You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently outgoing GameMessage's are checked using Network::isTransferCommand but incoming messages are not checked, which can potentially enable certain cheats. Credits to Caball for pointing this out.
This PR adds incoming GameMessage type validation in Network::RelayCommandsToCommandList to mirror the existing outgoing-direction check in GetCommandsFromCommandList, closing a potential exploit path where a remote peer could inject non-network message types. isTransferCommand is refactored into a cleaner static helper isMessageTypeWithinNetworkRange that operates on the enum value directly rather than a pointer, and a new getGameMessageType() accessor is added to NetGameCommandMsg to enable the pre-construction type check.
Ingress validation (Network.cpp): The new check reads m_type via getGameMessageType() before calling constructGameMessage(), which avoids an unnecessary allocation for rejected messages and validates the raw deserialized enum value at the right boundary.
Static helper refactor:isMessageTypeWithinNetworkRange drops the null-pointer branch (correct, since callers are now responsible for passing a valid Type value) and is marked static, removing the implicit this dependency.
Compile-time gate: The incoming validation is wrapped in #if !RETAIL_COMPATIBLE_CRC, which defaults to 1 (disabled) — the anti-cheat check is inactive in standard community builds; this was already flagged in a prior review thread.
Confidence Score: 4/5
The change is safe to merge — it cannot regress existing behaviour because the new validation path is only active when RETAIL_COMPATIBLE_CRC is explicitly set to 0, which is a non-default configuration.
The fix's core goal — blocking incoming messages with out-of-range types — is guarded by #if RETAIL_COMPATIBLE_CRC and therefore inactive in every default build. The refactor to isMessageTypeWithinNetworkRange and the new getGameMessageType() accessor are both correct and safe; the concern is solely that the anti-cheat protection this PR was created to deliver does not fire in the builds most users will run.
Core/GameEngine/Source/GameNetwork/Network.cpp — the validation logic inside the #else branch deserves a second look once the project decides to lift the retail compatibility constraint.
Implements getGameMessageType(), returning m_type directly — correct and consistent with the companion setter.
Core/GameEngine/Source/GameNetwork/Network.cpp
Renames isTransferCommand to the static isMessageTypeWithinNetworkRange, and adds incoming-message type validation gated behind #if !RETAIL_COMPATIBLE_CRC; validation is dead code in default builds where RETAIL_COMPATIBLE_CRC=1.
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Receive NetCommandRef from ConnectionManager] --> B{cmdType == NETCOMMANDTYPE_GAMECOMMAND?}
B -- No --> C[processFrameSynchronizedNetCommand]
B -- Yes --> D[Cast to NetGameCommandMsg]
D --> E{RETAIL_COMPATIBLE_CRC == 1?}
E -- Yes default --> F[appendMessage unconditionally]
E -- No --> G{isMessageTypeWithinNetworkRange\ngetGameMessageType}
G -- In range --> H[constructGameMessage\nappendMessage to TheCommandList]
G -- Out of range --> I[DEBUG_LOG rejection\nDrop message]
xezon
changed the title
fix(gamemessage): Verify allowed network type of incoming GameMessages
fix(network): Verify allowed network type of incoming GameMessages
May 15, 2026
xezon
changed the title
fix(network): Verify allowed network type of incoming GameMessages
fix(network): Verify accepted type of incoming game messages
May 15, 2026
xezon
added
Fix
Is fixing something, but is not user facing
NoRetail
This fix or change is not applicable with Retail game compatibility
labels
May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FixIs fixing something, but is not user facingMinorSeverity: Minor < Major < Critical < BlockerNetworkAnything related to network, serversNoRetailThis fix or change is not applicable with Retail game compatibility
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Caball009
added
Minor
xezon
changed the title
stephanmeesters
force-pushed
the
fix/gamemessage-network-type
branch
from
Currently outgoing
GameMessage's are checked usingNetwork::isTransferCommandbut incoming messages are not checked, which can potentially enable certain cheats. Credits to Caball for pointing this out.