Fix the same token being generated for each client

Theoretically, a regression test would be nice here, but we don't really have the infrastructure… This fixes a spoofing vulnerability.
2024-11-10 10:08:18 +00:00 · 2020-08-10 22:38:49 +02:00 · 2020-08-10 22:38:49 +02:00 · 2db4e2a3c8
parent 3fde3ac496
commit 2db4e2a3c8
1 changed files with 1 additions and 1 deletions
--- a/src/engine/shared/network_server.cpp
+++ b/src/engine/shared/network_server.cpp
@ -147,7 +147,7 @@ SECURITY_TOKEN CNetServer::GetToken(const NETADDR &Addr)
 	SHA256_CTX Sha256;
 	sha256_init(&Sha256);
 	sha256_update(&Sha256, (unsigned char*)m_SecurityTokenSeed, sizeof(m_SecurityTokenSeed));
-	sha256_update(&Sha256, (unsigned char*)&Addr, sizeof(20)); //omit port, bad idea?
+	sha256_update(&Sha256, (unsigned char*)&Addr, 20); // omit port, bad idea!

 	SECURITY_TOKEN SecurityToken = ToSecurityToken(sha256_finish(&Sha256).data);