Skip to content

Commit

Permalink
server: possibly fixed sv_protect 1 and added chanllenge size check (…
Browse files Browse the repository at this point in the history 
…Ensiform), refs #541
  • Loading branch information
@jackeri
jackeri committed Dec 29, 2014
1 parent f1bb7cf commit 4da5a39
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
6 changes: 6 additions & 0 deletions src/server/server.h
View file
Expand Up @@ -507,6 +507,12 @@ void SV_ChangeMaxClients(void);
void SV_SpawnServer(char *server);
void SV_WriteAttackLog(const char *log);

#ifdef LEGACY_DEBUG
#define SV_WriteAttackLogD(x) SV_WriteAttackLog(x)
#else
#define SV_WriteAttackLogD(x)
#endif

// sv_client.c
void SV_GetChallenge(netadr_t from);
void SV_DirectConnect(netadr_t from);
Expand Down
18 changes: 15 additions & 3 deletions src/server/sv_main.c
View file
Expand Up @@ -594,6 +594,9 @@ static leakyBucket_t *SVC_BucketForAddress(netadr_t address, int burst, int peri
}

// Couldn't allocate a bucket for this address
// Write the info to the attack log since this is relevant information as the system is malfunctioning
SV_WriteAttackLogD(va("SVC_BucketForAddress: Could not allocate a bucket for client from %s\n", NET_AdrToString(address)));

return NULL;
}

Expand All @@ -609,7 +612,7 @@ qboolean SVC_RateLimit(leakyBucket_t *bucket, int burst, int period)
int expired = interval / period;
int expiredRemainder = interval % period;

if (expired > bucket->burst)
if (expired > bucket->burst || interval < 0)
{
bucket->burst = 0;
bucket->lastTime = now;
Expand All @@ -623,9 +626,12 @@ qboolean SVC_RateLimit(leakyBucket_t *bucket, int burst, int period)
if (bucket->burst < burst)
{
bucket->burst++;

return qfalse;
}
else
{
SV_WriteAttackLogD(va("SVC_RateLimit: burst limit exceeded for bucket: %i limit: %i\n", bucket->burst, burst));
}
}

return qtrue;
Expand Down Expand Up @@ -678,6 +684,12 @@ static void SVC_Status(netadr_t from, qboolean force)
}
}

// A maximum challenge length of 128 should be more than plenty.
if (strlen(Cmd_Argv(1)) > 128)
{
return;
}

strcpy(infostring, Cvar_InfoString(CVAR_SERVERINFO | CVAR_SERVERINFO_NOUPDATE));

// echo back the parameter to status. so master servers can use it as a challenge
Expand Down Expand Up @@ -1043,7 +1055,7 @@ static void SV_ConnectionlessPacket(netadr_t from, msg_t *msg)
Com_DPrintf("SV packet %s : %s\n", NET_AdrToString(from), c);

if (!Q_stricmp(c, "getstatus"))
{
{
if ((sv_protect->integer & SVP_OWOLF) && SV_CheckDRDoS(from))
{
return;
Expand Down

0 comments on commit 4da5a39

Please sign in to comment.