fix: security fixes (#1974)

* fix: security fixes dont print passwords for worlds bound strings from clients actually enable encryption between rakpeers dont allow underflow when reading a string Tested that packets are encrypted tested that models can still be built tested that combat still works * add check * use c++ nullptr instead of NULL * initialize to 0 * globalize constant (should be in a namespace at least in the future) * Update GameMessages.cpp * check bounds
2026-05-30 03:14:20 +00:00 · 2026-05-17 12:21:22 -07:00
parent 67bbe4c1f0
commit f5d33a773a
13 changed files with 43 additions and 9 deletions
--- a/dGame/dGameMessages/EchoSyncSkill.h
+++ b/dGame/dGameMessages/EchoSyncSkill.h
@@ -47,6 +47,7 @@ public:

 		uint32_t sBitStreamLength{};
 		stream.Read(sBitStreamLength);
+		if (sBitStreamLength > MAX_MESSAGE_LENGTH) return false;
 		for (unsigned int k = 0; k < sBitStreamLength; k++) {
 			unsigned char character;
 			stream.Read(character);