Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server Crashing Critical Exploit via in game chat via macros. #5030

Closed
tr1age opened this issue Nov 10, 2022 · 5 comments
Closed

Server Crashing Critical Exploit via in game chat via macros. #5030

tr1age opened this issue Nov 10, 2022 · 5 comments

Comments

@tr1age
Copy link

tr1age commented Nov 10, 2022

We've discovered a vulnerability of ServUO, where a user with Razor Enhanced can bring ServUO activity to a stand-still, where other players can't move and then several people become disconnected.

It appears to occur with looping scripts without pauses that send any of these commands in rapid succession, using a loop without pauses:

Player.ChatWhisper
Player.ChatYell
Player.ChatAlliance
Player.ChatGuild
Player.ChatEmote

These are all routed through the AsciiSpeech packet handler.

unknown

For instance, this script prevented other users from moving while it was running:

while True:
Player.ChatWhisper(20, "all follow me")

After many seconds, we got a console error:
"Too much data pending, disconnecting..."

unknown

...and then several users were disconnected.

unknown

It can range from 1 - 50 - 100 depending on how many are online.

This seems to be a MAJOR vulnerability, where one user can spoil the game for others. We'd like to join together to get a resolution to this quickly as it is pretty damaging to servers.
@Voxpire
Copy link
Contributor

Voxpire commented Nov 10, 2022

If you haven't yet updated to P58, I recommend installing this:
https://github.com/ServUO/ServUO/blob/p58-wip/Server/Network/PacketThrottles.cs

@Voxpire Voxpire closed this as completed Nov 10, 2022
@tr1age
Copy link
Author

tr1age commented Nov 10, 2022

If we are running publish 57 this error occurs

Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(173,11): error CS1061: 'NetState' does not contain a definition for 'IsThrottled' and no accessible extension method 'IsThrottled' accepting a first argument of type 'NetState' could be found (are you missing a using directive or an assembly reference?) [F:\UOAlive\UOAlive\Server\Server.csproj]

Build FAILED.

Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(173,11): error CS1061: 'NetState' does not contain a definition for 'IsThrottled' and no accessible extension method 'IsThrottled' accepting a first argument of type 'NetState' could be found (are you missing a using directive or an assembly reference?) [F:\UOAlive\UOAlive\Server\Server.csproj]
    0 Warning(s)
    3 Error(s)

@ServUO ServUO deleted a comment from tr1age Nov 10, 2022
@Voxpire
Copy link
Contributor

Voxpire commented Nov 10, 2022

You'll need to copy this section of code into NetState.cs:
https://github.com/ServUO/ServUO/blob/p58-wip/Server/Network/NetState.cs#L1441

@Voxpire Voxpire reopened this Nov 10, 2022
@tr1age
Copy link
Author

tr1age commented Nov 10, 2022

Ok now I have it down to 3 errors

`Network\MessagePump.cs(233,20): error CS0176: Member 'NetState.GetHandler(int)' cannot be accessed with an instance reference; qualify it with a type name instead [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]

Build FAILED.

Network\MessagePump.cs(233,20): error CS0176: Member 'NetState.GetHandler(int)' cannot be accessed with an instance reference; qualify it with a type name instead [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
0 Warning(s)
3 Error(s)`

@tr1age
Copy link
Author

tr1age commented Nov 10, 2022

Ok down to 2

`Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]

Build FAILED.

Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
Network\PacketThrottles.cs(154,48): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj]
0 Warning(s)
2 Error(s)`

@Voxpire Voxpire closed this as completed Nov 10, 2022
DocKnight86 added a commit to TrueUO/TrueUO that referenced this issue Nov 11, 2022
@DocKnight86
Fixes this issue from ServUO/RunUO
cb90b95 
ServUO/ServUO#5030
@TrueUO TrueUO mentioned this issue Nov 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Voxpire @tr1age