Proper NET_SetKey sanity checks

* Checks if input encoded key is 24 characters long.
* Checks if the input data is a valid base64.

r5dev/engine/net.cpp

@@ -61,19 +61,25 @@ int NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bo
 
 //-----------------------------------------------------------------------------
 // Purpose: sets the user specified encryption key
-// Input  : *svNetKey - 
+// Input  : svNetKey - 
 //-----------------------------------------------------------------------------
-void NET_SetKey(const string& svNetKey)
+void NET_SetKey(string svNetKey)
 {
 	std::lock_guard<std::mutex> l(g_NetKeyMutex);
 
-	g_svNetKey.clear();
-	g_svNetKey = svNetKey;
+	if (svNetKey.size() == AES_128_B64_ENCODED_SIZE &&
+		IsValidBase64(svNetKey))
+	{
+		g_svNetKey = svNetKey; // Results are tokenized by 'IsValidBase64()'.
+		v_NET_SetKey(g_pNetKey, g_svNetKey.c_str());
 
-	v_NET_SetKey(g_pNetKey, g_svNetKey.c_str());
-
-	DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n",
-		g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str());
+		DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n",
+			g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str());
+	}
+	else
+	{
+		Error(eDLL_T::ENGINE, false, "AES-128 key not encoded or invalid\n");
+	}
 }
 
 //-----------------------------------------------------------------------------

r5dev/engine/net.h

@@ -14,6 +14,7 @@
 #define NET_MIN_MESSAGE 5 // Even connectionless packets require int32 value (-1) + 1 byte content
 
 constexpr unsigned int AES_128_KEY_SIZE = 16;
+constexpr unsigned int AES_128_B64_ENCODED_SIZE = 24;
 constexpr const char* DEFAULT_NET_ENCRYPTION_KEY = "WDNWLmJYQ2ZlM0VoTid3Yg==";
 
 /* ==== CNETCHAN ======================================================================================================================================================== */
@@ -38,7 +39,7 @@ inline auto v_NET_PrintFunc = p_NET_PrintFunc.RCast<void(*)(const char* fmt)>();
 ///////////////////////////////////////////////////////////////////////////////
 bool NET_ReceiveDatagram(int iSocket, netpacket_s* pInpacket, bool bRaw);
 int  NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bool bEncrypted);
-void NET_SetKey(const string& svNetKey);
+void NET_SetKey(string svNetKey);
 void NET_GenerateKey();
 void NET_PrintFunc(const char* fmt, ...);
 void NET_Shutdown(void* thisptr, const char* szReason, uint8_t bBadRep, bool bRemoveNow);

r5dev/public/utility/utility.cpp

@@ -401,6 +401,21 @@ string ConvertToUnixPath(const string& svInput)
     return result;
 }
 
+///////////////////////////////////////////////////////////////////////////////
+// For checking if input is a valid Base64.
+bool IsValidBase64(string& svInput)
+{
+    static const std::regex rx(R"((?:[A-Za-z0-9+\/]{4}?)*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=))");
+    std::smatch mh;
+
+    if (std::regex_search(svInput, mh, rx))
+    {
+        svInput = mh[0].str();
+        return true;
+    }
+    return false;
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // For encoding data in Base64.
 string Base64Encode(const string& svInput)

r5dev/public/utility/utility.h

@@ -31,6 +31,7 @@ string CreateDirectories(string svInput, bool bWindows = false);
 string ConvertToWinPath(const string& svInput);
 string ConvertToUnixPath(const string& svInput);
 
+bool IsValidBase64(string& svInput);
 string Base64Encode(const string& svInput);
 string Base64Decode(const string& svInput);