From e19e2ef355a97b530f69bf3251d539bc58452692 Mon Sep 17 00:00:00 2001 From: notsure2 Date: Mon, 23 Nov 2020 05:14:03 +0200 Subject: [PATCH] Make sure times are UTC and correctly subtract the timestamp window from the server time. --- internal/client/auth.go | 2 +- internal/server/auth.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/client/auth.go b/internal/client/auth.go index 1a2a343..939a34d 100644 --- a/internal/client/auth.go +++ b/internal/client/auth.go @@ -33,7 +33,7 @@ func makeAuthenticationPayload(authInfo AuthInfo) (ret authenticationPayload, sh copy(plaintext, authInfo.UID) copy(plaintext[16:28], authInfo.ProxyMethod) plaintext[28] = authInfo.EncryptionMethod - binary.BigEndian.PutUint64(plaintext[29:37], uint64(authInfo.WorldState.Now().Unix())) + binary.BigEndian.PutUint64(plaintext[29:37], uint64(authInfo.WorldState.Now().UTC().Unix())) binary.BigEndian.PutUint32(plaintext[37:41], authInfo.SessionId) if authInfo.Unordered { diff --git a/internal/server/auth.go b/internal/server/auth.go index 66d2fb5..1ce79ff 100644 --- a/internal/server/auth.go +++ b/internal/server/auth.go @@ -50,7 +50,7 @@ func decryptClientInfo(fragments authFragments, serverTime time.Time) (info Clie timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37])) clientTime := time.Unix(timestamp, 0) - if !(clientTime.After(serverTime.Truncate(timestampTolerance)) && clientTime.Before(serverTime.Add(timestampTolerance))) { + if !(clientTime.After(serverTime.Add(-timestampTolerance)) && clientTime.Before(serverTime.Add(timestampTolerance))) { err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp) return } @@ -77,7 +77,7 @@ func AuthFirstPacket(firstPacket []byte, transport Transport, sta *State) (info return } - info, err = decryptClientInfo(fragments, sta.WorldState.Now()) + info, err = decryptClientInfo(fragments, sta.WorldState.Now().UTC()) if err != nil { log.Debug(err) err = fmt.Errorf("%w: %v", ErrBadDecryption, err)