VoxeLibre/VoxeLibre
VoxeLibre
/
VoxeLibre
56
132
Fork 171
Code Issues 923 Pull Requests 74 Projects 4 Releases Wiki Activity

Coordinate exploit in signs and chests. #996

New Issue
Closed
opened 2021-01-22 11:57:44 +01:00 by cora · 4 comments
cora commented 2021-01-22 11:57:44 +01:00
Contributor
Copy Link

Yesterday Clamity player anon5 discovered a coordinate exploit caused by the mcl_signs and mcl_chests mod both of which send the coords on being broken to all players. It was fixed on Clamity anarchy within hours.

chests work analogous even though somewhat more complex. I'll have emilia send you the full patch once she's up. this is the patch for signs:

in MineClone2/mods/ITEMS/mcl_signs/init.lua line 198

    local players = minetest.get_connected_players()
    for p=1, #players do
        minetest.close_formspec(players[p]:get_player_name(), "mcl_signs:set_text_"..pos.x.."_"..pos.y.."_"..pos.z)
    end


->

    local players = minetest.get_connected_players()
    for p=1, #players do
        if vector.distance(players[p]:get_pos(), pos) <= ANTICHEAT_RANGE then
            minetest.close_formspec(players[p]:get_player_name(), "mcl_signs:set_text_"..pos.x.."_"..pos.y.."_"..pos.z)
        end
    end

All credit goes to anon5 for finding it, emilia for patching it and Strychten/LennartPoettering for applying the fixes on Clamity.

Yesterday Clamity player anon5 discovered a coordinate exploit caused by the mcl_signs and mcl_chests mod both of which send the coords on being broken to all players. It was fixed on Clamity anarchy within hours. chests work analogous even though somewhat more complex. I'll have emilia send you the full patch once she's up. this is the patch for signs: in MineClone2/mods/ITEMS/mcl_signs/init.lua line 198 ``` local players = minetest.get_connected_players() for p=1, #players do minetest.close_formspec(players[p]:get_player_name(), "mcl_signs:set_text_"..pos.x.."_"..pos.y.."_"..pos.z) end -> local players = minetest.get_connected_players() for p=1, #players do if vector.distance(players[p]:get_pos(), pos) <= ANTICHEAT_RANGE then minetest.close_formspec(players[p]:get_player_name(), "mcl_signs:set_text_"..pos.x.."_"..pos.y.."_"..pos.z) end end ``` All credit goes to anon5 for finding it, emilia for patching it and Strychten/LennartPoettering for applying the fixes on Clamity.
👍 2
cora changed title from Coordinate explloit in signs and chests. to Coordinate exploit in signs and chests. 2021-01-22 11:58:03 +01:00
LizzyFleckenstein03 added the
bug
#P2: HIGH
 labels 2021-01-22 12:58:29 +01:00
kay27 added the
nodes
 label 2021-01-22 17:16:07 +01:00
kay27 commented 2021-01-22 17:16:58 +01:00
Contributor
Copy Link

@cora Thanks so much for the notification. The patch looks good, I would like to merge it ASAP. What value would you recommend as ANTICHEAT_RANGE?

@cora Thanks so much for the notification. The patch looks good, I would like to merge it ASAP. What value would you recommend as ```ANTICHEAT_RANGE```?
kay27 added the
contribution inside
 label 2021-01-22 17:17:16 +01:00
cora commented 2021-01-22 17:53:51 +01:00
Author
Contributor
Copy Link

I think we used 20 although even like 200 would totally be fine. I mean if the player is in rendering distance anyways it doesnt matter.

I have sent fleckenstein the full patch on discord. Luckily discords Upload thingy is pretty broken so i can just paste the link here ( chests need to be changed for this too ).

https://cdn.discordapp.com/attachments/801928118553018409/802205417862070342/patched.zip

I think we used 20 although even like 200 would totally be fine. I mean if the player is in rendering distance anyways it doesnt matter. I have sent fleckenstein the full patch on discord. Luckily discords Upload thingy is pretty broken so i can just paste the link here ( chests need to be changed for this too ). https://cdn.discordapp.com/attachments/801928118553018409/802205417862070342/patched.zip
kay27 closed this issue 2021-01-22 18:43:30 +01:00
kay27 commented 2021-01-22 18:51:06 +01:00
Contributor
Copy Link

Hm, it has been closed automatically.
Feel free to reopen if something is wrong.
Many thanks!

Hm, it has been closed automatically. Feel free to reopen if something is wrong. Many thanks!
cora commented 2021-01-22 23:04:52 +01:00
Author
Contributor
Copy Link

no. looks good. thanks for the quick merge.

no. looks good. thanks for the quick merge.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
mcl_mobs_cleanup
fix-has_room
mob_ignore_fix
slabs_block_light
hardness_blast_res_fixes
flammable-craft-tables
buildable_flowers
burning_in_thunder
redstone-update
add_shader_support
hammers_spears
EE_armor
mapgen_update
projectile-refactor
world_aligned_textures
zombie_texture_improvements
mcl_weathered_nodes
orb_of_exchange
fix_pumpkin_names
patch_skins
hollow_logs_ref_recovery
copper-adaptation-refs-recovery
add_asset_attributions_1
fix_pumpkin_typo_pumkin
cherry_grove
lush_caves
release/0.86.1
mobile_bow_workaround
release/0.85.1
optimize_jukebox_sounds
optimize_theme_ogg
Optimize_backgrounds_jpg
archaeology
spanish-translations
fish_bucket_nametag
villager-golem-fixes
fix_beetroot_fortune_drops
fix_sliding
illager_banner_description
release_0.83.1
skelly_horse_thunder
mobs_armor
mobsarmorfix
smoother_biome_borders
jukebox_sound_distance
cobble_abm_height
callable-tool-rightclick-functions
effects_rewrite
respiration
make-new-music-louder
damage
texture_conversion_wool
dehardcoded_signs
mcl_oxidization
Texture-Rename2
Bamboo-Piston-Dig
hardcore_mode_test
update_german_translation_attempt2
test_mob_tweaks_branch
csm-enabled
move_physics_tweak
water_footstep
biome_skycolor
bambootoo
lower_ow_mapgen
release/0.81.1
revert_chest_models
mcl-craftguide-drop-sfinv
mcl-structures-fixes
turtlestriderbeefox
arrow_node_collision
pvp_knockback
icebergs
light_dump
testing
mobs-redo
wood_api
mobs_head_rotation
bonemeal
dyable-leather-armor
new_mapgen_api
newmobs-master
formspec_overhaul
mobs
mapgen
mineclone5
chat-command-builder-2
formspec-v4
doc-refactoring
production
objects
0.87.1
0.87.0
0.86.2
0.86.1
0.86.0
0.85.0
0.84.0
0.83.1
0.83.0
0.82.0
0.81.1
0.81.0
0.80.1
0.80.0
0.79.0
0.78.0
0.77.0
0.76.0
0.75.0
0.74.0
0.73.1
0.73.0
0.72.1
0.72.0
0.71.0
0.70.0
0.69.1
0.69.0
0.68.0
0.67.2
0.67.1
0.67.0
0.66.2
0.66.1
0.66.0
0.65.2
0.65.1
0.65.0
0.64.0
0.63.0
0.62.0
0.61.0
0.60.0
0.59.2
0.59.1
0.59.0
0.58.1
0.58.0
0.57.1
0.57.0
0.56.2
0.56.1
0.56.0
0.55.1
0.55.0
0.54.1
0.54.0
0.53.4
0.53.3
0.53.2
0.53.1
0.53.0
0.52.1
0.52.0
0.51.1
0.51.0
0.50.2
0.50.1
0.50.0
0.49.0
0.48.1
0.48.0
0.47.1
0.47.0
0.46.0
0.45.1
0.45.0
0.44.0
0.43.0
0.42.0
0.21.0
Labels
Clear labels   
#P1 CRITICAL

for crashes, catastrophic bugs, etc.

  
#P2: HIGH

highest priority level

  
#P3: elevated

2nd-highest priority level

  
#P4 priority: medium

for things that aren't elevated but have been prioritised

  
#P6: low

low priority level

  
#Review

Tickets that may improve or fix an issue but will need a review after a short period of time

  
annoying

non-bugs that annoys people

  
API

   
bug

   
code quality

   
combat

   
commands

   
compatibility

Label to cover migration issues from old worlds or mcl5

  
configurability

   
contribution inside

   
controls

   
core feature

   
creative mode

   
delayed for engine release

   
documentation

   
duplicate

   
enhancement

enhancement request/suggestion

  
environment

Issues that affect weather or light

  
gameplay

   
graphics

   
ground content conflict

mapgen gc-specific quirks

  
GUI/HUD

   
help wanted

   
incomplete feature

   
invalid / won't fix

Invalid, or will not fix

  
items

   
looking for contributor

   
mapgen

   
meta

Relating to VoxeLibre on Mesehub and elsewhere

  
mineclone2+

fit for MineClone2-Plus

  
Minecraft >= 1.13

   
Minecraft >= 1.17

   
missing feature

   
mobile

involving Minetest on mobile devices (android)

  
mobs

   
mod support

Issues related to mod support

  
model needed

A model is needed to be created or updated

  
multiplayer

Issues affecting multiplayer

  
Needs adoption

PR needs author action or to be adopted so changes can be implemented to get the PR closer to merge

  
needs discussion

   
needs engine change

   
needs more information

   
needs research

   
nodes

   
non-Minecraft feature

   
non-mob entities

   
performance

   
player

issues related to the player

  
possible close

   
redstone

   
release notes

This ticket will need information adding to release notes

  
schematics

   
Skyblock

   
sounds

   
Testing / Retest

This needs testing or retesting

  
tools

Related to the tools scripts, which aren't run in game

  
translation

   
unconfirmed
  
mcl5

Possibly relevant for MineClone5

  
mcla

Possibly relevant for Mineclonia

  
Media missing

media files for this feature are missing - contributions welcome

No Label
#P1 CRITICAL
#P2: HIGH
#P3: elevated
#P4 priority: medium
#P6: low
#Review
annoying
API
bug
code quality
combat
commands
compatibility
configurability
contribution inside
controls
core feature
creative mode
delayed for engine release
documentation
duplicate
enhancement
environment
gameplay
graphics
ground content conflict
GUI/HUD
help wanted
incomplete feature
invalid / won't fix
items
looking for contributor
mapgen
meta
mineclone2+
Minecraft >= 1.13
Minecraft >= 1.17
missing feature
mobile
mobs
mod support
model needed
multiplayer
Needs adoption
needs discussion
needs engine change
needs more information
needs research
nodes
non-Minecraft feature
non-mob entities
performance
player
possible close
redstone
release notes
schematics
Skyblock
sounds
Testing / Retest
tools
translation
unconfirmed
mcl5
mcla
Media missing
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: VoxeLibre/VoxeLibre#996
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?