Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002528Zandronum[All Projects] Suggestionpublic2015-11-18 22:062018-09-30 22:05
ReporterWaTaKiD 
Assigned ToDusk 
PriorityhighSeverityexploitReproducibilityN/A
StatusclosedResolutionfixed 
PlatformMicrosoftOSWindowsOS VersionXP/Vista/7
Product Version 
Target Version2.2Fixed in Version3.0 
Summary0002528: enforce the drop weapon check serverside
Description<Leonard> ok so there's a time limit and a cooperative check done at the same time but it's clientside only
<Leonard> I guess those need to be enforced on serverside

otherwise a modified client could bypass this and for example: drop weapons and pick up the map placed ones again for more ammo in a dm game, where players using a vanilla client cannot
Attached Files

- Relationships

-  Notes
User avatar (0014388)
Leonard (developer)
2016-02-07 20:33

 I might add that there's a ton of other checks like that which are only enforced on the clientside..
It's not the first time it happens and someone else already said this on the tracker.
User avatar (0014390)
Torr Samaho (administrator)
2016-02-07 21:06

 For this particular check, I'd think the client side check should simply be dropped. Not allowing dropping in non-coop modes doesn't make much sense now that we have sv_nodrop, which is already enforced on the server.
User avatar (0014392)
WaTaKiD (updater)
2016-02-08 04:16

 Leonard: would you please elaborate on the tons of other checks? it'd be appreciated if you would help find and discuss them so as to improve zandronum overall

if u feel that any or all should go into a private note, ticket, or even a pm on the forums or irc, any is fine as long as we can show them to the devs and see what needs adjusting to ensure a better experience in the future
User avatar (0014393)
DrinkyBird (developer)
2016-02-08 07:31
edited on: 2016-02-08 10:04

 I noticed that you don't need a custom client to avoid dropping weapons in competitive game modes, all you need to do is set sv_limitcommands to 0 on the client. sv_nodrop 1 on the server will prevent this, however.
User avatar (0014394)
WaTaKiD (updater)
2016-02-08 11:45
edited on: 2016-02-08 12:20

 what AOSP says is true, however, sv_limitcommands is definitely not something that was disabled at the time this was found and reported, nor is it something that should be disabled in public servers due to how it can be used to really spam up the place and should instead be used with care like other debugging type commands (developer, sv_cheats, etc)

edit: as i reread AOSP's note, it is infact true that a client can set sv_limitcommands to false and drop weapons, regardless if the server has sv_limitcommands true or false, and that if the server has sv_nodrop set to true, then the client cannot drop a weapon
User avatar (0014414)
Dusk (developer)
2016-02-10 15:14

 'https://bitbucket.org/Torr_Samaho/zandronum-stable/pull-requests/25 [^]'
User avatar (0014417)
cobalt (updater)
2016-02-10 20:14

 Issue addressed by commit d31777cc56b1: Fixed: sv_limitcommands wasn't CVAR_SERVERINFO which allowed the client to change its value locally, addresses 2528
Committed by Teemu Piippo [Dusk] on Wednesday 31 December 1969 23:59:57

Changes in files:

 docs/zandronum-history.txt | 1 +
 src/sv_main.cpp | 2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)
User avatar (0014418)
cobalt (updater)
2016-02-10 20:14

 Issue addressed by commit 0f718f260358: Dropping is now allowed by default even in non-cooperative gamemodes, also addresses 2528
Committed by Teemu Piippo [Dusk] on Wednesday 31 December 1969 23:59:57

Changes in files:

 docs/zandronum-history.txt | 1 +
 src/cl_commands.cpp | 15 +++------------
 2 files changed, 4 insertions(+), 12 deletions(-)
User avatar (0014532)
WaTaKiD (updater)
2016-03-01 22:35

 tested using 3.0-r160229-1221, as a client i was unable to change sv_limitcommands for myself

also i was able to drop weapons in every gamemode with sv_nodrop 0, and was unable to drop with sv_nodrop 1

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: Hypnotoad Argentum Combinebobnt DrinkyBird The Toxic Avenger
Opponents: capodecima

- Issue History
Date Modified Username Field Change
2015-11-18 22:06 WaTaKiD New Issue
2015-11-18 22:06 WaTaKiD Description Updated View Revisions
2016-02-07 18:57 Dusk Severity minor => exploit
2016-02-07 20:33 Leonard Note Added: 0014388
2016-02-07 21:06 Torr Samaho Note Added: 0014390
2016-02-08 04:16 WaTaKiD Note Added: 0014392
2016-02-08 07:31 DrinkyBird Note Added: 0014393
2016-02-08 10:04 DrinkyBird Note Edited: 0014393 View Revisions
2016-02-08 11:45 WaTaKiD Note Added: 0014394
2016-02-08 12:09 Dusk Assigned To => Dusk
2016-02-08 12:09 Dusk Status new => assigned
2016-02-08 12:20 WaTaKiD Note Edited: 0014394 View Revisions
2016-02-10 15:14 Dusk Note Added: 0014414
2016-02-10 15:14 Dusk Status assigned => needs review
2016-02-10 15:14 Dusk Priority normal => high
2016-02-10 20:14 cobalt Status needs review => needs testing
2016-02-10 20:14 cobalt Target Version => 2.2
2016-02-10 20:14 cobalt Description Updated View Revisions
2016-02-10 20:14 cobalt Note Added: 0014417
2016-02-10 20:14 cobalt Note Added: 0014418
2016-03-01 22:35 WaTaKiD Note Added: 0014532
2016-03-01 22:35 WaTaKiD Status needs testing => resolved
2016-03-01 22:35 WaTaKiD Resolution open => fixed
2016-03-01 22:35 WaTaKiD Fixed in Version => 3.0
2016-03-01 22:35 WaTaKiD Description Updated View Revisions
2018-09-30 22:05 Blzut3 Status resolved => closed




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker