aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2022-04-27 19:00:49 +0200
committersfan5 <sfan5@live.de>2022-04-28 19:55:36 +0200
commit391eec9ee78fc9dfdc476ad2a8ed7755009e4a2f (patch)
treec39a24f5d846ae48c248b61afe8e68a078408f43
parent0d91ef78ddb487e08969c9efb385ef7de69750b9 (diff)
downloadminetest-391eec9ee78fc9dfdc476ad2a8ed7755009e4a2f.tar.gz
minetest-391eec9ee78fc9dfdc476ad2a8ed7755009e4a2f.tar.bz2
minetest-391eec9ee78fc9dfdc476ad2a8ed7755009e4a2f.zip
Fix race condition in registration leading to duplicate create_auth calls
-rw-r--r--src/network/serverpackethandler.cpp13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp
index 8163cb820..6d951c416 100644
--- a/src/network/serverpackethandler.cpp
+++ b/src/network/serverpackethandler.cpp
@@ -1495,8 +1495,19 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
}
std::string initial_ver_key;
-
initial_ver_key = encode_srp_verifier(verification_key, salt);
+
+ // It is possible for multiple connections to get this far with the same
+ // player name. In the end only one player with a given name will be emerged
+ // (see Server::StateTwoClientInit) but we still have to be careful here.
+ if (m_script->getAuth(playername, nullptr, nullptr)) {
+ // Another client beat us to it
+ actionstream << "Server: Client from " << addr_s
+ << " tried to register " << playername << " a second time."
+ << std::endl;
+ DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED);
+ return;
+ }
m_script->createAuth(playername, initial_ver_key);
m_script->on_authplayer(playername, addr_s, true);