From b4ba0cbffce9160e358d14d0953b1b5275314ac3 Mon Sep 17 00:00:00 2001
From: Eric Froemling <ericfroemling@gmail.com>
Date: Sat, 28 Dec 2024 18:45:42 -0800
Subject: [PATCH] hardening playerspec type checking

---
 .efrocachemap                                 | 48 +++++++++----------
 CHANGELOG.md                                  |  2 +-
 src/assets/ba_data/python/baenv.py            |  2 +-
 .../connection/connection_to_client.cc        | 14 ++++++
 .../scene_v1/support/player_spec.cc           | 42 ++++++++--------
 src/ballistica/scene_v1/support/player_spec.h |  3 ++
 src/ballistica/shared/ballistica.cc           |  2 +-
 7 files changed, 66 insertions(+), 47 deletions(-)

diff --git a/.efrocachemap b/.efrocachemap
index 18c5784a..2a12315c 100644
--- a/.efrocachemap
+++ b/.efrocachemap
@@ -4103,22 +4103,22 @@
   "build/assets/windows/Win32/ucrtbased.dll": "bfd1180c269d3950b76f35a63655e9e1",
   "build/assets/windows/Win32/vc_redist.x86.exe": "15a5f1f876503885adbdf5b3989b3718",
   "build/assets/windows/Win32/vcruntime140d.dll": "865b2af4d1e26a1a8073c89acb06e599",
-  "build/prefab/full/linux_arm64_gui/debug/ballisticakit": "ab55374916d20160ba0f75e17478d8e6",
-  "build/prefab/full/linux_arm64_gui/release/ballisticakit": "b575d4be68a1ca4fe1d68254f6ac2df0",
-  "build/prefab/full/linux_arm64_server/debug/dist/ballisticakit_headless": "072feacd0d4a14985ee2338906a1ade7",
-  "build/prefab/full/linux_arm64_server/release/dist/ballisticakit_headless": "325c1a25e339d1aa64b860777a0aafb7",
-  "build/prefab/full/linux_x86_64_gui/debug/ballisticakit": "85042e81dcfbf1ad00c092446568d2ec",
-  "build/prefab/full/linux_x86_64_gui/release/ballisticakit": "9bef1c2f1e7490cc53eb6788463ff613",
-  "build/prefab/full/linux_x86_64_server/debug/dist/ballisticakit_headless": "9de86283276fd1037976cde03f520543",
-  "build/prefab/full/linux_x86_64_server/release/dist/ballisticakit_headless": "6b1e0ea771e2fbc2234fad52ed62d21c",
-  "build/prefab/full/mac_arm64_gui/debug/ballisticakit": "62d39162a8803c958e0e5bc59aadd4a3",
-  "build/prefab/full/mac_arm64_gui/release/ballisticakit": "2d3c5d3b8ac89537cc40f2b1884633cb",
-  "build/prefab/full/mac_arm64_server/debug/dist/ballisticakit_headless": "7c3ced766894f47afec4f928554ec807",
-  "build/prefab/full/mac_arm64_server/release/dist/ballisticakit_headless": "db2634306622d7aa9bf5ef8fd30ee70b",
-  "build/prefab/full/windows_x86_gui/debug/BallisticaKit.exe": "00239138eb7bc30bdfd22989debffb3d",
-  "build/prefab/full/windows_x86_gui/release/BallisticaKit.exe": "a50310d650ea4fbf0bc45ead3887bb76",
-  "build/prefab/full/windows_x86_server/debug/dist/BallisticaKitHeadless.exe": "eb1aa55288db1db3a481e0e108b88087",
-  "build/prefab/full/windows_x86_server/release/dist/BallisticaKitHeadless.exe": "07c648bdb207f335a390da520d9e76c6",
+  "build/prefab/full/linux_arm64_gui/debug/ballisticakit": "13233366609a24c56012f54ded7aefc6",
+  "build/prefab/full/linux_arm64_gui/release/ballisticakit": "9e3b238711c4c3589a307fdc4058ba7e",
+  "build/prefab/full/linux_arm64_server/debug/dist/ballisticakit_headless": "67c4c290e7b05f8b0bfb4f9be87dfa09",
+  "build/prefab/full/linux_arm64_server/release/dist/ballisticakit_headless": "9fbba3a76f2fc50b9951e6f3f036a32b",
+  "build/prefab/full/linux_x86_64_gui/debug/ballisticakit": "c156541560f67ea45207d18561aa96a4",
+  "build/prefab/full/linux_x86_64_gui/release/ballisticakit": "523946201fa68a8761abd8012888a1ee",
+  "build/prefab/full/linux_x86_64_server/debug/dist/ballisticakit_headless": "1e164a6146131c57bdd80650c7cd01eb",
+  "build/prefab/full/linux_x86_64_server/release/dist/ballisticakit_headless": "547282ad972d2659c7adf3cdcc0fe38c",
+  "build/prefab/full/mac_arm64_gui/debug/ballisticakit": "44c56db83e60d16785b1cdbb8e60521d",
+  "build/prefab/full/mac_arm64_gui/release/ballisticakit": "1948fefc1a65e0c09229229058d7a398",
+  "build/prefab/full/mac_arm64_server/debug/dist/ballisticakit_headless": "f73efac9c0a05d4ba1b7d37143f2b733",
+  "build/prefab/full/mac_arm64_server/release/dist/ballisticakit_headless": "c1a395b445754161e96040c0a3432471",
+  "build/prefab/full/windows_x86_gui/debug/BallisticaKit.exe": "50f05349c800f56b644610450ddab899",
+  "build/prefab/full/windows_x86_gui/release/BallisticaKit.exe": "a4d24feb248d43185eba5cdd474968c1",
+  "build/prefab/full/windows_x86_server/debug/dist/BallisticaKitHeadless.exe": "fce31035ff71e41eaf8ae0b9467d4d75",
+  "build/prefab/full/windows_x86_server/release/dist/BallisticaKitHeadless.exe": "1e5f7db55ae28b0871dd4a3488a2e2a7",
   "build/prefab/lib/linux_arm64_gui/debug/libballisticaplus.a": "33a0ae6f1ea5a0b0c60055ce01478488",
   "build/prefab/lib/linux_arm64_gui/release/libballisticaplus.a": "aad882eaf2230b89973e2cf4f13c9759",
   "build/prefab/lib/linux_arm64_server/debug/libballisticaplus.a": "33a0ae6f1ea5a0b0c60055ce01478488",
@@ -4131,14 +4131,14 @@
   "build/prefab/lib/mac_arm64_gui/release/libballisticaplus.a": "ae4e3f563892f6b9311c4b7284f28c11",
   "build/prefab/lib/mac_arm64_server/debug/libballisticaplus.a": "01dab862a43d9e7c4ee4e49212442d42",
   "build/prefab/lib/mac_arm64_server/release/libballisticaplus.a": "ae4e3f563892f6b9311c4b7284f28c11",
-  "build/prefab/lib/windows/Debug_Win32/BallisticaKitGenericPlus.lib": "aa3332e8d5ded2dc0656a09d3ee71527",
-  "build/prefab/lib/windows/Debug_Win32/BallisticaKitGenericPlus.pdb": "a4897e3727dd3fd71e0d49dac835064c",
-  "build/prefab/lib/windows/Debug_Win32/BallisticaKitHeadlessPlus.lib": "df824c45440b8fcad239975b9ce81e87",
-  "build/prefab/lib/windows/Debug_Win32/BallisticaKitHeadlessPlus.pdb": "5814b077e8e82a8b1fe01c3a2e512e97",
-  "build/prefab/lib/windows/Release_Win32/BallisticaKitGenericPlus.lib": "459c49e45d29bea26dfe4af6b7bd275c",
-  "build/prefab/lib/windows/Release_Win32/BallisticaKitGenericPlus.pdb": "a79f365d2d6e936138ee2d4114f3cd0a",
-  "build/prefab/lib/windows/Release_Win32/BallisticaKitHeadlessPlus.lib": "aea258c65f7a7851c7809edd7fb85780",
-  "build/prefab/lib/windows/Release_Win32/BallisticaKitHeadlessPlus.pdb": "284e769c092bcc4a5398cb6856b91460",
+  "build/prefab/lib/windows/Debug_Win32/BallisticaKitGenericPlus.lib": "f8d1d57c73f20f4081f889a9a3bc9681",
+  "build/prefab/lib/windows/Debug_Win32/BallisticaKitGenericPlus.pdb": "df0a93565a8d0489dcef9536412aa15a",
+  "build/prefab/lib/windows/Debug_Win32/BallisticaKitHeadlessPlus.lib": "de9b3162ef787667bc42efff1803ee42",
+  "build/prefab/lib/windows/Debug_Win32/BallisticaKitHeadlessPlus.pdb": "a1d921636875ab480111793b6d50f98c",
+  "build/prefab/lib/windows/Release_Win32/BallisticaKitGenericPlus.lib": "7b505efb0ca3e2b13f972978e877321d",
+  "build/prefab/lib/windows/Release_Win32/BallisticaKitGenericPlus.pdb": "241b1122f915dcc0c44e9056396c2305",
+  "build/prefab/lib/windows/Release_Win32/BallisticaKitHeadlessPlus.lib": "9363c18806b04d38a32b7fdc89a791ba",
+  "build/prefab/lib/windows/Release_Win32/BallisticaKitHeadlessPlus.pdb": "8180744e97e91abae2afaca510e219f0",
   "src/assets/ba_data/python/babase/_mgen/__init__.py": "f885fed7f2ed98ff2ba271f9dbe3391c",
   "src/assets/ba_data/python/babase/_mgen/enums.py": "794d258d59fd17a61752843a9a0551ad",
   "src/ballistica/base/mgen/pyembed/binding_base.inc": "06042d31df0ff9af96b99477162e2a91",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 578758a7..30f5d87b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-### 1.7.37 (build 22148, api 9, 2024-12-28)
+### 1.7.37 (build 22150, api 9, 2024-12-28)
 - Bumping api version to 9. As you'll see below, there's some UI changes that
   will require a bit of work for any UI mods to adapt to. If your mods don't
   touch UI stuff at all you can simply bump your api version and call it a day.
diff --git a/src/assets/ba_data/python/baenv.py b/src/assets/ba_data/python/baenv.py
index 1279457a..1ed2142c 100644
--- a/src/assets/ba_data/python/baenv.py
+++ b/src/assets/ba_data/python/baenv.py
@@ -53,7 +53,7 @@ if TYPE_CHECKING:
 
 # Build number and version of the ballistica binary we expect to be
 # using.
-TARGET_BALLISTICA_BUILD = 22148
+TARGET_BALLISTICA_BUILD = 22150
 TARGET_BALLISTICA_VERSION = '1.7.37'
 
 
diff --git a/src/ballistica/scene_v1/connection/connection_to_client.cc b/src/ballistica/scene_v1/connection/connection_to_client.cc
index b4b05acf..64682c83 100644
--- a/src/ballistica/scene_v1/connection/connection_to_client.cc
+++ b/src/ballistica/scene_v1/connection/connection_to_client.cc
@@ -191,6 +191,17 @@ void ConnectionToClient::HandleGamePacket(const std::vector<uint8_t>& data) {
         string_buffer[string_buffer.size() - 1] = 0;
         set_peer_spec(PlayerSpec(&(string_buffer[0])));
       }
+
+      // If they sent us a garbage player-spec, kick them right out.
+      if (!peer_spec().valid()) {
+        g_core->Log(LogName::kBaNetworking, LogLevel::kDebug, [] {
+          return std::string(
+              "Rejecting client for submitting invalid player-spec.");
+        });
+        Error("");
+        return;
+      }
+
       // FIXME: We should maybe set some sort of 'pending' peer-spec
       //  and fetch their actual info from the master-server.
       //  (or at least make that an option for internet servers)
@@ -198,6 +209,9 @@ void ConnectionToClient::HandleGamePacket(const std::vector<uint8_t>& data) {
       // Compare this against our blocked specs.. if there's a match, reject
       // them.
       if (appmode->IsPlayerBanned(peer_spec())) {
+        g_core->Log(LogName::kBaNetworking, LogLevel::kDebug, [] {
+          return std::string("Rejecting join attempt by banned player.");
+        });
         Error("");
         return;
       }
diff --git a/src/ballistica/scene_v1/support/player_spec.cc b/src/ballistica/scene_v1/support/player_spec.cc
index 3f977b4b..b0e0ee64 100644
--- a/src/ballistica/scene_v1/support/player_spec.cc
+++ b/src/ballistica/scene_v1/support/player_spec.cc
@@ -18,32 +18,36 @@ PlayerSpec::PlayerSpec(const std::string& s) {
   cJSON* root_obj = cJSON_Parse(s.c_str());
   bool success = false;
   if (root_obj) {
-    cJSON* name_obj = cJSON_GetObjectItem(root_obj, "n");
-    cJSON* short_name_obj = cJSON_GetObjectItem(root_obj, "sn");
-    cJSON* account_obj = cJSON_GetObjectItem(root_obj, "a");
-    if (name_obj && short_name_obj && account_obj) {
-      name_ = Utils::GetValidUTF8(name_obj->valuestring, "psps");
-      short_name_ = Utils::GetValidUTF8(short_name_obj->valuestring, "psps2");
+    if (cJSON_IsObject(root_obj)) {
+      cJSON* name_obj = cJSON_GetObjectItem(root_obj, "n");
+      cJSON* short_name_obj = cJSON_GetObjectItem(root_obj, "sn");
+      cJSON* account_obj = cJSON_GetObjectItem(root_obj, "a");
+      if (name_obj && short_name_obj && account_obj && cJSON_IsString(name_obj)
+          && cJSON_IsString(short_name_obj) && cJSON_IsString(account_obj)) {
+        name_ = Utils::GetValidUTF8(name_obj->valuestring, "psps");
+        short_name_ = Utils::GetValidUTF8(short_name_obj->valuestring, "psps2");
 
-      // Account type may technically be something we don't recognize,
-      // but that's ok.. it'll just be 'invalid' to us in that case
-      if (g_base->HaveClassic()) {
-        v1_account_type_ = g_base->classic()->GetV1AccountTypeFromString(
-            account_obj->valuestring);
-        // classic::V1Account::AccountTypeFromString(account_obj->valuestring);
-      } else {
-        v1_account_type_ = 0;  // kInvalid.
+        // Account type may technically be something we don't recognize,
+        // but that's ok.. it'll just be 'invalid' to us in that case
+        if (g_base->HaveClassic()) {
+          v1_account_type_ = g_base->classic()->GetV1AccountTypeFromString(
+              account_obj->valuestring);
+        } else {
+          v1_account_type_ = 0;  // kInvalid.
+        }
+        success = true;
       }
-      success = true;
     }
     cJSON_Delete(root_obj);
   }
   if (!success) {
-    g_core->Log(LogName::kBa, LogLevel::kError,
+    valid_ = false;
+
+    // Only log this once in case it is used as an attack.
+    BA_LOG_ONCE(LogName::kBa, LogLevel::kError,
                 "Error creating PlayerSpec from string: '" + s + "'");
     name_ = "<error>";
-    short_name_ = "";
-    // account_type_ = classic::V1AccountType::kInvalid;
+    short_name_ = "<error>";
     v1_account_type_ = 0;  // kInvalid.
   }
 }
@@ -54,7 +58,6 @@ auto PlayerSpec::GetDisplayString() const -> std::string {
            + name_;
   }
   return name_;
-  // return classic::V1Account::AccountTypeToIconString(account_type_) + name_;
 }
 
 auto PlayerSpec::GetShortName() const -> std::string {
@@ -76,7 +79,6 @@ auto PlayerSpec::GetSpecString() const -> std::string {
   cJSON_AddStringToObject(root, "n", name_.c_str());
   cJSON_AddStringToObject(
       root, "a",
-      // classic::V1Account::AccountTypeToString(account_type_).c_str()
       g_base->HaveClassic()
           ? g_base->classic()->V1AccountTypeToString(v1_account_type_).c_str()
           : "");
diff --git a/src/ballistica/scene_v1/support/player_spec.h b/src/ballistica/scene_v1/support/player_spec.h
index 37d2b5e6..fe69f9ae 100644
--- a/src/ballistica/scene_v1/support/player_spec.h
+++ b/src/ballistica/scene_v1/support/player_spec.h
@@ -46,10 +46,13 @@ class PlayerSpec {
   /// party hosts, etc.
   static auto GetDummyPlayerSpec(const std::string& name) -> PlayerSpec;
 
+  auto valid() const { return valid_; }
+
  private:
   std::string name_;
   std::string short_name_;
   int v1_account_type_{};
+  bool valid_{true};
 };
 
 }  // namespace ballistica::scene_v1
diff --git a/src/ballistica/shared/ballistica.cc b/src/ballistica/shared/ballistica.cc
index 8137cc58..1a9ad290 100644
--- a/src/ballistica/shared/ballistica.cc
+++ b/src/ballistica/shared/ballistica.cc
@@ -39,7 +39,7 @@ auto main(int argc, char** argv) -> int {
 namespace ballistica {
 
 // These are set automatically via script; don't modify them here.
-const int kEngineBuildNumber = 22148;
+const int kEngineBuildNumber = 22150;
 const char* kEngineVersion = "1.7.37";
 const int kEngineApiVersion = 9;