From 2555e8cb8a15abd2420cd30048f965c1e318c8df Mon Sep 17 00:00:00 2001
From: Logan McNaughton <848146+loganmc10@users.noreply.github.com>
Date: Tue, 5 Sep 2023 10:00:33 -0600
Subject: [PATCH 1/4] validate tcp and udp connections

---
 internal/gameServer/tcp.go    | 17 +++++++++++++++++
 internal/gameServer/udp.go    | 12 ++++++++++++
 internal/lobbyServer/lobby.go | 12 ++++++++++--
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/internal/gameServer/tcp.go b/internal/gameServer/tcp.go
index 4ae3982..20aea5f 100644
--- a/internal/gameServer/tcp.go
+++ b/internal/gameServer/tcp.go
@@ -350,6 +350,23 @@ func (g *GameServer) watchTCP() {
 		} else if g.isConnClosed(err) {
 			return
 		}
+
+		validated := false
+		remoteAddr, err := net.ResolveTCPAddr(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
+		if err != nil {
+			g.Logger.Error(err, "could not resolve remote IP")
+			continue
+		}
+		for _, v := range g.Players {
+			if remoteAddr.IP.Equal(net.ParseIP(v.IP)) {
+				validated = true
+			}
+		}
+		if !validated {
+			g.Logger.Error(fmt.Errorf("invalid tcp connection"), "bad IP", "IP", conn.RemoteAddr().String())
+			continue
+		}
+
 		g.Logger.Info("received TCP connection", "address", conn.RemoteAddr().String())
 		go g.processTCP(conn)
 	}
diff --git a/internal/gameServer/udp.go b/internal/gameServer/udp.go
index 8c7cb8e..3370275 100644
--- a/internal/gameServer/udp.go
+++ b/internal/gameServer/udp.go
@@ -176,6 +176,18 @@ func (g *GameServer) watchUDP() {
 		} else if g.isConnClosed(err) {
 			return
 		}
+
+		validated := false
+		for _, v := range g.Players {
+			if addr.IP.Equal(net.ParseIP(v.IP)) {
+				validated = true
+			}
+		}
+		if !validated {
+			g.Logger.Error(fmt.Errorf("invalid udp connection"), "bad IP", "IP", addr.IP)
+			continue
+		}
+
 		g.processUDP(addr, buf)
 	}
 }
diff --git a/internal/lobbyServer/lobby.go b/internal/lobbyServer/lobby.go
index 3a722ab..d76de3b 100644
--- a/internal/lobbyServer/lobby.go
+++ b/internal/lobbyServer/lobby.go
@@ -321,8 +321,12 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 					g.Emulator = receivedMessage.Emulator
 					g.Players = make(map[string]gameserver.Client)
 					g.Features = receivedMessage.Features
+					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
+					if err != nil {
+						s.Logger.Error(err, "could not parse IP")
+					}
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{
-						IP:     ws.Request().RemoteAddr,
+						IP:     ip,
 						Number: 0,
 						Socket: ws,
 					}
@@ -434,9 +438,13 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 						}
 					}
 
+					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
+					if err != nil {
+						s.Logger.Error(err, "could not parse IP")
+					}
 					g.PlayersMutex.Lock() // any player can modify this from their own thread
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{
-						IP:     ws.Request().RemoteAddr,
+						IP:     ip,
 						Socket: ws,
 						Number: number,
 					}

From 6539be97483858ce4bfa749e6bcbb46a3b25416c Mon Sep 17 00:00:00 2001
From: Logan McNaughton <848146+loganmc10@users.noreply.github.com>
Date: Tue, 5 Sep 2023 10:05:50 -0600
Subject: [PATCH 2/4] log

---
 internal/lobbyServer/lobby.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/lobbyServer/lobby.go b/internal/lobbyServer/lobby.go
index d76de3b..eb5b4e9 100644
--- a/internal/lobbyServer/lobby.go
+++ b/internal/lobbyServer/lobby.go
@@ -323,7 +323,7 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 					g.Features = receivedMessage.Features
 					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
 					if err != nil {
-						s.Logger.Error(err, "could not parse IP")
+						s.Logger.Error(err, "could not parse IP", "IP", ws.Request().RemoteAddr)
 					}
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{
 						IP:     ip,
@@ -440,7 +440,7 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 
 					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
 					if err != nil {
-						s.Logger.Error(err, "could not parse IP")
+						s.Logger.Error(err, "could not parse IP", "IP", ws.Request().RemoteAddr)
 					}
 					g.PlayersMutex.Lock() // any player can modify this from their own thread
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{

From d7bbc33d236a48ae8c68e5c073b60ede338e5c30 Mon Sep 17 00:00:00 2001
From: Logan McNaughton <848146+loganmc10@users.noreply.github.com>
Date: Tue, 5 Sep 2023 10:13:26 -0600
Subject: [PATCH 3/4] close conn

---
 internal/gameServer/tcp.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/gameServer/tcp.go b/internal/gameServer/tcp.go
index 20aea5f..3c0a092 100644
--- a/internal/gameServer/tcp.go
+++ b/internal/gameServer/tcp.go
@@ -141,6 +141,7 @@ func (g *GameServer) processTCP(conn *net.TCPConn) {
 		length, err := conn.Read(incomingBuffer)
 		if errors.Is(err, io.EOF) {
 			// g.Logger.Info("Remote side closed TCP connection", "address", conn.RemoteAddr().String())
+			conn.Close()
 			return
 		}
 		if err != nil && !errors.Is(err, os.ErrDeadlineExceeded) {
@@ -355,6 +356,7 @@ func (g *GameServer) watchTCP() {
 		remoteAddr, err := net.ResolveTCPAddr(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
 		if err != nil {
 			g.Logger.Error(err, "could not resolve remote IP")
+			conn.Close()
 			continue
 		}
 		for _, v := range g.Players {
@@ -364,6 +366,7 @@ func (g *GameServer) watchTCP() {
 		}
 		if !validated {
 			g.Logger.Error(fmt.Errorf("invalid tcp connection"), "bad IP", "IP", conn.RemoteAddr().String())
+			conn.Close()
 			continue
 		}
 

From da7aacf66f84657b2303b7cebd3db36f074b25bd Mon Sep 17 00:00:00 2001
From: Logan McNaughton <848146+loganmc10@users.noreply.github.com>
Date: Tue, 5 Sep 2023 10:16:31 -0600
Subject: [PATCH 4/4] more

---
 internal/gameServer/tcp.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/gameServer/tcp.go b/internal/gameServer/tcp.go
index 3c0a092..06ebd4b 100644
--- a/internal/gameServer/tcp.go
+++ b/internal/gameServer/tcp.go
@@ -131,6 +131,8 @@ func (g *GameServer) tcpSendReg(conn *net.TCPConn) {
 }
 
 func (g *GameServer) processTCP(conn *net.TCPConn) {
+	defer conn.Close()
+
 	tcpData := &TCPData{Request: RequestNone}
 	incomingBuffer := make([]byte, 1500) //nolint:gomnd
 	for {
@@ -141,7 +143,6 @@ func (g *GameServer) processTCP(conn *net.TCPConn) {
 		length, err := conn.Read(incomingBuffer)
 		if errors.Is(err, io.EOF) {
 			// g.Logger.Info("Remote side closed TCP connection", "address", conn.RemoteAddr().String())
-			conn.Close()
 			return
 		}
 		if err != nil && !errors.Is(err, os.ErrDeadlineExceeded) {