Implementing SyncTilePickingHandler. Patching tile damage related exploits.

With this packet, players could kick all players by sending invalid world position data.

CHANGELOG.md

@@ -9,7 +9,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin
 	* Adding EmojiHandler to handle an exploit. Adding `tshock.sendemoji` permission and checks. Added this permission to guest group by default.
 * Handling SyncCavernMonsterType packet to prevent an exploit where players could modify the server's cavern monster types and make the server spawn any NPCs - including bosses - onto other players.
 * Added LandGolfBallInCup event which is accessible for developers to work with, as well as LandGolfBallInCup handler to handle exploits where players could send direct packets to trigger and imitate golf ball cup landing anywhere in the game world. Added two public lists in Handlers.LandGolfBallInCupHandler: GolfBallProjectileIDs and GolfClubItemIDs. (@Patrikkk)
-* Add SyncTilePicking event. This is called when a player damages a tile.
+* Add SyncTilePicking event. This is called when a player damages a tile. Implementing SyncTilePickingHandler and patching tile damaging related exploits. (Prevent player sending invalid world position data to kick players. Prevent player ID spoofing)
 
 ## TShock 4.4.0 (Pre-release 10)
 * Fix all rope coils. (@Olink)

TShockAPI/Bouncer.cs

@@ -40,6 +40,7 @@ namespace TShockAPI
 		internal Handlers.NetModules.NetModulePacketHandler NetModuleHandler { get; set; }
 		internal Handlers.EmojiHandler EmojiHandler { get; set; }
 		internal Handlers.LandGolfBallInCupHandler LandGolfBallInCupHandler { get; set; }
+		internal Handlers.SyncTilePickingHandler SyncTilePickingHandler { get; set; }
 
 		/// <summary>Constructor call initializes Bouncer and related functionality.</summary>
 		/// <returns>A new Bouncer.</returns>
@@ -57,6 +58,9 @@ namespace TShockAPI
 			LandGolfBallInCupHandler = new Handlers.LandGolfBallInCupHandler();
 			GetDataHandlers.LandGolfBallInCup += LandGolfBallInCupHandler.OnReceive;
 
+			SyncTilePickingHandler = new Handlers.SyncTilePickingHandler();
+			GetDataHandlers.SyncTilePicking += SyncTilePickingHandler.OnReceive;
+
 			// Setup hooks
 			GetDataHandlers.GetSection += OnGetSection;
 			GetDataHandlers.PlayerUpdate += OnPlayerUpdate;

TShockAPI/Handlers/SyncTilePickingHandler.cs

@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Terraria;
+using static TShockAPI.GetDataHandlers;
+
+namespace TShockAPI.Handlers
+{
+	class SyncTilePickingHandler : IPacketHandler<SyncTilePickingEventArgs>
+	{
+		/// <summary>
+		/// Invoked when player damages a tile.
+		/// </summary>
+		/// <param name="sender"></param>
+		/// <param name="args"></param>
+		public void OnReceive(object sender, SyncTilePickingEventArgs args)
+		{
+			if (args.PlayerIndex != args.Player.Index)
+			{
+				TShock.Log.ConsoleDebug($"SyncTilePickingHandler: SyncTilePicking packet rejected for ID spoofing. Expected {args.Player.Index}, received {args.PlayerIndex} from {args.Player.Name}.");
+				args.Handled = true;
+				return;
+			}
+
+			if (args.TileX > Main.maxTilesX || args.TileX < 0
+			   || args.TileY > Main.maxTilesY || args.TileY < 0)
+			{
+				TShock.Log.ConsoleDebug($"SyncTilePickingHandler: X and Y position is out of world bounds! - From {args.Player.Name}");
+				args.Handled = true;
+				return;
+			}
+		}
+	}
+}

TShockAPI/TShockAPI.csproj

@@ -100,6 +100,7 @@
     <Compile Include="Handlers\EmojiHandler.cs" />
     <Compile Include="Handlers\LandGolfBallInCupHandler.cs" />
     <Compile Include="Handlers\SendTileSquareHandler.cs" />
+    <Compile Include="Handlers\SyncTilePickingHandler.cs" />
     <Compile Include="Hooks\AccountHooks.cs" />
     <Compile Include="Hooks\GeneralHooks.cs" />
     <Compile Include="Hooks\PlayerHooks.cs" />