rehlds
rehlds copied to clipboard
Make the server sets Steamids to clients after the validation by Steam servers
This pr fixes the Steam App Ownership Ticket hijacking/spoofing vulnerability and related exploits. Now the server will sets the steamid from the ticket only after the client connection has been validated by the Steam servers. Before this, the client will be assigned STEAM_ID_PENDING
(sid 0).
In fact, the GoldSrc server followed similar logic before the Steamworks updates.