Re: faked talk messages

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sat, Sep 22, 2001 at 10:52:19AM +0000, Adam Olsen wrote:
> On Sat, Sep 22, 2001 at 10:43:25AM +0000, Adam Olsen wrote:
> > It looks like QF doesn't protect against faked talk messages.  Anybody
> > know offhand how they're done, and how to fix it?
> 
> Hmm, looks like cl_nofake does it on the client.  It should be done on
> the server though.. maybe kicking them too.

Hmm.  cl_nofake checks for character 13, ^M, which iirc is a carriage
return.  Trying to use that on the server/client just gets me two
commands, so I'd probably have to stop them from interpreting it.  I'm
guessing that's just what happens though, allowing it to craft a
message that looks like it's from another player.

I've made a patch that kicks them if their message contains a 13, but
I'm not sure if that's the right thing to do.  I'm also not sure if I
should be calling SV_DropClient, or setting host_client->drop.  I'll
just take a break now and wait until some people wake up and give me
input :)

-- 
Adam Olsen, aka Rhamphoryncus