Block attempts to connect to the client (#10589)

A Minetest peer initiates a connection by sending a packet with an invalid peer_id, for whatever reason the code for doing this ran on both the client and the server meaning you could connect to a client if you knew what the address:port tuple it was listening on.
minetest · Nov 2, 2020 · 0abb3e8 · 0abb3e8
1 parent 9c9344c
commit 0abb3e8
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/src/network/connection.cpp b/src/network/connection.cpp
@@ -1566,7 +1566,7 @@ void Connection::sendAck(session_t peer_id, u8 channelnum, u16 seqnum)
 
 UDPPeer* Connection::createServerPeer(Address& address)
 {
-	if (getPeerNoEx(PEER_ID_SERVER) != 0)
+	if (ConnectedToServer())
 	{
 		throw ConnectionException("Already connected to a server");
 	}

diff --git a/src/network/connection.h b/src/network/connection.h
@@ -809,6 +809,11 @@ class Connection
 	void putEvent(ConnectionEvent &e);
 
 	void TriggerSend();
+
+	bool ConnectedToServer() 
+	{
+		return getPeerNoEx(PEER_ID_SERVER) != nullptr;
+	}
 private:
 	MutexedQueue<ConnectionEvent> m_event_queue;
 

diff --git a/src/network/connectionthreads.cpp b/src/network/connectionthreads.cpp
@@ -956,8 +956,11 @@ void ConnectionReceiveThread::receive(SharedBuffer<u8> &packetdata,
 			// command was sent reliably.
 		}
 
-		/* The peer was not found in our lists. Add it. */
 		if (peer_id == PEER_ID_INEXISTENT) {
+			/* Ignore it if we are a client */
+			if (m_connection->ConnectedToServer())
+				return;
+			/* The peer was not found in our lists. Add it. */
 			peer_id = m_connection->createPeer(sender, MTP_MINETEST_RELIABLE_UDP, 0);
 		}