From d497c926849fc716d486d400fed45063577bd99a Mon Sep 17 00:00:00 2001 From: sfan5 Date: Wed, 27 Apr 2022 19:00:49 +0200 Subject: Fix race condition in registration leading to duplicate create_auth calls --- src/network/serverpackethandler.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index d8b49da09..ee94edc3c 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -1496,8 +1496,19 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) } std::string initial_ver_key; - initial_ver_key = encode_srp_verifier(verification_key, salt); + + // It is possible for multiple connections to get this far with the same + // player name. In the end only one player with a given name will be emerged + // (see Server::StateTwoClientInit) but we still have to be careful here. + if (m_script->getAuth(playername, nullptr, nullptr)) { + // Another client beat us to it + actionstream << "Server: Client from " << addr_s + << " tried to register " << playername << " a second time." + << std::endl; + DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED); + return; + } m_script->createAuth(playername, initial_ver_key); m_script->on_authplayer(playername, addr_s, true); -- cgit v1.2.3