-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cl_filterstuffcmd bypass problem #1497
Comments
The second method does not refer to goldsource engine. For this is a little different: |
Valve, you should just block all commands from server. |
Good, Nice! |
I confirm it and you'd better make it work. |
The first approach abuses the director command message to stuff text from the local client's side. Special case code can be written in CL_Parse_Director:
Trivially easy to fix. EDIT:
|
You can't filter only by one received |
Alright, so incoming strings should first be preprocessed to skip newlines that occur at the start.
Should probably do a thorough check in the command buffer code to see if any other edge cases like this exist though. |
Not only '\n': #268 (comment) |
I see, that's not quite as simple to fix. You could "fake" execute it first to parse out the wait commands, but that's not easy to do in this codebase.
Basically like that. Then you can just filter out illegal commands by pruning them from the list. It's costly compared to how it does things now, it might be cheaper to just stick in special commands in front and back that denote when the command came from the server (with special handling for the director message and other exploitable commands in official games), which would make the command processor filter them out. Of course, a complete rewrite is probably saner than trying to work around it. I'd rewrite it to preparse the commands and store the origin of the message (again with special handling for directormessage) so that the parser will filter them out. That would increase memory usage, which means out of memory issues will show up more frequently due to how the engine manages memory. I suppose you could statically allocate command buffers and define a hardcoded number of commands each can have, not sure. Maybe take Source's version? EDIT: looks like Source just marks commands with flags to ensure they can only be executed if the necessarily privileges are set:
Seeing as these cvars and commands are internal, they could probably be updated to work with flags. Both already have a flags variable, so adding this is possible, although mods that re-purposed free flags might have issues. Whatever Source uses to secure execution can probably be backported. |
You can just write commands received from server into another command buffer and execute it after executing default command buffer. |
That also works :P |
Would be nice if something would happen with this. Seemingly more, and more server are using this. |
@kisak-valve done. |
@kisak-valve @Solokiller Question, shouldn't sending "retry" to the client work if cl_filterstuffcmd is 0? Because when testing with a current Windows stand-alone server (using steamcmd), it was blocked. (Can anyone confirm this?) I could really need the "retry" command to circumvent a bug in AMXX where normal players occasionally get assigned a 127.0.0.1 IP, presumably because AMXX thinks they are bots. alliedmodders/amxmodx#848 This bug can be circumvented either by re-writing all plugins which use "get_user_ip", or for a "catch all" my idea was to send the "retry" command to clients when this happens. (I don't want to kick them.) |
|
Thanks. Since the dev wiki has it different, I was hoping it got blocked by mistake. Guess not then. :) https://developer.valvesoftware.com/wiki/Admin_Slowhacking#Blocking |
You can bypass any slowhack protection by sending a specified message for the client. This messages can be done by AMX Mod X plugins.
Here is some stocks for AMXX:
Or another way with CBuf_Exute using \x0A instead of ';' we can forward cmds to CBuf_AddText.
The text was updated successfully, but these errors were encountered: