diff options
author | Elias Fleckenstein <54945686+EliasFleckenstein03@users.noreply.github.com> | 2020-09-26 18:41:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-26 18:41:44 +0200 |
commit | 65c15e137fe584edb38edea21c49873be00d554c (patch) | |
tree | e568a43296a64b904f77cf786bdc3eaf0091a946 | |
parent | 917e357bcaf5b7ebb77afe16b8c8fbe53b827e79 (diff) | |
download | minetest-65c15e137fe584edb38edea21c49873be00d554c.tar.gz minetest-65c15e137fe584edb38edea21c49873be00d554c.tar.bz2 minetest-65c15e137fe584edb38edea21c49873be00d554c.zip |
Patch fast/teleport vulnerability when attached to an entity (#10340)
-rw-r--r-- | src/server/player_sao.cpp | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/server/player_sao.cpp b/src/server/player_sao.cpp index 67efed210..e5b239bba 100644 --- a/src/server/player_sao.cpp +++ b/src/server/player_sao.cpp @@ -558,11 +558,34 @@ void PlayerSAO::setMaxSpeedOverride(const v3f &vel) bool PlayerSAO::checkMovementCheat() { - if (isAttached() || m_is_singleplayer || + if (m_is_singleplayer || g_settings->getBool("disable_anticheat")) { m_last_good_position = m_base_position; return false; } + if (UnitSAO *parent = dynamic_cast<UnitSAO *>(getParent())) { + v3f attachment_pos; + { + int parent_id; + std::string bone; + v3f attachment_rot; + getAttachment(&parent_id, &bone, &attachment_pos, &attachment_rot); + } + + v3f parent_pos = parent->getBasePosition(); + f32 diff = m_base_position.getDistanceFromSQ(parent_pos) - attachment_pos.getLengthSQ(); + const f32 maxdiff = 4.0f * BS; // fair trade-off value for various latencies + + if (diff > maxdiff * maxdiff) { + setBasePosition(parent_pos); + actionstream << "Server: " << m_player->getName() + << " moved away from parent; diff=" << sqrtf(diff) / BS + << " resetting position." << std::endl; + return true; + } + // Player movement is locked to the entity. Skip further checks + return false; + } bool cheated = false; /* |