Anonymous Login
2018-12-16 10:59 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000974OpenClonkEngine - Networkpublic2017-08-20 12:11
ReporterIsilkor 
Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
StatusnewResolutionopen 
Product Version 
Target Version9.0Fixed in Version 
Summary0000974: Network security: C4Control* doesn't check player affiliation
DescriptionNowhere does the engine check that the client issuing a C4Control* packet actually owns the player affected by it. The engine should check that only owning clients can issue player control packets.
TagsNo tags attached.
Attached Files

-Relationships
related to 0000936closedIsilkor Network security: C4ControlScript::fInternal 
+Relationships

-Notes

~0002736

Newton (administrator)

Is this a duplicate of http://bugs.openclonk.org/view.php?id=695 ?

~0002740

Isilkor (developer)

Last edited: 2013-11-10 19:59

View 2 revisions

No.
To elaborate: this is about any client sending out control packets for players which are local to another client. These are always forged, because clients cannot control non-local players.

~0004251

Sven2 (developer)

Iirc PeterW said the problem with adding checks was that packets may be sent through forward packets when direct connections are not available. In this case the client ID would not be matching the local client of the player.
+Notes

-Issue History
Date Modified Username Field Change
2013-09-11 13:37 Isilkor New Issue
2013-09-11 13:37 Isilkor Status new => assigned
2013-09-11 13:37 Isilkor Assigned To => Isilkor
2013-09-11 13:37 Isilkor Issue generated from: 0000936
2013-09-11 13:37 Isilkor Relationship added related to 0000936
2013-11-10 19:25 Newton Note Added: 0002736
2013-11-10 19:57 Isilkor Note Added: 0002740
2013-11-10 19:59 Isilkor Note Edited: 0002740 View Revisions
2015-12-03 21:17 Isilkor Assigned To Isilkor =>
2015-12-03 21:17 Isilkor Status assigned => new
2015-12-04 15:05 Sven2 Note Added: 0004251
2017-08-05 13:58 Maikel Target Version => 8.0
2017-08-20 12:11 Zapper Target Version 8.0 => 9.0
+Issue History