enforce unique ids

2026-02-10 19:32:26 +01:00
parent 27bd2cd2ec
commit 8c54250449
3 changed files with 11 additions and 2 deletions
--- a/src/common/session_registry.cpp
+++ b/src/common/session_registry.cpp
@@ -60,6 +60,11 @@ namespace ColumnLynx::Net {
        return static_cast<int>(mSessions.size());
    }

+    bool SessionRegistry::exists(uint32_t sessionID) const {
+        std::shared_lock lock(mMutex);
+        return mSessions.find(sessionID) != mSessions.end();
+    }
+    
    uint32_t SessionRegistry::getFirstAvailableIP(uint32_t baseIP, uint8_t mask) const {
        std::shared_lock lock(mMutex);

--- a/src/server/net/tcp/tcp_connection.cpp
+++ b/src/server/net/tcp/tcp_connection.cpp
@@ -211,8 +211,10 @@ namespace ColumnLynx::Net::TCP {

                    std::memcpy(mConnectionAESKey.data(), decrypted.data(), decrypted.size());

-                    // Make a Session ID
-                    randombytes_buf(&mConnectionSessionID, sizeof(mConnectionSessionID));
+                    // Make a Session ID - unique and not zero (zero is reserved for invalid sessions)
+                    do {
+                        randombytes_buf(&mConnectionSessionID, sizeof(mConnectionSessionID));
+                    } while (SessionRegistry::getInstance().exists(mConnectionSessionID) || mConnectionSessionID == 0); // Regenerate if it already exists or is zero (zero is reserved for invalid sessions)

                    // Encrypt the Session ID with the established AES key (using symmetric encryption, nonce can be all zeros for this purpose)
                    Nonce symNonce{}; // All zeros