From 03675a22a3df384c0ac73fd775efdbd2c399d719 Mon Sep 17 00:00:00 2001 From: Eric Date: Fri, 27 Oct 2023 10:28:59 -0700 Subject: [PATCH] fix for server join-request flood attack --- .efrocachemap | 40 +++++++++---------- CHANGELOG.md | 4 +- src/assets/ba_data/python/baenv.py | 2 +- .../support/client_input_device_delegate.cc | 8 +++- .../support/scene_v1_input_device_delegate.cc | 4 +- src/ballistica/shared/ballistica.cc | 2 +- 6 files changed, 34 insertions(+), 26 deletions(-) diff --git a/.efrocachemap b/.efrocachemap index 5451b16b..f7d58d47 100644 --- a/.efrocachemap +++ b/.efrocachemap @@ -4056,26 +4056,26 @@ "build/assets/windows/Win32/ucrtbased.dll": "2def5335207d41b21b9823f6805997f1", "build/assets/windows/Win32/vc_redist.x86.exe": "b08a55e2e77623fe657bea24f223a3ae", "build/assets/windows/Win32/vcruntime140d.dll": "865b2af4d1e26a1a8073c89acb06e599", - "build/prefab/full/linux_arm64_gui/debug/ballisticakit": "b5f5272bf4b390ebfa144474f65d1fdc", - "build/prefab/full/linux_arm64_gui/release/ballisticakit": "1c4b400a17662dd30ca597772d1ae38d", - "build/prefab/full/linux_arm64_server/debug/dist/ballisticakit_headless": "2abf39c5efb01fb97559f8818dbd4210", - "build/prefab/full/linux_arm64_server/release/dist/ballisticakit_headless": "2d446e30ca6d2d9d65c1c2ebed2b7485", - "build/prefab/full/linux_x86_64_gui/debug/ballisticakit": "9586be74d1f801fdae227ee508ff84ee", - "build/prefab/full/linux_x86_64_gui/release/ballisticakit": "ce099f4bfbdf1c57f83b23fff97c554e", - "build/prefab/full/linux_x86_64_server/debug/dist/ballisticakit_headless": "caf89cb6fc0d745490766f2fc4982c99", - "build/prefab/full/linux_x86_64_server/release/dist/ballisticakit_headless": "fe8bfae5f47af29da1bc6a387b6fa999", - "build/prefab/full/mac_arm64_gui/debug/ballisticakit": "889737fad009958817a09c1018c56ad3", - "build/prefab/full/mac_arm64_gui/release/ballisticakit": "4c4d570c468e3f21813860311b3bf8a5", - "build/prefab/full/mac_arm64_server/debug/dist/ballisticakit_headless": "58735d1e9cf8d9beaf57a9291c4c38d2", - "build/prefab/full/mac_arm64_server/release/dist/ballisticakit_headless": "d5c3ff47f16d668a1e26c16611890767", - "build/prefab/full/mac_x86_64_gui/debug/ballisticakit": "93883b7e8933955a733f51abe07dc8ec", - "build/prefab/full/mac_x86_64_gui/release/ballisticakit": "0ca0076dc51f986ae6fad3b7bf2da507", - "build/prefab/full/mac_x86_64_server/debug/dist/ballisticakit_headless": "d4e32f23bf4a6bac11d9dc9809fac181", - "build/prefab/full/mac_x86_64_server/release/dist/ballisticakit_headless": "aad14a5bf8bbb0731cf8886967995118", - "build/prefab/full/windows_x86_gui/debug/BallisticaKit.exe": "9a99df09f0d09da7e929a8aeb4d39205", - "build/prefab/full/windows_x86_gui/release/BallisticaKit.exe": "bbbc58ea77b688f3c4b4edb406f7efbc", - "build/prefab/full/windows_x86_server/debug/dist/BallisticaKitHeadless.exe": "14f284fa6ac9e4fdcb4e0976a73c3969", - "build/prefab/full/windows_x86_server/release/dist/BallisticaKitHeadless.exe": "926ebddaa448b27b2841104b5139c83a", + "build/prefab/full/linux_arm64_gui/debug/ballisticakit": "bd21ea70f4aace3ddd6e86d19ca04707", + "build/prefab/full/linux_arm64_gui/release/ballisticakit": "eb9196d69cb13de5c02f8f205396ac8d", + "build/prefab/full/linux_arm64_server/debug/dist/ballisticakit_headless": "20e1738da78d266882053a21ad74d2d4", + "build/prefab/full/linux_arm64_server/release/dist/ballisticakit_headless": "f2a2815bbfcbeff6041ade83999132a6", + "build/prefab/full/linux_x86_64_gui/debug/ballisticakit": "21c30ed4e87963efa9bbb401903d9bdd", + "build/prefab/full/linux_x86_64_gui/release/ballisticakit": "ee324f4377ffe3135f0ce6ad62609281", + "build/prefab/full/linux_x86_64_server/debug/dist/ballisticakit_headless": "76046cdfbb2ee3a2906b230f347c4361", + "build/prefab/full/linux_x86_64_server/release/dist/ballisticakit_headless": "ef80af070e2fecda641469df8828375a", + "build/prefab/full/mac_arm64_gui/debug/ballisticakit": "7ff933a5f3a8bac754897df4a3e3d723", + "build/prefab/full/mac_arm64_gui/release/ballisticakit": "c4d26e212c3c824e25cf5bbf27465f34", + "build/prefab/full/mac_arm64_server/debug/dist/ballisticakit_headless": "0ab3966d350a39c39a28fa7b93ef1d08", + "build/prefab/full/mac_arm64_server/release/dist/ballisticakit_headless": "e76707372e761bfd1d3b1d56cb76b91f", + "build/prefab/full/mac_x86_64_gui/debug/ballisticakit": "f1581f72dbfe22cf7ba5be436e80a5a3", + "build/prefab/full/mac_x86_64_gui/release/ballisticakit": "b52af8580dcd6cac224d840a043be2a4", + "build/prefab/full/mac_x86_64_server/debug/dist/ballisticakit_headless": "3fb98c6e7c82b533441c437188bbd1ce", + "build/prefab/full/mac_x86_64_server/release/dist/ballisticakit_headless": "ba62c05d2486524a2eef989898a4e57f", + "build/prefab/full/windows_x86_gui/debug/BallisticaKit.exe": "e872cfeade334bf471ce71f536571ff3", + "build/prefab/full/windows_x86_gui/release/BallisticaKit.exe": "d688622611dde4d4b3ef0e14f87d0931", + "build/prefab/full/windows_x86_server/debug/dist/BallisticaKitHeadless.exe": "81887892b133fdf6df2249f8b1265e50", + "build/prefab/full/windows_x86_server/release/dist/BallisticaKitHeadless.exe": "9325a017d3382c6979afd0d597727c46", "build/prefab/lib/linux_arm64_gui/debug/libballisticaplus.a": "476e9cf1fb229a023babd799a6e535f1", "build/prefab/lib/linux_arm64_gui/release/libballisticaplus.a": "cf2a61fae8e8cd757864202a09e71255", "build/prefab/lib/linux_arm64_server/debug/libballisticaplus.a": "476e9cf1fb229a023babd799a6e535f1", diff --git a/CHANGELOG.md b/CHANGELOG.md index 91087c5a..71a6bcdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 1.7.28 (build 21524, api 8, 2023-10-27) +### 1.7.28 (build 21525, api 8, 2023-10-27) - Massively cleaned up code related to rendering and window systems (OpenGL, SDL, etc). This code had been growing into a nasty tangle for 15 years @@ -174,6 +174,8 @@ leave to prevent game exploits. Note this is different than the existing system that prevents joining a *party* for 10 seconds; this covers people who never leave the party (Thanks EraOSBeta!). +- Fixes an issue where servers could be crashed by flooding them with join + requests (Thanks for the heads-up Era!). ### 1.7.27 (build 21282, api 8, 2023-08-30) diff --git a/src/assets/ba_data/python/baenv.py b/src/assets/ba_data/python/baenv.py index 99237e60..1dd9e557 100644 --- a/src/assets/ba_data/python/baenv.py +++ b/src/assets/ba_data/python/baenv.py @@ -52,7 +52,7 @@ if TYPE_CHECKING: # Build number and version of the ballistica binary we expect to be # using. -TARGET_BALLISTICA_BUILD = 21524 +TARGET_BALLISTICA_BUILD = 21525 TARGET_BALLISTICA_VERSION = '1.7.28' diff --git a/src/ballistica/scene_v1/support/client_input_device_delegate.cc b/src/ballistica/scene_v1/support/client_input_device_delegate.cc index 8c0972ca..1d2ef24d 100644 --- a/src/ballistica/scene_v1/support/client_input_device_delegate.cc +++ b/src/ballistica/scene_v1/support/client_input_device_delegate.cc @@ -29,8 +29,14 @@ void ClientInputDeviceDelegate::AttachToLocalPlayer(Player* player) { } // We also need to send an old-style message as a fallback. + // // FIXME: Can remove this once backwards-compat-protocol is > 29. - { + // + // UPDATE: Only send this if player id fits. This could cause problems + // for older clients in very rare cases, but the only alternative is + // to not support those clients. I doubt there are many such old + // clients out there anyway. + if (player->id() < 256) { std::vector data(3); data[0] = BA_MESSAGE_ATTACH_REMOTE_PLAYER; data[1] = static_cast_check_fit(remote_device_id_); diff --git a/src/ballistica/scene_v1/support/scene_v1_input_device_delegate.cc b/src/ballistica/scene_v1/support/scene_v1_input_device_delegate.cc index c516adf1..0afe1ccf 100644 --- a/src/ballistica/scene_v1/support/scene_v1_input_device_delegate.cc +++ b/src/ballistica/scene_v1/support/scene_v1_input_device_delegate.cc @@ -73,8 +73,8 @@ void SceneV1InputDeviceDelegate::RequestPlayer() { return; } - // If we have a local host-session, ask it for a player.. otherwise if we have - // a client-session, ask it for a player. + // If we have a local host-session, ask it for a player.. otherwise if we + // have a client-session, ask it for a player. assert(g_base->logic); if (auto* hs = dynamic_cast(appmode->GetForegroundSession())) { { diff --git a/src/ballistica/shared/ballistica.cc b/src/ballistica/shared/ballistica.cc index c852613d..70294d7f 100644 --- a/src/ballistica/shared/ballistica.cc +++ b/src/ballistica/shared/ballistica.cc @@ -39,7 +39,7 @@ auto main(int argc, char** argv) -> int { namespace ballistica { // These are set automatically via script; don't modify them here. -const int kEngineBuildNumber = 21524; +const int kEngineBuildNumber = 21525; const char* kEngineVersion = "1.7.28"; const int kEngineApiVersion = 8;