Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004067Zandronum[All Projects] Bugpublic2022-12-29 17:292023-03-26 21:05
ReporterKaminsky 
Assigned ToKaminsky 
PriorityhighSeveritymajorReproducibilityalways
Statusneeds testingResolutionopen 
PlatformOSOS Version
Product Version3.1 
Target Version3.2Fixed in Version 
Summary0004067: Clients kicked by the server for wrong version/password can still trigger DISCONNECT scripts
DescriptionClients who haven't fully connected to a server but are kicked for using the wrong version (e.g. connecting to a 3.2-alpha server with a 3.1 client) or connect password can still execute DISCONNECT ACS scripts. These scripts should only be executed if players that were already in the game (i.e. not a true spectator) leave. Clients that are still connecting to the server are obviously not in the game yet, so it shouldn't be executing when they disconnect.

This can be a problem for mods that use these script types, and in some cases exploitable.
Steps To Reproduce1. Host a server (either 3.1 or 3.2-alpha) with disconnecttest.wad loaded, and also set sv_password to something that isn't blank. If a player disconnects from the game, the message "Oh my god, a player left!" will be printed for everyone.

2. Have one client join the server with the correct version and password. Make sure they successfully connect to the server.

3. Have a second client join the server with the wrong version or password. They will be kicked before they connect, but the aforementioned message will still be printed, indicating that the script executed.
Additional InformationThanks a lot to Langrenus for reporting the issue.
Attached Files? file icon disconnecttest.wad [^] (387 bytes) 2022-12-29 17:29

- Relationships

-  Notes
User avatar (0022820)
Kaminsky (developer)
2023-03-26 21:05

 This issue should be fixed with:http://hg.osdn.net/view/zandronum/zandronum-stable/rev/328e98119da6 [^]

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2022-12-29 17:29 Kaminsky New Issue
2022-12-29 17:29 Kaminsky Status new => assigned
2022-12-29 17:29 Kaminsky Assigned To => Kaminsky
2022-12-29 17:29 Kaminsky File Added: disconnecttest.wad
2023-03-24 14:38 Kaminsky Additional Information Updated View Revisions
2023-03-26 21:05 Kaminsky Note Added: 0022820
2023-03-26 21:05 Kaminsky Status assigned => needs testing




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2023 MantisBT Team
Powered by Mantis Bugtracker