From 2db4e2a3c8a6cff6f7ee19f628631d8b6ed81488 Mon Sep 17 00:00:00 2001 From: heinrich5991 Date: Mon, 10 Aug 2020 22:38:49 +0200 Subject: [PATCH] Fix the same token being generated for each client MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Theoretically, a regression test would be nice here, but we don't really have the infrastructure… This fixes a spoofing vulnerability. --- src/engine/shared/network_server.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/engine/shared/network_server.cpp b/src/engine/shared/network_server.cpp index 63e356614..b8d50bf20 100644 --- a/src/engine/shared/network_server.cpp +++ b/src/engine/shared/network_server.cpp @@ -147,7 +147,7 @@ SECURITY_TOKEN CNetServer::GetToken(const NETADDR &Addr) SHA256_CTX Sha256; sha256_init(&Sha256); sha256_update(&Sha256, (unsigned char*)m_SecurityTokenSeed, sizeof(m_SecurityTokenSeed)); - sha256_update(&Sha256, (unsigned char*)&Addr, sizeof(20)); //omit port, bad idea? + sha256_update(&Sha256, (unsigned char*)&Addr, 20); // omit port, bad idea! SECURITY_TOKEN SecurityToken = ToSecurityToken(sha256_finish(&Sha256).data);