From 885e6fa94e31de9ff75808ed4f90dd99e2121913 Mon Sep 17 00:00:00 2001 From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com> Date: Tue, 30 Aug 2022 20:04:59 +0200 Subject: [PATCH] Proper NET_SetKey sanity checks * Checks if input encoded key is 24 characters long. * Checks if the input data is a valid base64. --- r5dev/engine/net.cpp | 22 ++++++++++++++-------- r5dev/engine/net.h | 3 ++- r5dev/public/utility/utility.cpp | 15 +++++++++++++++ r5dev/public/utility/utility.h | 1 + 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/r5dev/engine/net.cpp b/r5dev/engine/net.cpp index e6ca6371..b67be877 100644 --- a/r5dev/engine/net.cpp +++ b/r5dev/engine/net.cpp @@ -61,19 +61,25 @@ int NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bo //----------------------------------------------------------------------------- // Purpose: sets the user specified encryption key -// Input : *svNetKey - +// Input : svNetKey - //----------------------------------------------------------------------------- -void NET_SetKey(const string& svNetKey) +void NET_SetKey(string svNetKey) { std::lock_guard l(g_NetKeyMutex); - g_svNetKey.clear(); - g_svNetKey = svNetKey; + if (svNetKey.size() == AES_128_B64_ENCODED_SIZE && + IsValidBase64(svNetKey)) + { + g_svNetKey = svNetKey; // Results are tokenized by 'IsValidBase64()'. + v_NET_SetKey(g_pNetKey, g_svNetKey.c_str()); - v_NET_SetKey(g_pNetKey, g_svNetKey.c_str()); - - DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n", - g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str()); + DevMsg(eDLL_T::ENGINE, "Installed NetKey: '%s%s%s'\n", + g_svGreyB.c_str(), g_svNetKey.c_str(), g_svReset.c_str()); + } + else + { + Error(eDLL_T::ENGINE, false, "AES-128 key not encoded or invalid\n"); + } } //----------------------------------------------------------------------------- diff --git a/r5dev/engine/net.h b/r5dev/engine/net.h index fb344ac6..02fc0129 100644 --- a/r5dev/engine/net.h +++ b/r5dev/engine/net.h @@ -14,6 +14,7 @@ #define NET_MIN_MESSAGE 5 // Even connectionless packets require int32 value (-1) + 1 byte content constexpr unsigned int AES_128_KEY_SIZE = 16; +constexpr unsigned int AES_128_B64_ENCODED_SIZE = 24; constexpr const char* DEFAULT_NET_ENCRYPTION_KEY = "WDNWLmJYQ2ZlM0VoTid3Yg=="; /* ==== CNETCHAN ======================================================================================================================================================== */ @@ -38,7 +39,7 @@ inline auto v_NET_PrintFunc = p_NET_PrintFunc.RCast(); /////////////////////////////////////////////////////////////////////////////// bool NET_ReceiveDatagram(int iSocket, netpacket_s* pInpacket, bool bRaw); int NET_SendDatagram(SOCKET s, void* pPayload, int iLenght, v_netadr_t* pAdr, bool bEncrypted); -void NET_SetKey(const string& svNetKey); +void NET_SetKey(string svNetKey); void NET_GenerateKey(); void NET_PrintFunc(const char* fmt, ...); void NET_Shutdown(void* thisptr, const char* szReason, uint8_t bBadRep, bool bRemoveNow); diff --git a/r5dev/public/utility/utility.cpp b/r5dev/public/utility/utility.cpp index b96432af..c63b359e 100644 --- a/r5dev/public/utility/utility.cpp +++ b/r5dev/public/utility/utility.cpp @@ -401,6 +401,21 @@ string ConvertToUnixPath(const string& svInput) return result; } +/////////////////////////////////////////////////////////////////////////////// +// For checking if input is a valid Base64. +bool IsValidBase64(string& svInput) +{ + static const std::regex rx(R"((?:[A-Za-z0-9+\/]{4}?)*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=))"); + std::smatch mh; + + if (std::regex_search(svInput, mh, rx)) + { + svInput = mh[0].str(); + return true; + } + return false; +} + /////////////////////////////////////////////////////////////////////////////// // For encoding data in Base64. string Base64Encode(const string& svInput) diff --git a/r5dev/public/utility/utility.h b/r5dev/public/utility/utility.h index c6acf2bf..db47c9cb 100644 --- a/r5dev/public/utility/utility.h +++ b/r5dev/public/utility/utility.h @@ -31,6 +31,7 @@ string CreateDirectories(string svInput, bool bWindows = false); string ConvertToWinPath(const string& svInput); string ConvertToUnixPath(const string& svInput); +bool IsValidBase64(string& svInput); string Base64Encode(const string& svInput); string Base64Decode(const string& svInput);