Re: Server Crash exploit.
/sign
You are not logged in. Please login or register.
Teeworlds Forum → Development → Server Crash exploit.
/sign
I can +1 to NFD tee.
please provide a patch file
regards
rajh posted a patch file. i have problems with creating a patch because the patch-file changes the code. but you can download the source-file and try to make a patch . if you made a patch please post how you get the correct output
ok i tried it and i hope it will work
1. i removed all files except the createdir.txt file from the directory src/game/generated of your provided .zip
2. to create the patch i used
diff -Naur x/teeworlds-0.4.2-src/src teamspamprot/src > patch_autokick
3. from the teeworlds source folder i applied the patch by
patch -p1 < ../../patch_autokick
and here is the patch
diff -Naur x/teeworlds-0.4.2-src/src/game/g_variables.h teamspamprot/src/game/g_variables.h
--- x/teeworlds-0.4.2-src/src/game/g_variables.h 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/g_variables.h 2008-05-26 10:45:15.000000000 +0200
@@ -55,5 +55,10 @@
MACRO_CONFIG_STR(sv_gametype, 32, "dm")
MACRO_CONFIG_INT(sv_tournament_mode, 0, 0, 1)
MACRO_CONFIG_INT(sv_spamprotection, 1, 0, 1)
+MACRO_CONFIG_INT(sv_teamchanges, 4, 0, 100)
+MACRO_CONFIG_INT(sv_teamchangeskick, 2, 0, 100)
+MACRO_CONFIG_INT(sv_messagesnum, 8, 0, 100)
+MACRO_CONFIG_INT(sv_messageskick, 2, 0, 100)
+MACRO_CONFIG_STR(sv_endroundmessage, 500, "")
MACRO_CONFIG_INT(sv_spectator_slots, 0, 0, 12)
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_common.h teamspamprot/src/game/server/gs_common.h
--- x/teeworlds-0.4.2-src/src/game/server/gs_common.h 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_common.h 2008-05-26 10:51:51.000000000 +0200
@@ -352,6 +352,9 @@
virtual bool take_damage(vec2 force, int dmg, int from, int weapon);
virtual void snap(int snaping_client);
+ int last_message_tick; unsigned char message_num; bool muted;
+ bool teamchanging; unsigned char team_changes; int last_team_set;
+ bool voted;
};
extern player *players;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp teamspamprot/src/game/server/gs_game.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_game.cpp 2008-05-26 11:27:37.000000000 +0200
@@ -90,7 +90,15 @@
{
if(warmup) // game can't end when we are running warmup
return;
-
+ if(strlen(config.sv_endroundmessage) > 0)
+ {
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = config.sv_endroundmessage;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ }
world->paused = true;
game_over_tick = server_tick();
sudden_death = 0;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp teamspamprot/src/game/server/gs_server.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_server.cpp 2008-05-26 13:28:10.000000000 +0200
@@ -39,6 +39,85 @@
static void send_chat(int cid, int team, const char *text)
{
+ if(cid > -1 && cid < MAX_CLIENTS)
+ {
+ player *tmp = get_player(cid);
+ if(strcmp("/++",text) == 0 || strcmp("/--", text) == 0)
+ {
+ if(tmp->voted)
+ {
+ char voted[] = "You already voted the map, ignoring vote";
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = voted;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(cid);
+ }
+ else
+ {
+ tmp->voted = true;
+ dbg_msg("game", "map-voting %s", text);
+ char voted[] = "You voted for the map, thank you";
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = voted;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(cid);
+ }
+
+
+ return;
+ }
+ if(tmp->muted)
+ {
+ if(tmp->last_message_tick + 180*SERVER_TICK_SPEED > server_tick())
+ {
+ tmp->message_num++;
+ if(tmp->message_num > config.sv_messageskick)
+ {
+ server_kick(cid,"You were kicked because of spamming");
+ }
+ return;
+ }
+ else
+ {
+ tmp->muted = false;
+ tmp->message_num = 0;
+ tmp->last_message_tick = server_tick();
+ }
+ }
+ else
+ {
+ if(tmp->last_message_tick + 30*SERVER_TICK_SPEED > server_tick())
+ {
+ if(tmp->message_num >= config.sv_messagesnum)
+ {
+ tmp->muted = true;
+ tmp->message_num = 0;
+ char *muting = (char *)malloc(sizeof(char) * 200);
+ sprintf(muting, "%s was muted for 3 minutes because of spamming.", server_clientname(cid));
+ dbg_msg("chat", "*** %s", muting);
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = muting;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ free(muting);
+ return;
+ }
+ else
+ tmp->message_num++;
+ }
+ else
+ {
+ tmp->last_message_tick = server_tick();
+ tmp->message_num = 0;
+ }
+ }
+ }
if(cid >= 0 && cid < MAX_CLIENTS)
dbg_msg("chat", "%d:%d:%s: %s", cid, team, server_clientname(cid), text);
else
@@ -659,6 +738,9 @@
void player::init()
{
+ voted = false;
+ teamchanging = false; team_changes = 0; last_team_set = server_tick();
+ last_message_tick = server_tick(); message_num = 0; muted = false;
proximity_radius = phys_size;
client_id = -1;
team = -1; // -1 == spectator
@@ -750,6 +832,54 @@
void player::set_team(int new_team)
{
+ if(teamchanging)
+ {
+ if(last_team_set + 180*SERVER_TICK_SPEED > server_tick())
+ {
+ team_changes++;
+ if(team_changes > config.sv_teamchangeskick)
+ {
+ server_kick(client_id,"You were kicked because of fast teamchanging");
+
+ }
+ return;
+ }
+ else
+ {
+ teamchanging = false;
+ team_changes = 0;
+ last_team_set = server_tick();
+ }
+ }
+ else
+ {
+ if(last_team_set + 30*SERVER_TICK_SPEED > server_tick())
+ {
+ if(team_changes >= config.sv_teamchanges)
+ {
+ teamchanging = true;
+ team_changes = 0;
+ char *blocking = (char *)malloc(sizeof(char) * 200);
+ sprintf(blocking, "%s can't change team for 3 minutes", server_clientname(client_id));
+ dbg_msg("chat", "*** %s", blocking);
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = blocking;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ free(blocking);
+ return;
+ }
+ else
+ team_changes++;
+ }
+ else
+ {
+ last_team_set = server_tick();
+ team_changes = 0;
+ }
+ }
// clamp the team
new_team = gameobj->clampteam(new_team);
if(team == new_team)
I run a server myself sometimes, and I can tell what the problem is of the teamchanging: my CPU and RAM raised through the roof while this happened and after my laptop reaches a certain CPU / RAM usage (didn't figure out how much yet), the server program stops responding, causing the server to crash in-game. I haven't been able to reconstruct it though, just happened two times..
@martin.9
thank you don't know why that didn't work here but the patch-file seems to be correct . i will try it at my next mod with the same command, hope that will work
Much respect!
This basters are crashing my server 2 times a week, i hope this patch will help me ))
I have a little problme with martin.9's patch,
azmeuk@ramoloss:~/teeworlds/042$ patch -p1 < ../files/spamprotection.patch
patching file src/game/g_variables.h
patching file src/game/server/gs_common.h
Hunk #1 FAILED at 352.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_common.h.rej
patching file src/game/server/gs_game.cpp
Hunk #1 FAILED at 90.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_game.cpp.rej
patching file src/game/server/gs_server.cpp
Hunk #1 FAILED at 39.
Hunk #2 FAILED at 738.
Hunk #3 FAILED at 832.
3 out of 3 hunks FAILED -- saving rejects to file src/game/server/gs_server.cpp.rej
azmeuk@ramoloss:~/teeworlds/042$
Where am I wrong ?
scosu provided a binary earlier in the thread. no need to compile
oh btw, can this be implemented in the next release? because this seriously needs to be addressed and should be in the official build. otherwise we'll have to be patching every release =P
I need to compile becaus I want to apply another patch ...
i don't know why the patch doesn't work, at least i was not able to make it . But you could simply apply the patch by copy and paste(are not so much changes) or take the src folder from earlier in this thread or take the physics patch. there are the same features but more code changes so it could be difficult to apply another patch.
They aren't. Here is the diff, and thanks for the help.
--- gs_server.cpp 2008-06-09 15:41:10.000000000 -0700
+++ grenade2.cpp 2008-06-09 15:44:55.000000000 -0700
@@ -1,42 +1,36 @@
- case WEAPON_GRENADE:
- {
if(!grenade_shotspread)
+ grenade_shotspread = 3;
+ msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
+ msg_pack_int(grenade_shotspread);
+ for(int i = grenade_shotspread; i <= grenade_shotspread; i++)
{
- int grenade_shotspread = 1;
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(grenade_shotspread);
- }
- else
- {
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(grenade_shotspread*2+1);
- }
-
- for(int i = -grenade_shotspread; i <= grenade_shotspread; i++)
- {
- float spreading[] = {-0.185f, -0.070f, 0, 0.070f, 0.185f};
+
+ float spreading[] = {-0.070f, 0, 0.070f};
+ latest_input.target_x= latest_input.target_x+spreading[i+12];
+ latest_input.target_y= latest_input.target_y+spreading[i+12];
+ vec2 new_dir = normalize(vec2(latest_input.target_x, latest_input.target_y));
float a = get_angle(direction);
a += spreading[i+2];
float v = 1-(abs(i)/(float)grenade_shotspread);
- float speed = mix((float)tuning.shotgun_speeddiff, 1.0f, v);
+ float speed = mix((float)tuning.grenade_speed, 1.0f, v);
projectile *proj = new projectile(WEAPON_GRENADE,
client_id,
projectile_startpos,
- vec2(cosf(a), sinf(a))*speed,
+ new_dir,
(int)(server_tickspeed()*tuning.grenade_lifetime),
this,
1, projectile::PROJECTILE_FLAGS_EXPLODE, 0, SOUND_GRENADE_EXPLODE, WEAPON_GRENADE);
-
+
// pack the projectile and send it to the client directly
NETOBJ_PROJECTILE p;
proj->fill_info(&p);
-
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(1);
+
for(unsigned i = 0; i < sizeof(NETOBJ_PROJECTILE)/sizeof(int); i++)
msg_pack_int(((int *)&p)[i]);
}
+
msg_pack_end();
- server_send_msg(client_id);
+ server_send_msg(client_id);
+
create_sound(pos, SOUND_GRENADE_FIRE);
} break;
@scosu
maybe this mod should also be posted in the "content: other" forum
regards
@martin.9
in case you didn't see it already, i posted it here: http://www.teeworlds.com/forum/viewtopic.php?id=1726
thx
They have tried many times to crash my server, they cant. They should include this patch into the main teeworlds downloads and patch the files in the Ubuntu Repos (where i got my server files).
Teeworlds Forum → Development → Server Crash exploit.
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2009 PunBB.