1 files changed, 20 insertions, 17 deletions

diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp
index 76c0f52..9586a71 100644
--- a/src/server/net/discoverylistener.cpp
+++ b/src/server/net/discoverylistener.cpp
@@ -29,23 +29,20 @@
 /**
  * @brief DiscoveryListener::DiscoveryListener
  */
-DiscoveryListener::DiscoveryListener() :
-	_socket(this), _counterResetPos(0)
+DiscoveryListener::DiscoveryListener(QObject *parent)
+        : QObject(parent), _socket(this)
 {
-	if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT))
+	if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT)) {
 		qFatal("Could not bind to service discovery port %d", int(SERVICE_DISCOVERY_PORT));
-	connect(&_socket, SIGNAL(readyRead()), this, SLOT(onReadyRead()));
-	for (int i = 0; i < SD_PACKET_TABLE_SIZE; ++i)
-		_packetCounter[i] = 0;
+	}
+	connect(&_socket, &QUdpSocket::readyRead, this, &DiscoveryListener::onReadyRead);
 	startTimer((SPAM_MODERATE_AT_ONCE * SPAM_MODERATE_INTERVAL) / SD_PACKET_TABLE_SIZE + 1);
 }
 
 /**
  * @brief DiscoveryListener::~DiscoveryListener
  */
-DiscoveryListener::~DiscoveryListener()
-{
-}
+DiscoveryListener::~DiscoveryListener() = default;
 
 /**
  * @brief hash
@@ -57,8 +54,8 @@ static quint16 hash(const QHostAddress& host)
 	static quint16 seed1 = 0, seed2 = 0;
 	while (seed1 == 0) { // Make sure the algorithm uses different seeds each time the program is
 		// run to prevent hash collision attacks
-		seed1 = quint16(qrand() & 0xffff);
-		seed2 = quint16(qrand() & 0xffff);
+		seed1 = quint16(slxrand() & 0xffff);
+		seed2 = quint16(slxrand() & 0xffff);
 	}
 	quint8 data[16], len;
 	if (host.protocol() == QAbstractSocket::IPv4Protocol) {
@@ -79,8 +76,8 @@ static quint16 hash(const QHostAddress& host)
 	} else {
 		// Durr?
 		len = 2;
-		data[0] = quint8(qrand());
-		data[1] = quint8(qrand());
+		data[0] = quint8(slxrand());
+		data[1] = quint8(slxrand());
 	}
 	quint16 result = 0;
 	quint16 mod = seed1;
@@ -131,15 +128,17 @@ void DiscoveryListener::onReadyRead()
 			continue;
 		const quint16 bucket = hash(addr) % SD_PACKET_TABLE_SIZE;
 		if (_packetCounter[bucket] > SPAM_CUTOFF) {
-			qDebug() << "SD: Potential (D)DoS from " << _socket.peerAddress().toString();
+			qDebug() << "SD: Potential (D)DoS from " << addr.toString();
 			// emit some signal and pop up a big warning that someone is flooding/ddosing the PVS SD
 			// ... on the other hand, will the user understand? ;)
 			continue;
 		}
 		++_packetCounter[bucket];
 		_packet.reset();
-		if (_packet.readMessage(data, quint32(size)) != NM_READ_OK)
+		if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) {
+			qDebug() << "Corrupted service discovery message from" << addr.toString();
 			continue;
+		}
 		// Valid packet, process it:
 		const QByteArray iplist(_packet.getFieldBytes(_IPLIST));
 		const QByteArray hash(_packet.getFieldBytes(_HASH));
@@ -149,12 +148,16 @@ void DiscoveryListener::onReadyRead()
 		if (salt1.size() < 16 || salt2.size() < 16)
 			continue; // To make this more secure, you could remember the last X salts used, and ignore new packets using the same
 		// Check if the source IP of the packet matches any of the addresses given in the IP list
-		if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString()))
+		if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) {
+			qDebug() << "SD: Client" << addr.toString() << "did not supply IP in list:" << iplist;
 			continue;
+		}
 		// If so, check if the submitted hash seems valid
 		if (genSha1(&serverApp->sessionNameArray(), &salt1, &iplist) != hash &&
 		        !(serverApp->getCurrentRoom()->clientPositions.contains(addr.toString()))) {
 			// did not match local session name and client is not in same room.
+			qDebug() << "SD: Mismatch, neither session name match, nor client for current room" << serverApp->getCurrentRoom()->tutorIP;
+			qDebug() << "SD: Allowed clients from room:" << serverApp->getCurrentRoom()->clientPositions.keys();
 			continue;
 		}
 
@@ -162,7 +165,7 @@ void DiscoveryListener::onReadyRead()
 		QByteArray myiplist(Network::interfaceAddressesToString().toUtf8());
 		QSslKey key;
 		QSslCertificate cert;
-		if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) {
+		if (!CertManager::getPrivateKeyAndCert("manager2", key, cert)) {
 			if (++certFails > 5) {
 				CertManager::fatal();
 			}