]> git.lizzy.rs Git - minetest.git/commitdiff
projects / minetest.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0d91ef7)
Fix race condition in registration leading to duplicate create_auth calls
authorsfan5 <sfan5@live.de>
Wed, 27 Apr 2022 17:00:49 +0000 (19:00 +0200)
committersfan5 <sfan5@live.de>
Thu, 28 Apr 2022 17:55:36 +0000 (19:55 +0200)
src/network/serverpackethandler.cpp patch | blob | history

diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp
index 8163cb820e54f6d1a7c8816b8cd5d7cc1bf09beb..6d951c4166c67f1ee7b747afd601cf4e4499471c 100644 (file)
--- a/src/network/serverpackethandler.cpp
+++ b/src/network/serverpackethandler.cpp
@@ -1495,8 +1495,19 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
                }
 
                std::string initial_ver_key;
-
                initial_ver_key = encode_srp_verifier(verification_key, salt);
+
+               // It is possible for multiple connections to get this far with the same
+               // player name. In the end only one player with a given name will be emerged
+               // (see Server::StateTwoClientInit) but we still have to be careful here.
+               if (m_script->getAuth(playername, nullptr, nullptr)) {
+                       // Another client beat us to it
+                       actionstream << "Server: Client from " << addr_s
+                               << " tried to register " << playername << " a second time."
+                               << std::endl;
+                       DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED);
+                       return;
+               }
                m_script->createAuth(playername, initial_ver_key);
                m_script->on_authplayer(playername, addr_s, true);
 
Minetest is an open source voxel game engine with easy modding and game creation