Anonymous Login
2021-09-29 02:15 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000974OpenClonkEngine - Networkpublic2017-08-20 12:11
Assigned To 
Product Version 
Target Version9.0Fixed in Version 
Summary0000974: Network security: C4Control* doesn't check player affiliation
DescriptionNowhere does the engine check that the client issuing a C4Control* packet actually owns the player affected by it. The engine should check that only owning clients can issue player control packets.
TagsNo tags attached.
Attached Files

related to 0000936closedIsilkor Network security: C4ControlScript::fInternal 



Newton (administrator)

Is this a duplicate of ?


Isilkor (developer)

Last edited: 2013-11-10 19:59

View 2 revisions

To elaborate: this is about any client sending out control packets for players which are local to another client. These are always forged, because clients cannot control non-local players.


Sven2 (developer)

Iirc PeterW said the problem with adding checks was that packets may be sent through forward packets when direct connections are not available. In this case the client ID would not be matching the local client of the player.

-Issue History
Date Modified Username Field Change
2013-09-11 13:37 Isilkor New Issue
2013-09-11 13:37 Isilkor Status new => assigned
2013-09-11 13:37 Isilkor Assigned To => Isilkor
2013-09-11 13:37 Isilkor Issue generated from: 0000936
2013-09-11 13:37 Isilkor Relationship added related to 0000936
2013-11-10 19:25 Newton Note Added: 0002736
2013-11-10 19:57 Isilkor Note Added: 0002740
2013-11-10 19:59 Isilkor Note Edited: 0002740 View Revisions
2015-12-03 21:17 Isilkor Assigned To Isilkor =>
2015-12-03 21:17 Isilkor Status assigned => new
2015-12-04 15:05 Sven2 Note Added: 0004251
2017-08-05 13:58 Maikel Target Version => 8.0
2017-08-20 12:11 Zapper Target Version 8.0 => 9.0
+Issue History