From 490f5beb89b90f77a98d49c39de700200859b170 Mon Sep 17 00:00:00 2001
From: Louis-Antoine <lamr@free.fr>
Date: Tue, 13 Feb 2018 17:53:18 +0100
Subject: [PATCH 1/5] Do not prevent all net commands for the current tic from
 being executed because of an unkown net command ID

---
 src/d_clisrv.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/d_clisrv.c b/src/d_clisrv.c
index d48f223c..87b154f8 100644
--- a/src/d_clisrv.c
+++ b/src/d_clisrv.c
@@ -401,8 +401,7 @@ static void ExtraDataTicker(void)
 							DEBFILE(va("player %d kicked [gametic=%u] reason as follows:\n", i, gametic));
 						}
 						CONS_Alert(CONS_WARNING, M_GetText("Got unknown net command [%s]=%d (max %d)\n"), sizeu1(curpos - bufferstart), *curpos, bufferstart[0]);
-						D_FreeTextcmd(gametic);
-						return;
+						break;
 					}
 				}
 			}

From bd2334dd93985799cb6f77909f2a145ab1474ab5 Mon Sep 17 00:00:00 2001
From: Louis-Antoine <lamr@free.fr>
Date: Wed, 14 Feb 2018 21:00:55 +0100
Subject: [PATCH 2/5] Fix SV_StopServer not calling D_Clearticcmd correctly

---
 src/d_clisrv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/d_clisrv.c b/src/d_clisrv.c
index 87b154f8..e42bceef 100644
--- a/src/d_clisrv.c
+++ b/src/d_clisrv.c
@@ -3292,7 +3292,7 @@ void SV_StopServer(void)
 	localtextcmd[0] = 0;
 	localtextcmd2[0] = 0;
 
-	for (i = 0; i < BACKUPTICS; i++)
+	for (i = firstticstosend; i < firstticstosend + BACKUPTICS; i++)
 		D_Clearticcmd(i);
 
 	consoleplayer = 0;

From 91081a3e534ad6885bac1fae3013444f9fb2c67e Mon Sep 17 00:00:00 2001
From: Louis-Antoine <lamr@free.fr>
Date: Mon, 4 Jun 2018 22:14:01 +0200
Subject: [PATCH 3/5] Disable admin password by default

---
 src/d_main.c   | 9 ---------
 src/d_netcmd.c | 9 +++++++--
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/d_main.c b/src/d_main.c
index fbec5f7d..df339875 100644
--- a/src/d_main.c
+++ b/src/d_main.c
@@ -1051,15 +1051,6 @@ void D_SRB2Main(void)
 
 	if (M_CheckParm("-password") && M_IsNextParm())
 		D_SetPassword(M_GetNextParm());
-	else
-	{
-		size_t z;
-		char junkpw[25];
-		for (z = 0; z < 24; z++)
-			junkpw[z] = (char)(rand() & 64)+32;
-		junkpw[24] = '\0';
-		D_SetPassword(junkpw);
-	}
 
 	// add any files specified on the command line with -file wadfile
 	// to the wad list
diff --git a/src/d_netcmd.c b/src/d_netcmd.c
index 673d64fd..876a3852 100644
--- a/src/d_netcmd.c
+++ b/src/d_netcmd.c
@@ -2656,10 +2656,12 @@ static void D_MD5PasswordPass(const UINT8 *buffer, size_t len, const char *salt,
 
 #define BASESALT "basepasswordstorage"
 static UINT8 adminpassmd5[16];
+static boolean adminpasswordset = false;
 
 void D_SetPassword(const char *pw)
 {
 	D_MD5PasswordPass((const UINT8 *)pw, strlen(pw), BASESALT, &adminpassmd5);
+	adminpasswordset = true;
 }
 
 // Remote Administration
@@ -2728,6 +2730,9 @@ static void Got_Login(UINT8 **cp, INT32 playernum)
 
 	READMEM(*cp, sentmd5, 16);
 
+	if (!adminpasswordset)
+		CONS_Printf(M_GetText("Password from %s failed (no password set).\n"), player_names[playernum]);
+
 	if (client)
 		return;
 
@@ -3951,7 +3956,7 @@ static void Command_RestartAudio_f(void)
 	I_ShutdownSound();
 	I_StartupSound();
 	I_InitMusic();
-	
+
 // These must be called or no sound and music until manually set.
 
 	I_SetSfxVolume(cv_soundvolume.value);
@@ -3959,7 +3964,7 @@ static void Command_RestartAudio_f(void)
 	I_SetMIDIMusicVolume(cv_midimusicvolume.value);
 	if (Playing()) // Gotta make sure the player is in a level
 		P_RestoreMusic(&players[consoleplayer]);
-	
+
 }
 
 /** Quits a game and returns to the title screen.

From c389c0b3dc5fb285f5492474f1c93b62c6336b7a Mon Sep 17 00:00:00 2001
From: Louis-Antoine <lamr@free.fr>
Date: Mon, 4 Jun 2018 22:30:27 +0200
Subject: [PATCH 4/5] xd

---
 src/d_netcmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/d_netcmd.c b/src/d_netcmd.c
index 876a3852..727d5eff 100644
--- a/src/d_netcmd.c
+++ b/src/d_netcmd.c
@@ -2731,7 +2731,10 @@ static void Got_Login(UINT8 **cp, INT32 playernum)
 	READMEM(*cp, sentmd5, 16);
 
 	if (!adminpasswordset)
+	{
 		CONS_Printf(M_GetText("Password from %s failed (no password set).\n"), player_names[playernum]);
+		return;
+	}
 
 	if (client)
 		return;

From 82d953bbc219d02edd0cba6bde6ac44a591c96bf Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Wed, 4 Jul 2018 20:15:36 +0100
Subject: [PATCH 5/5] Fixed the Lua crash exploit.

---
 src/lua_consolelib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lua_consolelib.c b/src/lua_consolelib.c
index 566e7374..3239b7c5 100644
--- a/src/lua_consolelib.c
+++ b/src/lua_consolelib.c
@@ -77,7 +77,9 @@ void Got_Luacmd(UINT8 **cp, INT32 playernum)
 
 deny:
 	//must be hacked/buggy client
-	lua_settop(gL, 0); // clear stack
+	if (gL) // check if Lua is actually turned on first, you dummmy -- Monster Iestyn 04/07/18
+		lua_settop(gL, 0); // clear stack
+
 	CONS_Alert(CONS_WARNING, M_GetText("Illegal lua command received from %s\n"), player_names[playernum]);
 	if (server)
 	{