engine: server: validate uuid in protinfo, it's an md5 string

FWGS · Mar 1, 2025 · c76752c · c76752c
1 parent fc2888e
commit c76752c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 17 deletions.
diff --git a/engine/server/sv_client.c b/engine/server/sv_client.c
@@ -355,12 +355,6 @@ static void SV_ConnectClient( netadr_t from )
 	if( !SV_ProcessUserAgent( from, protinfo ))
 		return;
 
-	if( Q_strlen( Info_ValueForKey( protinfo, "uuid" )) != 32 )
-	{
-		SV_RejectConnection( from, "invalid authentication certificate length\n" );
-		return;
-	}
-
 	// extract qport from protocol info
 	qport = Q_atoi( Info_ValueForKey( protinfo, "qport" ));
 	extensions = Q_atoi( Info_ValueForKey( protinfo, "ext" ));

diff --git a/engine/server/sv_main.c b/engine/server/sv_main.c
@@ -763,6 +763,31 @@ qboolean SV_ProcessUserAgent( netadr_t from, const char *useragent )
 {
 	const char *input_devices_str = Info_ValueForKey( useragent, "d" );
 	const char *id = Info_ValueForKey( useragent, "uuid" );
+	size_t len, i;
+
+	len = Q_strlen( id );
+	if( len != 32 )
+	{
+		SV_RejectConnection( from, "invalid authentication certificate\n" );
+		return false;
+	}
+
+	for( i = 0; i < len; i++ )
+	{
+		char c = id[i];
+
+		if( !isdigit( id[i] ) && !( c >= 'a' && c <= 'f' ))
+		{
+			SV_RejectConnection( from, "invalid authentication certificate\n" );
+			return false;
+		}
+	}
+
+	if( SV_CheckID( id ))
+	{
+		SV_RejectConnection( from, "You are banned!\n" );
+		return false;
+	}
 
 	if( !sv_allow_noinputdevices.value && ( !input_devices_str || !input_devices_str[0] ) )
 	{
@@ -796,17 +821,6 @@ qboolean SV_ProcessUserAgent( netadr_t from, const char *useragent )
 		}
 	}
 
-	if( id )
-	{
-		qboolean banned = SV_CheckID( id );
-
-		if( banned )
-		{
-			SV_RejectConnection( from, "You are banned!\n" );
-			return false;
-		}
-	}
-
 	return true;
 }