themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Removed stat hack configs and permissions, added hardcoded limits due to crash exploit potential from abnormal stats. Also added hardcoded limits of player damage and killme due to crash exploits.

Browse source
This commit is contained in:
Zidonuke Ghost 2013-10-06 02:56:55 -04:00
parent b958b43f9b
commit 3f956801f8
5 changed files with 20 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

4
TShockAPI/ConfigFile.cs
View file

@ -267,10 +267,6 @@ namespace TShockAPI
[Description("A dictionary of REST tokens that external applications may use to make queries to your server.")] [Description("A dictionary of REST tokens that external applications may use to make queries to your server.")]
public Dictionary<string, SecureRest.TokenData> ApplicationRestTokens = new Dictionary<string, SecureRest.TokenData>(); public Dictionary<string, SecureRest.TokenData> ApplicationRestTokens = new Dictionary<string, SecureRest.TokenData>();
[Description("The maximum value that a character may have for health.")] public int MaxHealth = 500;
[Description("The maximum value that a character may have for health.")] public int MaxMana = 500;
[Description("The number of reserved slots past your max server slot that can be joined by reserved players")] public int ReservedSlots = 20; [Description("The number of reserved slots past your max server slot that can be joined by reserved players")] public int ReservedSlots = 20;
[Description("The number of reserved slots past your max server slot that can be joined by reserved players")] public bool LogRest = false; [Description("The number of reserved slots past your max server slot that can be joined by reserved players")] public bool LogRest = false;

29
TShockAPI/GetDataHandlers.cs
View file

@ -1315,9 +1315,9 @@ namespace TShockAPI
if (args.Player.FirstMaxHP == 0) if (args.Player.FirstMaxHP == 0)
args.Player.FirstMaxHP = max; args.Player.FirstMaxHP = max;
if ((max > TShock.Config.MaxHealth && max > args.Player.FirstMaxHP) && !args.Player.Group.HasPermission(Permissions.ignorestathackdetection)) if (cur < 0 || cur > 500 || max < 100 || max > 500) //Abnormal values have the potential to cause infinite loops in the server.
{ {
TShock.Utils.ForceKick(args.Player, "Hacked Client Detected.", true); TShock.Utils.ForceKick(args.Player, "Crash Exploit Attempt", true);
return false; return false;
} }
@ -1333,9 +1333,6 @@ namespace TShockAPI
args.Player.Heal(args.TPlayer.statLifeMax); args.Player.Heal(args.TPlayer.statLifeMax);
} }
if (cur <= 0)
TSPlayer.All.SendData(PacketTypes.PlayerKillMe, "attempt at aboose", args.TPlayer.whoAmi);
return false; return false;
} }
@ -1351,9 +1348,9 @@ namespace TShockAPI
if (args.Player.FirstMaxMP == 0) if (args.Player.FirstMaxMP == 0)
args.Player.FirstMaxMP = max; args.Player.FirstMaxMP = max;
if (max > TShock.Config.MaxMana && max > args.Player.FirstMaxMP) if (cur < 0 || cur > 400 || max < 20 || max > 200) //Abnormal values have the potential to cause infinite loops in the server.
{ {
TShock.Utils.ForceKick(args.Player, "Hacked Client Detected.", true); TShock.Utils.ForceKick(args.Player, "Crash Exploit Attempt", true);
return false; return false;
} }
@ -1567,11 +1564,6 @@ namespace TShockAPI
TShock.Utils.ForceKick(args.Player, "Blank name.", true); TShock.Utils.ForceKick(args.Player, "Blank name.", true);
return true; return true;
} }
if (TShock.HackedStats(args.Player) && !args.Player.Group.HasPermission(Permissions.ignorestathackdetection))
{
TShock.Utils.ForceKick(args.Player, "You have hacked health/mana, please use a different character.", true);
return true;
}
if (!args.Player.Group.HasPermission(Permissions.ignorestackhackdetection)) if (!args.Player.Group.HasPermission(Permissions.ignorestackhackdetection))
{ {
@ -2495,6 +2487,13 @@ namespace TShockAPI
var direction = args.Data.ReadInt8(); var direction = args.Data.ReadInt8();
var dmg = args.Data.ReadInt16(); var dmg = args.Data.ReadInt16();
var pvp = args.Data.ReadInt8() == 0; var pvp = args.Data.ReadInt8() == 0;
if (dmg > 20000) //Abnormal values have the potential to cause infinite loops in the server.
{
TShock.Utils.ForceKick(args.Player, "Crash Exploit Attempt", true);
return false;
}
if (OnKillMe(id, direction, dmg, pvp)) if (OnKillMe(id, direction, dmg, pvp))
return true; return true;
int textlength = (int) (args.Data.Length - args.Data.Position - 1); int textlength = (int) (args.Data.Length - args.Data.Position - 1);
@ -2944,6 +2943,12 @@ namespace TShockAPI
var pvp = args.Data.ReadBoolean(); var pvp = args.Data.ReadBoolean();
var crit = args.Data.ReadBoolean(); var crit = args.Data.ReadBoolean();
if (dmg > 10000) //Abnormal values have the potential to cause infinite loops in the server.
{
TShock.Utils.ForceKick(args.Player, "Crash Exploit Attempt", true);
return false;
}
if (OnPlayerDamage(id, direction, dmg, pvp, crit)) if (OnPlayerDamage(id, direction, dmg, pvp, crit))
return true; return true;

3
TShockAPI/Permissions.cs
View file

@ -139,9 +139,6 @@ namespace TShockAPI
[Description("Prevents you from being disabled by stack hack detection.")] [Description("Prevents you from being disabled by stack hack detection.")]
public static readonly string ignorestackhackdetection = "tshock.ignore.itemstack"; public static readonly string ignorestackhackdetection = "tshock.ignore.itemstack";
[Description("Prevents you from being kicked by hacked health detection.")]
public static readonly string ignorestathackdetection = "tshock.ignore.stats";
[Description("Prevents your actions from being ignored if damage is too high.")] [Description("Prevents your actions from being ignored if damage is too high.")]
public static readonly string ignoredamagecap = "tshock.ignore.damage"; public static readonly string ignoredamagecap = "tshock.ignore.damage";

8
TShockAPI/TShock.cs
View file

@ -1572,14 +1572,6 @@ namespace TShockAPI
return (float) Math.Sqrt(num3); return (float) Math.Sqrt(num3);
} }
public static bool HackedStats(TSPlayer player)
{
return (player.TPlayer.statManaMax > TShock.Config.MaxMana) ||
(player.TPlayer.statMana > TShock.Config.MaxMana) ||
(player.TPlayer.statLifeMax > TShock.Config.MaxHealth) ||
(player.TPlayer.statLife > TShock.Config.MaxHealth);
}
public static bool HackedInventory(TSPlayer player) public static bool HackedInventory(TSPlayer player)
{ {
bool check = false; bool check = false;

3
TShockAPI/Utils.cs
View file

@ -576,7 +576,10 @@ namespace TShockAPI
if (TShock.Config.ServerSideCharacter) if (TShock.Config.ServerSideCharacter)
foreach (TSPlayer player in TShock.Players) foreach (TSPlayer player in TShock.Players)
if (player != null && player.IsLoggedIn && !player.IgnoreActionsForClearingTrashCan) if (player != null && player.IsLoggedIn && !player.IgnoreActionsForClearingTrashCan)
{
player.PlayerData.CopyCharacter(player);
TShock.CharacterDB.InsertPlayerData(player); TShock.CharacterDB.InsertPlayerData(player);
}
StopServer(true, reason); StopServer(true, reason);
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase); System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase);