Implemented checks for NetworkedVar Write permission

TwoTenPvP · TwoTenPvP · commit a8ce78482d4d · 2018-07-09T19:45:09.000+02:00
diff --git a/MLAPI/MonoBehaviours/Core/NetworkedBehaviour.cs b/MLAPI/MonoBehaviours/Core/NetworkedBehaviour.cs
@@ -993,24 +993,50 @@ internal void NetworkedVarUpdate()
             }
         }
 
-        internal void HandleNetworkedVarDeltas(BitReader reader)
+        internal void HandleNetworkedVarDeltas(BitReader reader, uint clientId)
         {
             for (int i = 0; i < networkedVarFields.Count; i++)
             {
                 if (!reader.ReadBool())
                     continue;
 
+                if (isServer && !networkedVarFields[i].CanClientWrite(clientId))
+                {
+                    //This client wrote somewhere they are not allowed. This is critical
+                    //We can't just skip this field. Because we don't actually know how to dummy read
+                    //That is, we don't know how many bytes to skip. Because the interface doesn't have a 
+                    //Read that gives us the value. Only a Read that applies the value straight away
+                    //A dummy read COULD be added to the interface for this situation, but it's just being too nice.
+                    //This is after all a developer fault. A critical error should be fine.
+                    // - TwoTen
+                    if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Client wrote to NetworkedVar without permission. No more variables can be read. This is critical");
+                    return;
+                }
+
                 networkedVarFields[i].SetDeltaFromReader(reader);
             }
         }
 
-        internal void HandleNetworkedVarUpdate(BitReader reader)
+        internal void HandleNetworkedVarUpdate(BitReader reader, uint clientId)
         {
             for (int i = 0; i < networkedVarFields.Count; i++)
             {
                 if (!reader.ReadBool())
                     continue;
 
+                if (isServer && !networkedVarFields[i].CanClientWrite(clientId))
+                {
+                    //This client wrote somewhere they are not allowed. This is critical
+                    //We can't just skip this field. Because we don't actually know how to dummy read
+                    //That is, we don't know how many bytes to skip. Because the interface doesn't have a 
+                    //Read that gives us the value. Only a Read that applies the value straight away
+                    //A dummy read COULD be added to the interface for this situation, but it's just being too nice.
+                    //This is after all a developer fault. A critical error should be fine.
+                    // - TwoTen
+                    if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Client wrote to NetworkedVar without permission. No more variables can be read. This is critical");
+                    return;
+                }
+
                 networkedVarFields[i].SetFieldFromReader(reader);
             }
         }
diff --git a/MLAPI/NetworkingManagerComponents/Core/InternalMessageHandler.Receive.cs b/MLAPI/NetworkingManagerComponents/Core/InternalMessageHandler.Receive.cs
@@ -378,7 +378,7 @@ internal static void HandleNetworkedVarDelta(uint clientId, BitReader reader, in
                 return;
             }
 
-            SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarDeltas(reader);
+            SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarDeltas(reader, clientId);
         }
 
         internal static void HandleNetworkedVarUpdate(uint clientId, BitReader reader, int channelId)
@@ -397,7 +397,7 @@ internal static void HandleNetworkedVarUpdate(uint clientId, BitReader reader, i
                 return;
             }
 
-            SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarUpdate(reader);
+            SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarUpdate(reader, clientId);
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -993,24 +993,50 @@ internal void NetworkedVarUpdate()`
`993`	`993`	`}`
`994`	`994`	`}`
`995`	`995`
`996`		`- internal void HandleNetworkedVarDeltas(BitReader reader)`
	`996`	`+ internal void HandleNetworkedVarDeltas(BitReader reader, uint clientId)`
`997`	`997`	`{`
`998`	`998`	`for (int i = 0; i < networkedVarFields.Count; i++)`
`999`	`999`	`{`
`1000`	`1000`	`if (!reader.ReadBool())`
`1001`	`1001`	`continue;`
`1002`	`1002`
	`1003`	`+ if (isServer && !networkedVarFields[i].CanClientWrite(clientId))`
	`1004`	`+ {`
	`1005`	`+ //This client wrote somewhere they are not allowed. This is critical`
	`1006`	`+ //We can't just skip this field. Because we don't actually know how to dummy read`
	`1007`	`+ //That is, we don't know how many bytes to skip. Because the interface doesn't have a`
	`1008`	`+ //Read that gives us the value. Only a Read that applies the value straight away`
	`1009`	`+ //A dummy read COULD be added to the interface for this situation, but it's just being too nice.`
	`1010`	`+ //This is after all a developer fault. A critical error should be fine.`
	`1011`	`+ // - TwoTen`
	`1012`	`+ if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Client wrote to NetworkedVar without permission. No more variables can be read. This is critical");`
	`1013`	`+ return;`
	`1014`	`+ }`
	`1015`	`+`
`1003`	`1016`	`networkedVarFields[i].SetDeltaFromReader(reader);`
`1004`	`1017`	`}`
`1005`	`1018`	`}`
`1006`	`1019`
`1007`		`- internal void HandleNetworkedVarUpdate(BitReader reader)`
	`1020`	`+ internal void HandleNetworkedVarUpdate(BitReader reader, uint clientId)`
`1008`	`1021`	`{`
`1009`	`1022`	`for (int i = 0; i < networkedVarFields.Count; i++)`
`1010`	`1023`	`{`
`1011`	`1024`	`if (!reader.ReadBool())`
`1012`	`1025`	`continue;`
`1013`	`1026`
	`1027`	`+ if (isServer && !networkedVarFields[i].CanClientWrite(clientId))`
	`1028`	`+ {`
	`1029`	`+ //This client wrote somewhere they are not allowed. This is critical`
	`1030`	`+ //We can't just skip this field. Because we don't actually know how to dummy read`
	`1031`	`+ //That is, we don't know how many bytes to skip. Because the interface doesn't have a`
	`1032`	`+ //Read that gives us the value. Only a Read that applies the value straight away`
	`1033`	`+ //A dummy read COULD be added to the interface for this situation, but it's just being too nice.`
	`1034`	`+ //This is after all a developer fault. A critical error should be fine.`
	`1035`	`+ // - TwoTen`
	`1036`	`+ if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Client wrote to NetworkedVar without permission. No more variables can be read. This is critical");`
	`1037`	`+ return;`
	`1038`	`+ }`
	`1039`	`+`
`1014`	`1040`	`networkedVarFields[i].SetFieldFromReader(reader);`
`1015`	`1041`	`}`
`1016`	`1042`	`}`
Original file line number	Diff line number	Diff line change
`@@ -378,7 +378,7 @@ internal static void HandleNetworkedVarDelta(uint clientId, BitReader reader, in`
`378`	`378`	`return;`
`379`	`379`	`}`
`380`	`380`
`381`		`- SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarDeltas(reader);`
	`381`	`+ SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarDeltas(reader, clientId);`
`382`	`382`	`}`
`383`	`383`
`384`	`384`	`internal static void HandleNetworkedVarUpdate(uint clientId, BitReader reader, int channelId)`
`@@ -397,7 +397,7 @@ internal static void HandleNetworkedVarUpdate(uint clientId, BitReader reader, i`
`397`	`397`	`return;`
`398`	`398`	`}`
`399`	`399`
`400`		`- SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarUpdate(reader);`
	`400`	`+ SpawnManager.spawnedObjects[netId].GetBehaviourAtOrderIndex(orderIndex).HandleNetworkedVarUpdate(reader, clientId);`
`401`	`401`	`}`
`402`	`402`	`}`
`403`	`403`	`}`