12 +16,18 @@ bool IsValveModHook() return !CommandLine()->CheckParm("-norestrictservercommands"); } +typedef bool (*SVC_CmdKeyValues__ReadFromBufferType)(void* a1, void* a2); +SVC_CmdKeyValues__ReadFromBufferType SVC_CmdKeyValues__ReadFromBuffer; +// never parse server=>client keyvalues for clientcommandkeyvalues +bool SVC_CmdKeyValues__ReadFromBufferHook(void* a1, void* a2) { return false; } + void InitialiseClientEngineSecurityPatches(HMODULE baseAddress) { HookEnabler hook; // note: this could break some things ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1C6360, &IsValveModHook, reinterpret_cast(&IsValveMod)); + ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x222E70, &SVC_CmdKeyValues__ReadFromBufferHook, reinterpret_cast(&SVC_CmdKeyValues__ReadFromBuffer)); // patches to make commands run from client/ui script still work // note: this is likely preventable in a nicer way? test prolly -- cgit v1.2.3