[quake3-bugzilla] [Bug 3041] Spoofed invalid sequence causes client disconnect
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Sat Oct 24 10:43:37 EDT 2009
http://bugzilla.icculus.org/show_bug.cgi?id=3041
Thilo Schulz <arny at ats.s.bawue.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arny at ats.s.bawue.de
--- Comment #5 from Thilo Schulz <arny at ats.s.bawue.de> 2009-10-24 10:43:28 EDT ---
This bug cannot be easily fixed without making the quake3 protocol
incompatible.
We would need to add a message header field where the peers send some kind of
key to each other so they can check for the authenticity of messages.
On a related note, it would be desirable to distinguish between old clients,
and use the old protocol in this case, and newer ioquake3 clients and use a
newer protocol. That would give us these advantages:
1) We can fix this security issue
2) remove all hacks currently in place to work around issues with the old
protocol
3) Drop the [CL|SV]_Netchan[En|De]code stuff that used to be in place to make
it harder to reverse engineer q3 protocol
To make ioquake3 server/clients use a new protocol while retaining support for
the old would be very easy to do. I did that in my ioEF port already.
Timbo, Angst: how do you think about this?
--
Configure bugmail: http://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list