From 051ec3083256be96e9f5d7ee8d56da557f5a2f40 Mon Sep 17 00:00:00 2001
From: east <east@eastbit.net>
Date: Fri, 14 Aug 2015 13:49:10 +0200
Subject: [PATCH] vanilla handshake: ignore unknown sequence

---
 src/engine/shared/network.cpp        | 7 +++++--
 src/engine/shared/network.h          | 2 ++
 src/engine/shared/network_conn.cpp   | 1 +
 src/engine/shared/network_server.cpp | 5 +++++
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/engine/shared/network.cpp b/src/engine/shared/network.cpp
index 6446ce75e..c799c045c 100644
--- a/src/engine/shared/network.cpp
+++ b/src/engine/shared/network.cpp
@@ -58,10 +58,13 @@ int CNetRecvUnpacker::FetchChunk(CNetChunk *pChunk)
 		// handle sequence stuff
 		if(m_pConnection && (Header.m_Flags&NET_CHUNKFLAG_VITAL))
 		{
-			if(Header.m_Sequence == (m_pConnection->m_Ack+1)%NET_MAX_SEQUENCE)
+			// anti spoof: ignore unknown sequence
+			if(Header.m_Sequence == (m_pConnection->m_Ack+1)%NET_MAX_SEQUENCE || m_pConnection->m_UnknownSeq)
 			{
+				m_pConnection->m_UnknownSeq = false;
+
 				// in sequence
-				m_pConnection->m_Ack = (m_pConnection->m_Ack+1)%NET_MAX_SEQUENCE;
+				m_pConnection->m_Ack = Header.m_Sequence;
 			}
 			else
 			{
diff --git a/src/engine/shared/network.h b/src/engine/shared/network.h
index ac031a628..ea0e0c506 100644
--- a/src/engine/shared/network.h
+++ b/src/engine/shared/network.h
@@ -158,6 +158,7 @@ private:
 	SECURITY_TOKEN m_SecurityToken;
 	int m_RemoteClosed;
 	bool m_BlockCloseMsg;
+	bool m_UnknownSeq;
 
 	TStaticRingBuffer<CNetChunkResend, NET_CONN_BUFFERSIZE> m_Buffer;
 
@@ -219,6 +220,7 @@ public:
 
 	// anti spoof
 	void DirectInit(NETADDR &Addr, SECURITY_TOKEN SecurityToken);
+	void SetUnknownSeq() { m_UnknownSeq = true; }
 };
 
 class CConsoleNetConnection
diff --git a/src/engine/shared/network_conn.cpp b/src/engine/shared/network_conn.cpp
index 6d58fb7ef..56e7e46b5 100644
--- a/src/engine/shared/network_conn.cpp
+++ b/src/engine/shared/network_conn.cpp
@@ -31,6 +31,7 @@ void CNetConnection::Reset()
 	m_Token = -1;
 	m_SecurityToken = NET_SECURITY_TOKEN_UNKNOWN;
 	//mem_zero(&m_PeerAddr, sizeof(m_PeerAddr));
+	m_UnknownSeq = false;
 
 	m_Buffer.Init();
 
diff --git a/src/engine/shared/network_server.cpp b/src/engine/shared/network_server.cpp
index 5ad02f011..c4b948b90 100644
--- a/src/engine/shared/network_server.cpp
+++ b/src/engine/shared/network_server.cpp
@@ -190,6 +190,11 @@ int CNetServer::TryAcceptClient(NETADDR &Addr, SECURITY_TOKEN SecurityToken, boo
 	// init connection slot
 	m_aSlots[Slot].m_Connection.DirectInit(Addr, SecurityToken);
 
+	if (NoAuth)
+		// client sequence is unknown if the auth was done
+		// connection-less
+		m_aSlots[Slot].m_Connection.SetUnknownSeq();
+
 	if (g_Config.m_Debug)
 	{
 		char aAddrStr[NETADDR_MAXSTRSIZE];