From: Adam O. <rh...@d2...> - 2001-09-22 11:30:49
|
On Sat, Sep 22, 2001 at 10:52:19AM +0000, Adam Olsen wrote: > On Sat, Sep 22, 2001 at 10:43:25AM +0000, Adam Olsen wrote: > > It looks like QF doesn't protect against faked talk messages. Anybody > > know offhand how they're done, and how to fix it? > > Hmm, looks like cl_nofake does it on the client. It should be done on > the server though.. maybe kicking them too. Hmm. cl_nofake checks for character 13, ^M, which iirc is a carriage return. Trying to use that on the server/client just gets me two commands, so I'd probably have to stop them from interpreting it. I'm guessing that's just what happens though, allowing it to craft a message that looks like it's from another player. I've made a patch that kicks them if their message contains a 13, but I'm not sure if that's the right thing to do. I'm also not sure if I should be calling SV_DropClient, or setting host_client->drop. I'll just take a break now and wait until some people wake up and give me input :) -- Adam Olsen, aka Rhamphoryncus |