MantisBT - Zandronum
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002801Zandronum[All Projects] Bugpublic2016-08-10 10:452016-10-09 11:52
ReporterVisual Vincent 
Assigned To 
PriorityhighSeverityexploitReproducibilityalways
StatusclosedResolutionunable to reproduce 
PlatformMicrosoftOSWindowsOS VersionXP/Vista/7
Product Version2.1 
Target VersionFixed in Version 
Summary0002801: Votekicks can be avoided by disconnecting, thus resulting in not getting banned.
DescriptionWhen a votekick succeeds the user getting votekicked gets his/hers IP banned from a server. However this can be avoided if the user disconnects before he's automatically kicked, which will result in the user being able to join again.

If the server has set the "sv_limitnumvotes" cvar to true you will also not be able to attempt to kick that player again for ~10 minutes, making it possible for him/her to cause even more trouble.
Steps To Reproduce1. Call a vote to kick a player.
2. Let enough players vote so that the vote passes.
3. Let the target player disconnect before his ban is performed.
4. Let the target player rejoin.
Additional Information
TagsNo tags attached.
Relationships
related to 0002802closed  prevent newly connected clients from voting too soon 
related to 0002590closed  A little addition to vote success/fail condition 
related to 0002838closed Torr Samaho sv_maxclientsperip and Votes . 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-08-10 10:45Visual VincentNew Issue
2016-08-10 10:47Visual VincentNote Added: 0015426
2016-08-10 10:47Visual VincentNote Edited: 0015426bug_revision_view_page.php?bugnote_id=15426#r9377
2016-08-10 10:48Visual VincentNote Edited: 0015426bug_revision_view_page.php?bugnote_id=15426#r9378
2016-08-10 11:39Visual VincentNote Edited: 0015426bug_revision_view_page.php?bugnote_id=15426#r9379
2016-08-10 11:45UnknownNote Added: 0015427
2016-08-10 12:52DuskNote Added: 0015428
2016-08-10 12:52DuskNote Edited: 0015428bug_revision_view_page.php?bugnote_id=15428#r9381
2016-08-10 14:29Visual VincentNote Added: 0015430
2016-08-10 15:23FusedNote Added: 0015432
2016-08-10 15:35Visual VincentNote Added: 0015433
2016-08-10 15:37Visual VincentNote Edited: 0015433bug_revision_view_page.php?bugnote_id=15433#r9386
2016-08-10 15:37Visual VincentNote Edited: 0015433bug_revision_view_page.php?bugnote_id=15433#r9387
2016-08-10 16:12UnknownNote Added: 0015434
2016-08-10 16:13UnknownNote Edited: 0015434bug_revision_view_page.php?bugnote_id=15434#r9389
2016-08-10 16:14UnknownNote Edited: 0015434bug_revision_view_page.php?bugnote_id=15434#r9390
2016-08-10 16:15UnknownNote Edited: 0015434bug_revision_view_page.php?bugnote_id=15434#r9391
2016-08-12 04:37ZzZomboNote Added: 0015439
2016-08-12 04:38ZzZomboNote Edited: 0015439bug_revision_view_page.php?bugnote_id=15439#r9400
2016-08-12 19:38fr-bloodNote Added: 0015440
2016-08-13 01:18UnknownNote Added: 0015441
2016-09-21 02:15Ru5tK1ngRelationship addedrelated to 0002802
2016-09-21 02:16Ru5tK1ngRelationship addedrelated to 0002590
2016-09-21 02:16Ru5tK1ngRelationship addedrelated to 0002838
2016-09-21 02:26Ru5tK1ngNote Added: 0015676
2016-09-21 02:26Ru5tK1ngStatusnew => feedback
2016-09-21 02:26Ru5tK1ngProduct Version2.2-beta => 2.1
2016-09-21 02:58Ru5tK1ngNote Added: 0015678
2016-09-21 02:58Ru5tK1ngStatusfeedback => confirmed
2016-09-21 20:57Ru5tK1ngNote Added: 0015686
2016-09-21 20:57Ru5tK1ngStatusconfirmed => needs review
2016-09-22 01:54AlexMaxNote Added: 0015687
2016-09-22 01:59Ru5tK1ngNote Added: 0015688
2016-09-22 02:25AlexMaxNote Added: 0015689
2016-09-22 02:49AlexMaxNote Edited: 0015689bug_revision_view_page.php?bugnote_id=15689#r9536
2016-09-22 04:11Ru5tK1ngStatusneeds review => feedback
2016-09-22 06:37UnknownNote Added: 0015690
2016-09-22 07:04DuskNote Added: 0015691
2016-09-22 10:15UnknownNote Added: 0015692
2016-09-22 10:17UnknownNote Edited: 0015692bug_revision_view_page.php?bugnote_id=15692#r9538
2016-09-22 10:17UnknownNote Edited: 0015692bug_revision_view_page.php?bugnote_id=15692#r9539
2016-09-22 10:18UnknownNote Edited: 0015692bug_revision_view_page.php?bugnote_id=15692#r9540
2016-09-22 18:46Ru5tK1ngNote Added: 0015693
2016-10-01 18:22Visual VincentNote Added: 0015719
2016-10-01 18:22Visual VincentStatusfeedback => new
2016-10-01 18:24Visual VincentNote Edited: 0015719bug_revision_view_page.php?bugnote_id=15719#r9564
2016-10-01 18:57DuskNote Added: 0015720
2016-10-08 11:06Visual VincentNote Added: 0015804
2016-10-08 11:07Visual VincentNote Edited: 0015804bug_revision_view_page.php?bugnote_id=15804#r9617
2016-10-08 11:08Visual VincentNote Edited: 0015804bug_revision_view_page.php?bugnote_id=15804#r9618
2016-10-08 13:56WaTaKiDNote Added: 0015806
2016-10-09 04:27Ru5tK1ngNote Added: 0015820
2016-10-09 11:52DuskNote Added: 0015837
2016-10-09 11:52DuskStatusnew => closed
2016-10-09 11:52DuskResolutionopen => unable to reproduce

Notes
(0015426)
Visual Vincent   
2016-08-10 10:47   
(edited on: 2016-08-10 11:39)
I don't know fully how the vote system works, but my suggestion would be this:
  1. Store the IP-address when the vote begins.
  2. Let all players vote.
  3. If the vote passes, ban the IP (even if the player is not online anymore).

Here's a video demonstrating the problem:'https://youtu.be/6OaefGceYA4 [^]'
Please put the link in the original post, thank you.
(0015427)
Unknown   
2016-08-10 11:45   
Yea i saw that, God it was so annoying, the guy keeps spamming before getting votekicked, and leaves quickly before the vote gets passed .
(0015428)
Dusk   
2016-08-10 12:52   
Quote

  1. Store the IP-address when the vote begins.
  2. Let all players vote.
  3. If the vote passes, ban the IP (even if the player is not online anymore).


This is the current behavior. If this isn't actually happening then we have a bug.
(0015430)
Visual Vincent   
2016-08-10 14:29   
Quote
If this isn't actually happening then we have a bug.


Seeing as he could rejoin after only a few minutes, I guess so.
(0015432)
Fused   
2016-08-10 15:23   
Are you sure this doesn't work as intended? Can you check again? I'm pretty sure the intended behaviour is what happends. Either that or it broke recently somehow.
(0015433)
Visual Vincent   
2016-08-10 15:35   
(edited on: 2016-08-10 15:37)
Quote

Are you sure this doesn't work as intended? Can you check again? I'm pretty sure the intended behaviour is what happends. Either that or it broke recently somehow.


I just tested with my friend on one of my own servers, it works there and I got banned for 10 minutes.
I don't know whether it worked on the server I played at in the video, but after taking the time from the demo I recorded I can confirm that he's away for only a minute (this happened two times actually, but the last was not included in the video I uploaded).
(0015434)
Unknown   
2016-08-10 16:12   
(edited on: 2016-08-10 16:15)
Could be because the guy found an exploit and he used it, Not sure what is it though since he did it not only in that JMX Server, but also on another server i joined, He also managed to use other players names without getting renamed to something else (Making it hard to select and votekick that guy), Like when you use someone else's name a number is added as a Prefix to the copied name .
(0015439)
ZzZombo   
2016-08-12 04:37   
(edited on: 2016-08-12 04:38)
Ugh, did I just get into Valve's private bug tracker for TF2? Because this is exactly what happens recently there too! Both the disconnect thing and the player assuming names of other players! Just wow...
(0015440)
fr-blood   
2016-08-12 19:38   
I'm sure that it works fine, each time I saw someone leaving before the ban he wasn't coming back for a long moment.
(0015441)
Unknown   
2016-08-13 01:18   
^ Check the vid then .
(0015676)
Ru5tK1ng   
2016-09-21 02:26   
I watched the video and are you sure is he just isn't changing IPs or if it's one of his troll buddies? Everytime he leaves and reconnects, is his IP the same? Check the server log.
(0015678)
Ru5tK1ng   
2016-09-21 02:58   
Actually I just did this on DE with Alex and yeah something is very wrong here. I'll try to take a look at it.
(0015686)
Ru5tK1ng   
2016-09-21 20:57   
I looked through the code and the IP is fetched when the player sends the command to the server. I'm not sure why it was getting lost during the vote passed countdown when the culprit disconnected, so I removed the delay for vote kicks.

'https://bitbucket.org/Ru5tK1ng/zandronum/commits/ccd2c1a6f57c08245a4e248285b6e9ff41a5e79b?at=default [^]'
(0015687)
AlexMax   
2016-09-22 01:54   
I have a sneaky suspicion that this might be a bug that is unique to FUNCRUSHER. I cannot replicate this "bypass" on a local machine, or on a randomly selected server (not Doomshack, not Grandvoid). I can only replicate on NJ and DE.

However, I have no idea why this is happening. My binary is dated January 15th, 20116, and as far as I know, it is running the ZA_2.1.2 checkout with an exploit fix patch provided by Dusk. I will recompile and see if the odd behavior goes away, and if not hopefully I can get a gdb trace on what is going on.
(0015688)
Ru5tK1ng   
2016-09-22 01:59   
It also depends on what cluster/server the ticket author was playing on. Perhaps he can let us know.

After comparing 2.1.2 and 3.0's voting code, there was some changes to the handling of IPs during kickvoting. The best case scenario is this is something that has already been implicitly fixed and my change will more of an improvement rather than fix.
(0015689)
AlexMax   
2016-09-22 02:25   
(edited on: 2016-09-22 02:49)
A significant amount of time was wasted because I had forgotten that I had whitelisted Rustking and myself. Thus no wonder we couldn't kick ourselves from NJ and DE. *facepalm* So NJ and DE are fine too.

However, that still does not explain the original Youtube video.

EDIT: You didn't mention which server this was on. If this was on TSPG, there is the possibility that the administrator is messing with you by whitelisting his own IP. Or, it might just be somebody who can change his IP quickly.
(0015690)
Unknown   
2016-09-22 06:37   
Not just TSPG, Grandvoid, or Doomshack or any of these clusters, It's also other servers like Utiko's Doomcenter or those other usermade servers .
(0015691)
Dusk   
2016-09-22 07:04   
Hmm. Maybe we need some kind of specifity rule to allow whitelisted people to be votekicked. So that a single IP whitelist (or narrower range) gets you past a wider IP range ban, but a specific ban such as a kickvote still gets you out.
(0015692)
Unknown   
2016-09-22 10:15   
(edited on: 2016-09-22 10:18)
I Thought the Whitelist is used to add IPs of players who can't be votekicked (Therefore can't initiate a kickvote against them), That's not where the problem comes from like OP Said, we were able to call a kickvote against them but everytime before vote passes, they somehow manage to bypass it during the delay between kick and "Vote passed" message .

If IPs are whitelisted the game should tell us they are before attempting to call a kick vote against them, right ?
(0015693)
Ru5tK1ng   
2016-09-22 18:46   
I think you misunderstood what Alex meant. Even though I am whitelisted, a kick vote CAN be called against any name I use. It's the banning process once the vote has passed that does nothing. Also it's still useful information to know what cluster the video took place on.

I disagree with being able to be kicked out of servers despite being whitelisted. If I were to investigate a situation on NJ and I happened to get kicked out by trolls, that defeats my whole purpose of being on the white list to begin with. It's usually a bad decision to white list a range and server admins need to be more careful how they handle their lists anyway.

I agree with unknown that perhaps a message should notify the server if the user being kicked is on the whitelist or within a range on the list.
(0015719)
Visual Vincent   
2016-10-01 18:22   
(edited on: 2016-10-01 18:24)
Sorry for being out of reach...
I cannot remember which server I was playing on, but since I have recorded a demo of it (which is on my desktop PC, that I sadly do not have access to until the end of next week) I might be able to pry something out of it.
(0015720)
Dusk   
2016-10-01 18:57   
Quote
If I were to investigate a situation on NJ and I happened to get kicked out by trolls, that defeats my whole purpose of being on the white list to begin with.

The adminlist exists for this purpose. People on the adminlist cannot even be called a votekick on in the first place.
(0015804)
Visual Vincent   
2016-10-08 11:06   
(edited on: 2016-10-08 11:08)
Okay, after reviewing the demo I can now confirm that I was playing on TSPG Painkiller.

I don't remember the server name and I cannot seem to find it, so I guess it's not running anymore. I also don't know whether this was caused due to a bug or by one of the server administators playing around, however seeing as Ru5tK1ng apparently managed to reproduce this there seems to be something odd going on...

Quote
Actually I just did this on DE with Alex and yeah something is very wrong here. I'll try to take a look at it.
(0015806)
WaTaKiD   
2016-10-08 13:56   
id like to point out that the trolls recently that go around spamming, impersonating, votekick abusing, and ban evading are using proxies and can change their ip at any time within a matter of seconds, which im positive is wuts going on here

"Actually I just did this on DE with Alex and yeah something is very wrong here. I'll try to take a look at it."

a few notes down, this is mentioned:
"A significant amount of time was wasted because I had forgotten that I had whitelisted Rustking and myself. Thus no wonder we couldn't kick ourselves from NJ and DE. *facepalm* So NJ and DE are fine too."
(0015820)
Ru5tK1ng   
2016-10-09 04:27   
I'm not sure there's really anything to address here. It's very likely they are just changing their IP as soon as they disconnect. Either that or the person who set up the server is messing around. In 3.0, the handling of getting a players IP was slightly changed to a more reliable method and it is plenty different from 2.1.2.

Unless someone manages to reproduce this with 3.0, the only thing I have to offer is removing the delay to relieve paranoia that users aren't getting banned after kick votes.

The stuff regarding whitelisting is probably better served as a separate ticket.
(0015837)
Dusk   
2016-10-09 11:52   
I concur with that.