From 597e403d5022f55949411ad589e74f41e978db33 Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Thu, 28 Jan 2021 00:22:28 -0800 Subject: [PATCH 1/3] Disable debug logs by default --- TShockAPI/ConfigFile.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TShockAPI/ConfigFile.cs b/TShockAPI/ConfigFile.cs index 63937614..472bda65 100644 --- a/TShockAPI/ConfigFile.cs +++ b/TShockAPI/ConfigFile.cs @@ -64,7 +64,7 @@ namespace TShockAPI /// Whether or not the server should output debug level messages related to system operation. [Description("Whether or not the server should output debug level messages related to system operation.")] - public bool DebugLogs = true; + public bool DebugLogs = false; /// Prevents users from being able to login before they finish connecting. [Description("Prevents users from being able to login before they finish connecting.")] From f4cc14fb8eb8ef06d9b79e7f48bd85cfd3380bdb Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Thu, 28 Jan 2021 00:22:15 -0800 Subject: [PATCH 2/3] Remove extra whitespace --- TShockAPI/ConfigFile.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TShockAPI/ConfigFile.cs b/TShockAPI/ConfigFile.cs index 472bda65..fd148a1e 100644 --- a/TShockAPI/ConfigFile.cs +++ b/TShockAPI/ConfigFile.cs @@ -56,7 +56,7 @@ namespace TShockAPI /// Whether or not to use ServerName in place of the world name. [Description("Whether or not to use ServerName in place of the world name.")] - public bool UseServerName = false; + public bool UseServerName = false; /// The path to the directory where logs should be written to. [Description("The path to the directory where logs should be written to.")] From 355a7f02f592e6c498947394e271c978599ef69c Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Thu, 28 Jan 2021 00:17:55 -0800 Subject: [PATCH 3/3] =?UTF-8?q?Fix=20=E2=88=9E=20velocity=20exploit=20(@ba?= =?UTF-8?q?rtico6,=20@tlworks)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 9 ++++++++- TShockAPI/Bouncer.cs | 24 ++++++++++++++++++++++++ TShockAPI/Properties/AssemblyInfo.cs | 2 +- TShockAPI/TShock.cs | 2 +- 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f770a64..abffc6c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,14 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Do not forget to sign every line you change with your name. (@hakusaro) * If there is no section called "Upcoming changes" below this line, please add one with `## Upcoming changes` as the first line, and then a bulleted item directly after with the first change. -## Upcoming Changes +## Upcoming changes +* This could be you! + +## TShock 4.4.0 (Pre-release 16) +* Patched protocol issue. Thanks to Off (@tlworks) and @bartico6 for contributions, including packet captures, packet analysis, exploit proof-of-concept testing, patch testing, and detailed reproduction steps. (@hakusaro) +* Disabled debug by default. (@hakusaro) + +## TShock 4.4.0 (Pre-release 15) * Overhauled Bans system. Bans are now based on 'identifiers'. (@QuiCM) * The old Bans table (`Bans`) has been deprecated. New bans will go in `PlayerBans`. Old bans will be converted automatically to the new system. * All old ban routes in REST are now redirected. Please use `/v3/bans/*` for REST-based ban management. diff --git a/TShockAPI/Bouncer.cs b/TShockAPI/Bouncer.cs index 99d4a9ff..b5dae813 100644 --- a/TShockAPI/Bouncer.cs +++ b/TShockAPI/Bouncer.cs @@ -135,6 +135,30 @@ namespace TShockAPI var pos = args.Position; var vel = args.Velocity; + if (Single.IsInfinity(vel.X) || Single.IsInfinity(vel.Y)) + { + TShock.Log.ConsoleInfo("Bouncer / OnPlayerUpdate force kicked (attempted to set velocity to infinity) from {0}", args.Player.Name); + args.Player.Kick("Detected DOOM set to ON position.", true, true); + args.Handled = true; + return; + } + + if (Single.IsNaN(vel.X) || Single.IsNaN(vel.Y)) + { + TShock.Log.ConsoleInfo("Bouncer / OnPlayerUpdate force kicked (attempted to set velocity to NaN) from {0}", args.Player.Name); + args.Player.Kick("Detected DOOM set to ON position.", true, true); + args.Handled = true; + return; + } + + if (vel.X > 50000 || vel.Y > 50000 || vel.X < -50000 || vel.Y < -50000) + { + TShock.Log.ConsoleInfo("Bouncer / OnPlayerUpdate force kicked (attempted to set velocity +/- 50000) from {0}", args.Player.Name); + args.Player.Kick("Detected DOOM set to ON position.", true, true); + args.Handled = true; + return; + } + if (pos.X < 0 || pos.Y < 0 || pos.X >= Main.maxTilesX * 16 - 16 || pos.Y >= Main.maxTilesY * 16 - 16) { TShock.Log.ConsoleDebug("Bouncer / OnPlayerUpdate rejected from (position check) {0}", args.Player.Name); diff --git a/TShockAPI/Properties/AssemblyInfo.cs b/TShockAPI/Properties/AssemblyInfo.cs index 065a6e65..bf337820 100644 --- a/TShockAPI/Properties/AssemblyInfo.cs +++ b/TShockAPI/Properties/AssemblyInfo.cs @@ -28,7 +28,7 @@ using System.Runtime.InteropServices; [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Re-Logic, Pryaxis & TShock Contributors")] [assembly: AssemblyProduct("TShockAPI")] -[assembly: AssemblyCopyright("Copyright © Re-Logic, Pryaxis & TShock Contributors 2011-2020")] +[assembly: AssemblyCopyright("Copyright © Re-Logic, Pryaxis & TShock Contributors 2011-2021")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] diff --git a/TShockAPI/TShock.cs b/TShockAPI/TShock.cs index 2794264f..5f774f95 100644 --- a/TShockAPI/TShock.cs +++ b/TShockAPI/TShock.cs @@ -57,7 +57,7 @@ namespace TShockAPI /// VersionNum - The version number the TerrariaAPI will return back to the API. We just use the Assembly info. public static readonly Version VersionNum = Assembly.GetExecutingAssembly().GetName().Version; /// VersionCodename - The version codename is displayed when the server starts. Inspired by software codenames conventions. - public static readonly string VersionCodename = "Go to sleep Patrikkk, Icy, Chris, Death, Axeel, Zaicon, hakusaro, Zack, and Yoraiz0r <3"; + public static readonly string VersionCodename = "Now with less velocity, thanks to Off + Quake. Usual thanks to Chris/White <3"; /// SavePath - This is the path TShock saves its data in. This path is relative to the TerrariaServer.exe (not in ServerPlugins). public static string SavePath = "tshock";