Screen incoming GameMessages because we cannot trust the server (because the server trusts other clients too much)

2025-07-21 12:49:10 +00:00 · 2011-05-07 20:25:05 -04:00
parent b10b464070
commit 656b86a685
5 changed files with 63 additions and 7 deletions
--- a/Sources/Plasma/PubUtilLib/plNetClient/plNetClientMsgHandler.cpp
+++ b/Sources/Plasma/PubUtilLib/plNetClient/plNetClientMsgHandler.cpp
@ -351,6 +351,12 @@ MSG_HANDLER_DEFN(plNetClientMsgHandler,plNetMsgGameMessage)
                nc->DebugMsg("Converting game msg future timeStamp, curT=%f, futT=%f", secs, timeStamp);
            }

+            // Do some basic security checks on the incoming message because
+            // we cannot nesecarily trust the server because the server trusts
+            // the remote client WAY too much.
+            if (!IGetNetClientMgr()->fScreener.AllowIncomingMessage(gameMsg))
+                return hsOK;
+
            plgDispatch::Dispatch()->MsgSend(gameMsg);
            
            // Debug