fix: security vulnerabilities (#1980)

* fix: security vulnerabilities

Tested that all functions related to the touched files work

will test sqlite on a CI build

* fix failing test

* ai feedback

* add buffer size checking

* use c_str

* dont log session key

* Try this for a mac definition

* be quiet apple

dGame/dBehaviors/AirMovementBehavior.cpp

@@ -30,6 +30,21 @@ void AirMovementBehavior::Sync(BehaviorContext* context, RakNet::BitStream& bitS
 		return;
 	}
 
+	// So a player can't send an arbitrary behaviorID in a modified client and cast any behavior on any air behavior
+	Behavior* toSync = nullptr;
+	if (m_GroundAction->GetBehaviorID() == behaviorId) {
+		toSync = m_GroundAction;
+	} else if (m_HitAction->GetBehaviorID() == behaviorId) {
+		toSync = m_HitAction;
+	} else if (m_HitActionEnemy->GetBehaviorID() == behaviorId) {
+		toSync = m_HitActionEnemy;
+	} else if (m_TimeoutAction->GetBehaviorID() == behaviorId) {
+		toSync = m_TimeoutAction;
+	} else {
+		LOG("Invalid Air Movement Behavior sync for behaviorID %i on behavior %i", behaviorId, m_behaviorId);
+		return;
+	}
+
 	LWOOBJID target{};
 
 	if (!bitStream.Read(target)) {
@@ -37,15 +52,17 @@ void AirMovementBehavior::Sync(BehaviorContext* context, RakNet::BitStream& bitS
 		return;
 	}
 
-	auto* behavior = CreateBehavior(behaviorId);
-
 	if (Game::entityManager->GetEntity(target) != nullptr) {
 		branch.target = target;
 	}
 
-	behavior->Handle(context, bitStream, branch);
+	toSync->Handle(context, bitStream, branch);
 }
 
 void AirMovementBehavior::Load() {
-	this->m_Timeout = (GetFloat("timeout_ms") / 1000.0f);
+	m_Timeout = (GetFloat("timeout_ms") / 1000.0f);
+	m_GroundAction = GetAction("ground_action");
+	m_HitAction = GetAction("hit_action");
+	m_HitActionEnemy = GetAction("hit_action_enemy");
+	m_TimeoutAction = GetAction("timeout_action");
 }