R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
r5sdk/r5dev/engine/client/client.cpp

477 lines
16 KiB
C++
Raw Normal View History

CBaseClient overhaul and partial class rebuild Also added initial CBaseServer rebuild TODO: INetChannel rebuild..
2022-03-26 00:24:13 +01:00
//===============================================================================//
//
// Purpose:
//
// $NoKeywords: $
//
//===============================================================================//
Light project restructure Moved server/client headers and implementations into dedicated subfolder. Renamed Some classes to match the game binary (e.g. CBaseClient is now CClient). Removed redundant files.
2022-05-20 11:52:19 +02:00
// client.cpp: implementation of the CClient class.
CClient::GetClient improvements
2022-06-16 18:04:43 +02:00
//
CBaseClient overhaul and partial class rebuild Also added initial CBaseServer rebuild TODO: INetChannel rebuild..
2022-03-26 00:24:13 +01:00
///////////////////////////////////////////////////////////////////////////////////
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
#include "core/stdafx.h"
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
#include "tier1/cvar.h"
Move and rename 'IsValidUTF8', 'UTF8CharLength' Moved to strtools (tier1); utility will be renamed and decoupled into 'stl_utility' soon.
2023-07-04 23:01:13 +02:00
#include "tier1/strtools.h"
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
#include "mathlib/sha256.h"
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
#include "engine/server/server.h"
Light project restructure Moved server/client headers and implementations into dedicated subfolder. Renamed Some classes to match the game binary (e.g. CBaseClient is now CClient). Removed redundant files.
2022-05-20 11:52:19 +02:00
#include "engine/client/client.h"
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
#ifndef CLIENT_DLL
#include "jwt/include/decode.h"
#endif
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
Null console commands past the 512th byte A mistake has been made, certain area's of the engine actually do allow strings larger than 128 bytes, just one routine that doesn't (console commands). Tokenizer only tokenizes it up to 512 bytes, so null all the other bytes past this. This still fixes the flaw mentioned in the comment at the place where the nulling happens.
2023-09-23 14:04:49 +02:00
// Absolute max string cmd length, any character past this will be NULLED.
#define STRINGCMD_MAX_LEN 512
Fix crasher by clamping stringcmd length before tokenizing it Possible crasher is to send a stringcmd >= 512 in size with funny UTF8 characters and have CUtlBuffer::ParseToken() read past it. Apparently seems to be mostly a problem on 32bit? I was unable to initiate a crash, though one string caused interesting behavior before, and there was one report of the dedicated server being 'crashed' with this. There is no reason to tokenize it up to 512 bytes if the game is only ever going to allow 128, so clamp it to 129 and if the user exceeds it then they still get the message and we just jettison it.
2023-08-07 16:52:35 +02:00
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
//---------------------------------------------------------------------------------
// Purpose: throw away any residual garbage in the channel
//---------------------------------------------------------------------------------
void CClient::Clear(void)
{
Fix client.dll compile errors
2022-09-22 00:08:49 +02:00
#ifndef CLIENT_DLL
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
g_ServerPlayer[GetUserID()].Reset(); // Reset ServerPlayer slot.
Fix client.dll compile errors
2022-09-22 00:08:49 +02:00
#endif // !CLIENT_DLL
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
v_CClient_Clear(this);
}
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
//---------------------------------------------------------------------------------
// Purpose: throw away any residual garbage in the channel
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
// Input : *pClient -
CBaseClient overhaul and partial class rebuild Also added initial CBaseServer rebuild TODO: INetChannel rebuild..
2022-03-26 00:24:13 +01:00
//---------------------------------------------------------------------------------
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
void CClient::VClear(CClient* pClient)
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
{
Make 'CClient::IsHumanPlayer' inline
2023-07-17 17:38:21 +02:00
pClient->Clear();
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
}
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
static const char JWT_PUBLIC_KEY[] =
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/335exIZ6LE8pYi6e50\n"
"7tH19tXaeeEJVF5XXpTCXpndXIIWVimvg6xQ381eajySDw93wvG1DzW3U/6LHzyt\n"
"Q++N8w7N+FwnXyoDUD5Y8hheTZv6jjLoYT8ZtsMl20k9UosrbFBTMUhgmIT2dVth\n"
"LH+rT9ohpUNwQXHJvTOs9eY74GyfFw93+32LANBPZ8b+S8S3oZnKFVeCxRkYKsV0\n"
"b34POHVBbXNw6Kt163gR5zaiCfJJtRto9AA7MV2t9pfy8CChs3uJ+Xn7QVHD5cqt\n"
"Msg9MBac2Pvs2j+8wJ/igAVL5L81z3FXVt04id59TfPMUbYhRfY8pk7FB0MCigOH\n"
"dwIDAQAB\n"
"-----END PUBLIC KEY-----\n";
bool CClient::Authenticate(const char* const playerName, char* const reasonBuf, const size_t reasonBufLen)
{
#ifndef CLIENT_DLL
// don't bother checking origin auth on bots or local clients
if (IsFakeClient() || GetNetChan()->GetRemoteAddress().IsLoopback())
return true;
#define FORMAT_ERROR_REASON(fmt, ...) V_snprintf(reasonBuf, reasonBufLen, fmt, ##__VA_ARGS__);
KeyValues* cl_onlineAuthTokenKv = this->m_ConVars->FindKey("cl_onlineAuthToken");
KeyValues* cl_onlineAuthTokenSignature1Kv = this->m_ConVars->FindKey("cl_onlineAuthTokenSignature1");
KeyValues* cl_onlineAuthTokenSignature2Kv = this->m_ConVars->FindKey("cl_onlineAuthTokenSignature2");
if (!cl_onlineAuthTokenKv || !cl_onlineAuthTokenSignature1Kv)
{
FORMAT_ERROR_REASON("Missing token");
return false;
}
const char* onlineAuthToken = cl_onlineAuthTokenKv->GetString();
const char* onlineAuthTokenSignature1 = cl_onlineAuthTokenSignature1Kv->GetString();
const char* onlineAuthTokenSignature2 = cl_onlineAuthTokenSignature2Kv->GetString();
const std::string fullToken = Format("%s.%s%s", onlineAuthToken, onlineAuthTokenSignature1, onlineAuthTokenSignature2);
struct l8w8jwt_decoding_params params;
l8w8jwt_decoding_params_init(&params);
params.alg = L8W8JWT_ALG_RS256;
params.jwt = (char*)fullToken.c_str();
params.jwt_length = fullToken.length();
params.verification_key = (unsigned char*)JWT_PUBLIC_KEY;
params.verification_key_length = strlen(JWT_PUBLIC_KEY);
params.validate_exp = 1;
params.exp_tolerance_seconds = 1;
params.validate_iat = 1;
params.iat_tolerance_seconds = 30;
l8w8jwt_claim* claims = nullptr;
size_t numClaims = 0;
enum l8w8jwt_validation_result validation_result;
const int r = l8w8jwt_decode(&params, &validation_result, &claims, &numClaims);
if (r != L8W8JWT_SUCCESS)
{
FORMAT_ERROR_REASON("Code %i", r);
return false;
}
if (validation_result != L8W8JWT_VALID)
{
char reasonBuffer[256];
l8w8jwt_get_validation_result_desc(validation_result, reasonBuffer, sizeof(reasonBuffer));
FORMAT_ERROR_REASON("%s", reasonBuffer);
return false;
}
bool foundSessionId = false;
for (size_t i = 0; i < numClaims; ++i)
{
// session id
if (!strcmp(claims[i].key, "sessionId"))
{
const char* const sessionId = claims[i].value;
const std::string newId = Format(
"%lld-%s-%s",
this->m_DataBlock.userData,
playerName,
g_pMasterServer->GetHostIP().c_str()
);
DevMsg(eDLL_T::SERVER, "%s: newId=%s\n", __FUNCTION__, newId.c_str());
const std::string hashedNewId = sha256(newId);
if (hashedNewId.compare(sessionId) != 0)
{
FORMAT_ERROR_REASON("Token is not authorized for the connecting client");
return false;
}
foundSessionId = true;
}
}
if (!foundSessionId)
{
FORMAT_ERROR_REASON("No session ID");
return false;
}
#undef REJECT_CONNECTION
#endif // !CLIENT_DLL
return true;
}
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
//---------------------------------------------------------------------------------
// Purpose: connect new client
// Input : *szName -
// *pNetChannel -
// bFakePlayer -
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
// *conVars -
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
// *szMessage -
// nMessageSize -
Fix spelling errors Overall spelling improvements and cleanup..
2022-09-09 19:47:31 +02:00
// Output : true if connection was successful, false otherwise
Cleanup 'NET_DisconnectClient()'
2022-05-21 18:56:56 +02:00
//---------------------------------------------------------------------------------
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
bool CClient::Connect(const char* szName, void* pNetChannel, bool bFakePlayer,
CUtlVector<NET_SetConVar::cvar_t>* conVars, char* szMessage, int nMessageSize)
CBaseClient overhaul and partial class rebuild Also added initial CBaseServer rebuild TODO: INetChannel rebuild..
2022-03-26 00:24:13 +01:00
{
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
#ifndef CLIENT_DLL
g_ServerPlayer[GetUserID()].Reset(); // Reset ServerPlayer slot.
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
#endif
if (!v_CClient_Connect(this, szName, pNetChannel, bFakePlayer, conVars, szMessage, nMessageSize))
return false;
#ifndef CLIENT_DLL
#define REJECT_CONNECTION(fmt, ...) V_snprintf(szMessage, nMessageSize, fmt, ##__VA_ARGS__);
char authFailReason[512];
if (!Authenticate(szName, authFailReason, sizeof(authFailReason)))
{
REJECT_CONNECTION("Failed to verify authentication token [%s]", authFailReason);
return false;
}
#undef REJECT_CONNECTION
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
#endif // !CLIENT_DLL
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
return true;
CBaseClient overhaul and partial class rebuild Also added initial CBaseServer rebuild TODO: INetChannel rebuild..
2022-03-26 00:24:13 +01:00
}
//---------------------------------------------------------------------------------
// Purpose: connect new client
// Input : *pClient -
// *szName -
// *pNetChannel -
// bFakePlayer -
// *a5 -
// *szMessage -
// nMessageSize -
Fix spelling errors Overall spelling improvements and cleanup..
2022-09-09 19:47:31 +02:00
// Output : true if connection was successful, false otherwise
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
//---------------------------------------------------------------------------------
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
bool CClient::VConnect(CClient* pClient, const char* szName, void* pNetChannel, bool bFakePlayer,
CUtlVector<NET_SetConVar::cvar_t>* conVars, char* szMessage, int nMessageSize)
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
{
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
return pClient->Connect(szName, pNetChannel, bFakePlayer, conVars, szMessage, nMessageSize);;
Code base refactor + major performance and readability improvement. Read description for details. * Codebase restructured to SourceSDK codebase style and .cpp/.h assertion paths in the game executable. * Document most functions with valve style 'Purpose' blocks. * Rename variables to match the rest of the codebase and Valve's naming convention. * Dedicated DLL and the SDKLauncher now share the same codebase as the DevSDK. * Obtain globals or pointers directly instead of waiting for runtime initialized data. * Dynamically search for all functions and globals (this doesn't count for dedicated yet!). * Initialize most in-SDK variables. * Move certain prints and other utilities under ConVars to reduce verbosity and increase performance. * Print all pattern scan results through a virtual function to make it easier to add and debug new patterns in the future. * Type global var pointers appropriately if class or type is known and implemented. * Forward declare 'CClient' class to avoid having 2 'g_pClient' copies. * Add IDA's pseudo definitions for easier prototyping with decompiled assembly code. * RPAK decompress Command callback implementation. * Load decompressed RPaks from 'paks\Win32\' overriding the ones in 'paks\Win64\' (the decompress callback will automatically fix the header and write it to 'paks\Win32\'). * VPK decompress Command callback implementation. * Move CRC32 ands Adler32 to implementation files. * Server will print out more details about the connecting client. * Upgrade ImGui lib to v1.86. * Don't compile id3dx.h for dedicated. * Don't compile id3dx.cpp for dedicated * Implement DevMsg print function allowing to print information to the in-game VGUI/RUI console overlay, ImGui console overlay and the external windows console * Fixed bug where the Error function would not properly terminate the process when an error is called. This caused access violations for critical/non-recoverable errors. * Fixed bug where the game would crash if the console or server browser was enabled while the game was still starting up. * Several bug fixes for the dedicated server (warning: dedicated is still considered work-in-progress!).
2021-12-25 22:36:38 +01:00
}
Implement net message processing budget Implement net message process budget (channel gets removed if value is exceeded). Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
2022-09-18 23:19:50 +02:00
//---------------------------------------------------------------------------------
// Purpose: disconnect client
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
// Input : nRepLvl -
Implement net message processing budget Implement net message process budget (channel gets removed if value is exceeded). Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
2022-09-18 23:19:50 +02:00
// *szReason -
// ... -
//---------------------------------------------------------------------------------
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
void CClient::Disconnect(const Reputation_t nRepLvl, const char* szReason, ...)
Implement net message processing budget Implement net message process budget (channel gets removed if value is exceeded). Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
2022-09-18 23:19:50 +02:00
{
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
if (m_nSignonState != SIGNONSTATE::SIGNONSTATE_NONE)
{
char szBuf[1024];
{/////////////////////////////
Replace memalloc calls throughout entire SDK Global 'direct' usage of 'MemAllocSingleton()' has been jettisoned. Where possible, smart pointers were used instead. During the refactor, the following bugs were addressed and fixed: - The virtual destructor of 'CCVarIteratorInternal' was NOT called on destruction. - Class function 'KeyValues::MakeCopy' did NOT calculate the buffer size of the wide string correctly, the original calculation was 'len+1*sizeof(wchar_t)', but should've been '(len+1)*sizeof(wchar_t)'. Some other code changes include: - Tier0 include 'memstd.h' has been moved above all thirdparty includes, to make sure the memalloc functions get shadowed with ours in third party libraries as well. - RPak file paths string literals are now defines. - 'DestroyOverlay' has been refactored to match the assembly of the game.
2023-06-26 22:34:24 +02:00
va_list vArgs;
'Bad behaving player' systems improvement * Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel). * Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL. * Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'. * Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
2022-09-19 01:28:43 +02:00
va_start(vArgs, szReason);
vsnprintf(szBuf, sizeof(szBuf), szReason, vArgs);
szBuf[sizeof(szBuf) - 1] = '\0';
va_end(vArgs);
}/////////////////////////////
v_CClient_Disconnect(this, nRepLvl, szBuf);
}
Implement net message processing budget Implement net message process budget (channel gets removed if value is exceeded). Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
2022-09-18 23:19:50 +02:00
}
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
//---------------------------------------------------------------------------------
// Purpose: activate player
// Input : *pClient -
//---------------------------------------------------------------------------------
void CClient::VActivatePlayer(CClient* pClient)
{
Remove legacy code The persistence enabled field was no longer needed a while ago, but never removed.
2023-07-16 13:47:07 +02:00
// Set the client instance to 'ready' before calling ActivatePlayer.
pClient->SetPersistenceState(PERSISTENCE::PERSISTENCE_READY);
v_CClient_ActivatePlayer(pClient);
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
Add 'engine_cl' project to SDK and fix compiler errors The 'engine_cl' library defines 'CLIENT_DLL', which prunes server specific code. This is used for the 'client.dll' project. Also fixed a compile error in 'CClient::VActivatePlayer', as it used a server only cvar. Ideally, this entire file gets ifdef'd out for engine_cl, currently it doesn't matter as nothing gets compiled in.
2023-07-19 02:30:07 +02:00
#ifndef CLIENT_DLL
Fix rare crasher due to missing NULL check on netchan Netchan could be NULL, add a check in.
2023-07-17 17:08:37 +02:00
const CNetChan* pNetChan = pClient->GetNetChan();
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
Fix rare crasher due to missing NULL check on netchan Netchan could be NULL, add a check in.
2023-07-17 17:08:37 +02:00
if (pNetChan && sv_showconnecting->GetBool())
{
Utilize 'DevMsg()' for uncertain builds only Only uncertain builds will contain DevMsg()/DevWarning() prints. For retail, Msg() and Warning() should be used instead.
2023-08-21 19:12:29 +02:00
Msg(eDLL_T::SERVER, "Activated player #%d; channel %s(%s) ('%llu')\n",
Remove legacy code The persistence enabled field was no longer needed a while ago, but never removed.
2023-07-16 13:47:07 +02:00
pClient->GetUserID(), pNetChan->GetName(), pNetChan->GetAddress(), pClient->GetNucleusID());
}
Add 'engine_cl' project to SDK and fix compiler errors The 'engine_cl' library defines 'CLIENT_DLL', which prunes server specific code. This is used for the 'client.dll' project. Also fixed a compile error in 'CClient::VActivatePlayer', as it used a server only cvar. Ideally, this entire file gets ifdef'd out for engine_cl, currently it doesn't matter as nothing gets compiled in.
2023-07-19 02:30:07 +02:00
#endif // !CLIENT_DLL
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
}
//---------------------------------------------------------------------------------
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
// Purpose: send a net message with replay.
// set 'CNetMessage::m_nGroup' to 'NoReplay' to disable replay.
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
// Input : *pMsg -
// bLocal -
// bForceReliable -
// bVoice -
//---------------------------------------------------------------------------------
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
bool CClient::SendNetMsgEx(CNetMessage* pMsg, char bLocal, bool bForceReliable, bool bVoice)
More mapped out fields for server and client class
2023-02-17 23:59:37 +01:00
{
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
if (!ShouldReplayMessage(pMsg))
{
// Don't copy the message into the replay buffer.
pMsg->m_nGroup = NetMessageGroup::NoReplay;
}
return v_CClient_SendNetMsgEx(this, pMsg, bLocal, bForceReliable, bVoice);
More mapped out fields for server and client class
2023-02-17 23:59:37 +01:00
}
Fix crash in 'CClient::ActivatePlayer' Set the persistence fields to 'ready' in 'CClient::ActivatePlayer', before executing the rest of the function. Previously, it was set in 'CVEngineServer::PersistenceAvailable', but this is too late. The function 'FairFight_Init' was actually 'CClient::ActivatePlayer', and thus it has been moved to the correct file, and the old file defining it previously has been removed.
2023-05-15 17:19:18 +02:00
//---------------------------------------------------------------------------------
// Purpose: send a snapshot
// Input : *pClient -
// *pFrame -
// nTick -
// nTickAck -
//---------------------------------------------------------------------------------
More mapped out fields for server and client class
2023-02-17 23:59:37 +01:00
void* CClient::VSendSnapshot(CClient* pClient, CClientFrame* pFrame, int nTick, int nTickAck)
{
return v_CClient_SendSnapshot(pClient, pFrame, nTick, nTickAck);
}
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
//---------------------------------------------------------------------------------
// Purpose: internal hook to 'CClient::SendNetMsgEx'
// Input : *pClient -
// *pMsg -
// bLocal -
// bForceReliable -
// bVoice -
//---------------------------------------------------------------------------------
bool CClient::VSendNetMsgEx(CClient* pClient, CNetMessage* pMsg, char bLocal, bool bForceReliable, bool bVoice)
{
return pClient->SendNetMsgEx(pMsg, bLocal, bForceReliable, bVoice);
}
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
//---------------------------------------------------------------------------------
Move CClient pointer adjuster to separate function All process methods have a shifted CClient pointer, so this will be used more often.
2023-09-16 12:18:32 +02:00
// Purpose: some versions of the binary have an optimization that shifts the 'this'
// pointer of the CClient structure by 8 bytes to avoid having to cache the vftable
// pointer if it never get used. Here we shift it back so it aligns again.
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
//---------------------------------------------------------------------------------
Move CClient pointer adjuster to separate function All process methods have a shifted CClient pointer, so this will be used more often.
2023-09-16 12:18:32 +02:00
CClient* AdjustShiftedThisPointer(CClient* shiftedPointer)
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
{
#if defined (GAMEDLL_S0) || defined (GAMEDLL_S1)
Move CClient pointer adjuster to separate function All process methods have a shifted CClient pointer, so this will be used more often.
2023-09-16 12:18:32 +02:00
return shiftedPointer;
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
#elif defined (GAMEDLL_S2) || defined (GAMEDLL_S3)
/* Original function called method "CClient::ExecuteStringCommand" with an optimization
* that shifted the 'this' pointer with 8 bytes.
* Since this has been inlined with "CClient::ProcessStringCmd" as of S2, the shifting
* happens directly to anything calling this function. */
Move CClient pointer adjuster to separate function All process methods have a shifted CClient pointer, so this will be used more often.
2023-09-16 12:18:32 +02:00
char* pShifted = reinterpret_cast<char*>(shiftedPointer) - 8;
return reinterpret_cast<CClient*>(pShifted);
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
#endif // !GAMEDLL_S0 || !GAMEDLL_S1
Move CClient pointer adjuster to separate function All process methods have a shifted CClient pointer, so this will be used more often.
2023-09-16 12:18:32 +02:00
}
//---------------------------------------------------------------------------------
// Purpose: process string commands (kicking anyone attempting to DOS)
// Input : *pClient - (ADJ)
// *pMsg -
// Output : false if cmd should be passed to CServerGameClients
//---------------------------------------------------------------------------------
bool CClient::VProcessStringCmd(CClient* pClient, NET_StringCmd* pMsg)
{
#ifndef CLIENT_DLL
Null console commands past the 512th byte A mistake has been made, certain area's of the engine actually do allow strings larger than 128 bytes, just one routine that doesn't (console commands). Tokenizer only tokenizes it up to 512 bytes, so null all the other bytes past this. This still fixes the flaw mentioned in the comment at the place where the nulling happens.
2023-09-23 14:04:49 +02:00
CClient* const pClient_Adj = AdjustShiftedThisPointer(pClient);
Don't allow stringcmd's if client isn't active Potential exploit vector, executing stringcmd's during signon states where it shouldn't be used.
2023-08-08 19:25:12 +02:00
// Jettison the cmd if the client isn't active.
if (!pClient_Adj->IsActive())
return true;
Null console commands past the 512th byte A mistake has been made, certain area's of the engine actually do allow strings larger than 128 bytes, just one routine that doesn't (console commands). Tokenizer only tokenizes it up to 512 bytes, so null all the other bytes past this. This still fixes the flaw mentioned in the comment at the place where the nulling happens.
2023-09-23 14:04:49 +02:00
const int nUserID = pClient_Adj->GetUserID();
ServerPlayer_t* const pSlot = &g_ServerPlayer[nUserID];
CClient: Member type improvements * Made 'm_nUserID' signed.
2023-04-30 01:26:37 +02:00
Null console commands past the 512th byte A mistake has been made, certain area's of the engine actually do allow strings larger than 128 bytes, just one routine that doesn't (console commands). Tokenizer only tokenizes it up to 512 bytes, so null all the other bytes past this. This still fixes the flaw mentioned in the comment at the place where the nulling happens.
2023-09-23 14:04:49 +02:00
const double flStartTime = Plat_FloatTime();
const int nCmdQuotaLimit = sv_quota_stringCmdsPerSecond->GetInt();
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
Variable rename for readability
2022-09-22 21:20:37 +02:00
if (!nCmdQuotaLimit)
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
return true;
Discard invalid string commands Must be UTF-8 encoded, currently there are no checks.
2023-06-22 23:45:19 +02:00
const char* pCmd = pMsg->cmd;
// Just skip if the cmd pointer is null, we still check if the
// client sent too many commands and take appropriate actions.
// The internal function discards the command if it's null.
Fix crasher by clamping stringcmd length before tokenizing it Possible crasher is to send a stringcmd >= 512 in size with funny UTF8 characters and have CUtlBuffer::ParseToken() read past it. Apparently seems to be mostly a problem on 32bit? I was unable to initiate a crash, though one string caused interesting behavior before, and there was one report of the dedicated server being 'crashed' with this. There is no reason to tokenize it up to 512 bytes if the game is only ever going to allow 128, so clamp it to 129 and if the user exceeds it then they still get the message and we just jettison it.
2023-08-07 16:52:35 +02:00
if (pCmd)
Discard invalid string commands Must be UTF-8 encoded, currently there are no checks.
2023-06-22 23:45:19 +02:00
{
Null console commands past the 512th byte A mistake has been made, certain area's of the engine actually do allow strings larger than 128 bytes, just one routine that doesn't (console commands). Tokenizer only tokenizes it up to 512 bytes, so null all the other bytes past this. This still fixes the flaw mentioned in the comment at the place where the nulling happens.
2023-09-23 14:04:49 +02:00
// There is an issue in CUtlBuffer::ParseToken() that causes it to read
// past its buffer; mostly seems to happen on 32bit, but a carefully
// crafted string should work on 64bit too). The fix is to just null
// everything past the maximum allowed length. The second 'theoretical'
// fix would be to properly fix CUtlBuffer::ParseToken() by computing
// the UTF8 character size each iteration and check if it still doesn't
// exceed bounds.
Fix crasher by clamping stringcmd length before tokenizing it Possible crasher is to send a stringcmd >= 512 in size with funny UTF8 characters and have CUtlBuffer::ParseToken() read past it. Apparently seems to be mostly a problem on 32bit? I was unable to initiate a crash, though one string caused interesting behavior before, and there was one report of the dedicated server being 'crashed' with this. There is no reason to tokenize it up to 512 bytes if the game is only ever going to allow 128, so clamp it to 129 and if the user exceeds it then they still get the message and we just jettison it.
2023-08-07 16:52:35 +02:00
memset(&pMsg->buffer[STRINGCMD_MAX_LEN],
'\0', sizeof(pMsg->buffer) - (STRINGCMD_MAX_LEN));
if (!V_IsValidUTF8(pCmd))
{
Warning(eDLL_T::SERVER, "Removing client '%s' from slot #%i ('%llu' sent invalid string command!)\n",
pClient_Adj->GetNetChan()->GetAddress(), pClient_Adj->GetUserID(), pClient_Adj->GetNucleusID());
pClient_Adj->Disconnect(Reputation_t::REP_MARK_BAD, "#DISCONNECT_INVALID_STRINGCMD");
return true;
}
Discard invalid string commands Must be UTF-8 encoded, currently there are no checks.
2023-06-22 23:45:19 +02:00
}
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
if (flStartTime - pSlot->m_flStringCommandQuotaTimeStart >= 1.0)
{
pSlot->m_flStringCommandQuotaTimeStart = flStartTime;
pSlot->m_nStringCommandQuotaCount = 0;
}
++pSlot->m_nStringCommandQuotaCount;
Variable rename for readability
2022-09-22 21:20:37 +02:00
if (pSlot->m_nStringCommandQuotaCount > nCmdQuotaLimit)
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
{
Discard invalid string commands Must be UTF-8 encoded, currently there are no checks.
2023-06-22 23:45:19 +02:00
Warning(eDLL_T::SERVER, "Removing client '%s' from slot #%i ('%llu' exceeded string command quota!)\n",
pClient_Adj->GetNetChan()->GetAddress(), pClient_Adj->GetUserID(), pClient_Adj->GetNucleusID());
CClient: add rate limit logic for 'ProcessStringCmd' Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands. In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
2022-09-20 22:48:55 +02:00
pClient_Adj->Disconnect(Reputation_t::REP_MARK_BAD, "#DISCONNECT_STRINGCMD_OVERFLOW");
return true;
}
#endif // !CLIENT_DLL
return v_CClient_ProcessStringCmd(pClient, pMsg);
}
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
//---------------------------------------------------------------------------------
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
// Purpose: process set convar
// Input : *pClient - (ADJ)
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
// *pMsg -
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
// Output :
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
//---------------------------------------------------------------------------------
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
bool CClient::VProcessSetConVar(CClient* pClient, NET_SetConVar* pMsg)
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
{
Fix compiler error Define this out for client dll.
2023-09-16 22:02:04 +02:00
#ifndef CLIENT_DLL
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
CClient* const pAdj = AdjustShiftedThisPointer(pClient);
ServerPlayer_t* const pSlot = &g_ServerPlayer[pAdj->GetUserID()];
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
// This loop never exceeds 255 iterations, NET_SetConVar::ReadFromBuffer(...)
// reads and inserts up to 255 entries in the vector (reads a byte for size).
FOR_EACH_VEC(pMsg->m_ConVars, i)
{
const NET_SetConVar::cvar_t& entry = pMsg->m_ConVars[i];
const char* const name = entry.name;
const char* const value = entry.value;
// Discard any ConVar change request if it contains funky characters.
bool bFunky = false;
for (const char* s = name; *s != '\0'; ++s)
{
if (!isalnum(*s) && *s != '_')
{
bFunky = true;
break;
}
}
if (bFunky)
{
DevWarning(eDLL_T::SERVER, "Ignoring ConVar change request for variable '%s' from client '%s'; invalid characters in the variable name\n",
name, pAdj->GetClientName());
continue;
}
// The initial set of ConVars must contain all client ConVars that are
// flagged UserInfo. This is a simple fix to exploits that send bogus
// data later, and catches bugs, such as new UserInfo ConVars appearing
// later, which shouldn't happen.
if (pSlot->m_bInitialConVarsSet && !pAdj->m_ConVars->FindKey(name))
{
DevWarning(eDLL_T::SERVER, "UserInfo update from \"%s\" ignored: %s = %s\n",
pAdj->GetClientName(), name, value);
continue;
}
Client token authentication implementation The game internally obtains a auth token from Origin. On connect to a gameserver, it will send it to the masterserver. The master server will create a JWT token and send this back to the client. The client stores this token in 3 userinfo cvars (token, sig1, sig2). the sig1 and sig2 cvars are there to compensate for the truncation caused by sending the cvar, as each cvar string length could be up to 255 (byte max). The server verifies this token (the signature, timestamp, expiry); if they are valid, the has successfully authenticated and will connect.
2023-10-15 10:40:46 +02:00
// Add ConVar to list and set string.
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
pAdj->m_ConVars->SetString(name, value);
DevMsg(eDLL_T::SERVER, "UserInfo update from \"%s\": %s = %s\n", pAdj->GetClientName(), name, value);
}
pSlot->m_bInitialConVarsSet = true;
pAdj->m_bConVarsChanged = true;
Fix compiler error Define this out for client dll.
2023-09-16 22:02:04 +02:00
#endif // !CLIENT_DLL
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
return true;
Fix stringcmd replay exploit This commit fixes an engine bug where netmessages are getting copied into the replay buffer, while these messages should never be replayed. The engine performs an internal check on 'CNetMessage::m_nGroup', and if its NOT 2, the message is getting copied into the replay buffer. All messages returning false in 'ShouldReplayMessage' are not getting copied into the replay buffer anymore. This exploit has been used in the past to route clients that were watching a replay to an arbitrary server, which essentially forms an info leak as the client attempts to connect to the arbitrary server on its own. The exploit also allows for some form of remote code execution, depending on if the client was launched in developer mode or not.
2023-05-30 23:01:46 +02:00
}
Add 'engine_cl' project to SDK and fix compiler errors The 'engine_cl' library defines 'CLIENT_DLL', which prunes server specific code. This is used for the 'client.dll' project. Also fixed a compile error in 'CClient::VActivatePlayer', as it used a server only cvar. Ideally, this entire file gets ifdef'd out for engine_cl, currently it doesn't matter as nothing gets compiled in.
2023-07-19 02:30:07 +02:00
void VClient::Attach(void) const
{
#ifndef CLIENT_DLL
DetourAttach((LPVOID*)&v_CClient_Clear, &CClient::VClear);
DetourAttach((LPVOID*)&v_CClient_Connect, &CClient::VConnect);
DetourAttach((LPVOID*)&v_CClient_ActivatePlayer, &CClient::VActivatePlayer);
DetourAttach((LPVOID*)&v_CClient_SendNetMsgEx, &CClient::VSendNetMsgEx);
//DetourAttach((LPVOID*)&p_CClient_SendSnapshot, &CClient::VSendSnapshot);
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
DetourAttach((LPVOID*)&v_CClient_ProcessStringCmd, &CClient::VProcessStringCmd);
DetourAttach((LPVOID*)&v_CClient_ProcessSetConVar, &CClient::VProcessSetConVar);
Add 'engine_cl' project to SDK and fix compiler errors The 'engine_cl' library defines 'CLIENT_DLL', which prunes server specific code. This is used for the 'client.dll' project. Also fixed a compile error in 'CClient::VActivatePlayer', as it used a server only cvar. Ideally, this entire file gets ifdef'd out for engine_cl, currently it doesn't matter as nothing gets compiled in.
2023-07-19 02:30:07 +02:00
#endif // !CLIENT_DLL
}
void VClient::Detach(void) const
{
#ifndef CLIENT_DLL
DetourDetach((LPVOID*)&v_CClient_Clear, &CClient::VClear);
DetourDetach((LPVOID*)&v_CClient_Connect, &CClient::VConnect);
DetourDetach((LPVOID*)&v_CClient_ActivatePlayer, &CClient::VActivatePlayer);
DetourDetach((LPVOID*)&v_CClient_SendNetMsgEx, &CClient::VSendNetMsgEx);
//DetourDetach((LPVOID*)&p_CClient_SendSnapshot, &CClient::VSendSnapshot);
Fix infinite memalloc exploit in NET_SetConVar Reported by Wanderer. Don't allow the creation of new ConVar entries in CClient::m_ConVars after the initial creation.
2023-09-16 16:18:18 +02:00
DetourDetach((LPVOID*)&v_CClient_ProcessStringCmd, &CClient::VProcessStringCmd);
DetourDetach((LPVOID*)&v_CClient_ProcessSetConVar, &CClient::VProcessSetConVar);
Add 'engine_cl' project to SDK and fix compiler errors The 'engine_cl' library defines 'CLIENT_DLL', which prunes server specific code. This is used for the 'client.dll' project. Also fixed a compile error in 'CClient::VActivatePlayer', as it used a server only cvar. Ideally, this entire file gets ifdef'd out for engine_cl, currently it doesn't matter as nothing gets compiled in.
2023-07-19 02:30:07 +02:00
#endif // !CLIENT_DLL
}
Reference in New Issue Copy Permalink