+ pingvalue = (int)(cl->ping * 1000.0f);
+ if(cl->netconnection)
+ pingvalue = bound(1, pingvalue, 9999);
+ else
+ pingvalue = 0;
+
+ *qcstatus = 0;
+ if(prog->fieldoffsets.clientstatus >= 0)
+ {
+ const char *str = PRVM_E_STRING(PRVM_EDICT_NUM(i + 1), prog->fieldoffsets.clientstatus);
+ if(str && *str)
+ {
+ char *p;
+ const char *q;
+ p = qcstatus;
+ for(q = str; *q && p != qcstatus + sizeof(qcstatus) - 1; ++q)
+ if(*q != '\\' && *q != '"' && !ISWHITESPACE(*q))
+ *p++ = *q;
+ *p = 0;
+ }
+ }
+
+ if ((gamemode == GAME_NEXUIZ) && (teamplay.integer > 0))
+ {
+ if(cl->frags == -666) // spectator
+ strlcpy(teambuf, " 0", sizeof(teambuf));
+ else if(cl->colors == 0x44) // red team
+ strlcpy(teambuf, " 1", sizeof(teambuf));
+ else if(cl->colors == 0xDD) // blue team
+ strlcpy(teambuf, " 2", sizeof(teambuf));
+ else if(cl->colors == 0xCC) // yellow team
+ strlcpy(teambuf, " 3", sizeof(teambuf));
+ else if(cl->colors == 0x99) // pink team
+ strlcpy(teambuf, " 4", sizeof(teambuf));
+ else
+ strlcpy(teambuf, " 0", sizeof(teambuf));
+ }
+ else
+ *teambuf = 0;
+
+ // note: team number is inserted according to SoF2 protocol
+ if(*qcstatus)
+ length = dpsnprintf(ptr, left, "%s %d%s \"%s\"\n",
+ qcstatus,
+ pingvalue,
+ teambuf,
+ cleanname);
+ else
+ length = dpsnprintf(ptr, left, "%d %d%s \"%s\"\n",
+ cl->frags,
+ pingvalue,
+ teambuf,
+ cleanname);
+
+ if(length < 0)
+ {
+ // out of space?
+ // turn it into an infoResponse!
+ out_msg[savelength] = 0;
+ memcpy(out_msg + 4, "infoResponse\x0A", 13);
+ memmove(out_msg + 17, out_msg + 19, savelength - 19);
+ break;
+ }
+ left -= length;
+ ptr += length;
+ }
+ }
+ }
+
+ SV_VM_End();
+ return true;
+
+bad:
+ SV_VM_End();
+ return false;
+}
+
+static qboolean NetConn_PreventConnectFlood(lhnetaddress_t *peeraddress)
+{
+ int floodslotnum, bestfloodslotnum;
+ double bestfloodtime;
+ lhnetaddress_t noportpeeraddress;
+ // see if this is a connect flood
+ noportpeeraddress = *peeraddress;
+ LHNETADDRESS_SetPort(&noportpeeraddress, 0);
+ bestfloodslotnum = 0;
+ bestfloodtime = sv.connectfloodaddresses[bestfloodslotnum].lasttime;
+ for (floodslotnum = 0;floodslotnum < MAX_CONNECTFLOODADDRESSES;floodslotnum++)
+ {
+ if (bestfloodtime >= sv.connectfloodaddresses[floodslotnum].lasttime)
+ {
+ bestfloodtime = sv.connectfloodaddresses[floodslotnum].lasttime;
+ bestfloodslotnum = floodslotnum;
+ }
+ if (sv.connectfloodaddresses[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &sv.connectfloodaddresses[floodslotnum].address) == 0)
+ {
+ // this address matches an ongoing flood address
+ if (realtime < sv.connectfloodaddresses[floodslotnum].lasttime + net_connectfloodblockingtimeout.value)
+ {
+ // renew the ban on this address so it does not expire
+ // until the flood has subsided
+ sv.connectfloodaddresses[floodslotnum].lasttime = realtime;
+ //Con_Printf("Flood detected!\n");
+ return true;
+ }
+ // the flood appears to have subsided, so allow this
+ bestfloodslotnum = floodslotnum; // reuse the same slot
+ break;
+ }
+ }
+ // begin a new timeout on this address
+ sv.connectfloodaddresses[bestfloodslotnum].address = noportpeeraddress;
+ sv.connectfloodaddresses[bestfloodslotnum].lasttime = realtime;
+ //Con_Printf("Flood detection initiated!\n");
+ return false;
+}
+
+void NetConn_ClearConnectFlood(lhnetaddress_t *peeraddress)
+{
+ int floodslotnum;
+ lhnetaddress_t noportpeeraddress;
+ // see if this is a connect flood
+ noportpeeraddress = *peeraddress;
+ LHNETADDRESS_SetPort(&noportpeeraddress, 0);
+ for (floodslotnum = 0;floodslotnum < MAX_CONNECTFLOODADDRESSES;floodslotnum++)
+ {
+ if (sv.connectfloodaddresses[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &sv.connectfloodaddresses[floodslotnum].address) == 0)
+ {
+ // this address matches an ongoing flood address
+ // remove the ban
+ sv.connectfloodaddresses[floodslotnum].address.addresstype = LHNETADDRESSTYPE_NONE;
+ sv.connectfloodaddresses[floodslotnum].lasttime = 0;
+ //Con_Printf("Flood cleared!\n");
+ }
+ }
+}
+
+typedef qboolean (*rcon_matchfunc_t) (lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen);
+
+qboolean hmac_mdfour_time_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
+{
+ char mdfourbuf[16];
+ long t1, t2;
+
+ t1 = (long) time(NULL);
+ t2 = strtol(s, NULL, 0);
+ if(abs(t1 - t2) > rcon_secure_maxdiff.integer)
+ return false;
+
+ if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, strlen(password)))
+ return false;
+
+ return !memcmp(mdfourbuf, hash, 16);
+}
+
+qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
+{
+ char mdfourbuf[16];
+ int i;
+
+ if(slen < (int)(sizeof(challenge[0].string)) - 1)
+ return false;
+
+ // validate the challenge
+ for (i = 0;i < MAX_CHALLENGES;i++)
+ if(challenge[i].time > 0)
+ if (!LHNETADDRESS_Compare(peeraddress, &challenge[i].address) && !strncmp(challenge[i].string, s, sizeof(challenge[0].string) - 1))
+ break;
+ // if the challenge is not recognized, drop the packet
+ if (i == MAX_CHALLENGES)
+ return false;
+
+ if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, strlen(password)))
+ return false;
+
+ if(memcmp(mdfourbuf, hash, 16))
+ return false;
+
+ // unmark challenge to prevent replay attacks
+ challenge[i].time = 0;