Make sure times are UTC and correctly subtract the timestamp window from the server time. (#134)

4 years ago · b7e7bfb314
parent 0f6e0d37b5
commit b7e7bfb314
2 changed files with 3 additions and 3 deletions
--- a/internal/client/auth.go
+++ b/internal/client/auth.go
@ -33,7 +33,7 @@ func makeAuthenticationPayload(authInfo AuthInfo) (ret authenticationPayload, sh
 	copy(plaintext, authInfo.UID)
 	copy(plaintext[16:28], authInfo.ProxyMethod)
 	plaintext[28] = authInfo.EncryptionMethod
-	binary.BigEndian.PutUint64(plaintext[29:37], uint64(authInfo.WorldState.Now().Unix()))
+	binary.BigEndian.PutUint64(plaintext[29:37], uint64(authInfo.WorldState.Now().UTC().Unix()))
 	binary.BigEndian.PutUint32(plaintext[37:41], authInfo.SessionId)

 	if authInfo.Unordered {
--- a/internal/server/auth.go
+++ b/internal/server/auth.go
@ -50,7 +50,7 @@ func decryptClientInfo(fragments authFragments, serverTime time.Time) (info Clie

 	timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
 	clientTime := time.Unix(timestamp, 0)
-	if !(clientTime.After(serverTime.Truncate(timestampTolerance)) && clientTime.Before(serverTime.Add(timestampTolerance))) {
+	if !(clientTime.After(serverTime.Add(-timestampTolerance)) && clientTime.Before(serverTime.Add(timestampTolerance))) {
 		err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
 		return
 	}
@ -77,7 +77,7 @@ func AuthFirstPacket(firstPacket []byte, transport Transport, sta *State) (info
 		return
 	}

-	info, err = decryptClientInfo(fragments, sta.WorldState.Now())
+	info, err = decryptClientInfo(fragments, sta.WorldState.Now().UTC())
 	if err != nil {
 		log.Debug(err)
 		err = fmt.Errorf("%w: %v", ErrBadDecryption, err)