Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004067Zandronum[All Projects] Bugpublic2022-12-29 17:292024-01-01 01:39
ReporterKaminsky 
Assigned ToKaminsky 
PriorityhighSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.1 
Target Version3.2Fixed in Version3.2 
Summary0004067: Clients kicked by the server for wrong version/password can still trigger DISCONNECT scripts
DescriptionClients who haven't fully connected to a server but are kicked for using the wrong version (e.g. connecting to a 3.2-alpha server with a 3.1 client) or connect password can still execute DISCONNECT ACS scripts. These scripts should only be executed if players that were already in the game (i.e. not a true spectator) leave. Clients that are still connecting to the server are obviously not in the game yet, so it shouldn't be executing when they disconnect.

This can be a problem for mods that use these script types, and in some cases exploitable.
Steps To Reproduce1. Host a server (either 3.1 or 3.2-alpha) with disconnecttest.wad loaded, and also set sv_password to something that isn't blank. If a player disconnects from the game, the message "Oh my god, a player left!" will be printed for everyone.

2. Have one client join the server with the correct version and password. Make sure they successfully connect to the server.

3. Have a second client join the server with the wrong version or password. They will be kicked before they connect, but the aforementioned message will still be printed, indicating that the script executed.
Additional InformationThanks a lot to Langrenus for reporting the issue.
Attached Files? file icon disconnecttest.wad [^] (387 bytes) 2022-12-29 17:29

- Relationships

-  Notes
User avatar (0022820)
Kaminsky (developer)
2023-03-26 21:05

 This issue should be fixed with:'http://hg.osdn.net/view/zandronum/zandronum-stable/rev/328e98119da6 [^]'
User avatar (0022947)
Ru5tK1ng (updater)
2024-01-01 01:39

 Ran test wad with r231220 and connected 2 clients. One client disconnected and triggered the disconnect script. A new client with the incorrect password did not join and did not trigger the script.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2022-12-29 17:29 Kaminsky New Issue
2022-12-29 17:29 Kaminsky Status new => assigned
2022-12-29 17:29 Kaminsky Assigned To => Kaminsky
2022-12-29 17:29 Kaminsky File Added: disconnecttest.wad
2023-03-24 14:38 Kaminsky Additional Information Updated View Revisions
2023-03-26 21:05 Kaminsky Note Added: 0022820
2023-03-26 21:05 Kaminsky Status assigned => needs testing
2024-01-01 01:39 Ru5tK1ng Note Added: 0022947
2024-01-01 01:39 Ru5tK1ng Status needs testing => resolved
2024-01-01 01:39 Ru5tK1ng Resolution open => fixed
2024-01-01 01:39 Ru5tK1ng Fixed in Version => 3.2




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker