From fc864029b9635106a5390aa09d227d7dac31d1a5 Mon Sep 17 00:00:00 2001
From: SmallJoker <mk939@ymail.com>
Date: Sun, 7 Mar 2021 10:04:07 +0100
Subject: Protect per-player detached inventory actions

---
 src/network/serverpackethandler.cpp |  6 +++++-
 src/server/serverinventorymgr.cpp   | 12 ++++++++++++
 src/server/serverinventorymgr.h     |  1 +
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp
index ddc6f4e47..f1ed42302 100644
--- a/src/network/serverpackethandler.cpp
+++ b/src/network/serverpackethandler.cpp
@@ -626,7 +626,7 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
 
 	const bool player_has_interact = checkPriv(player->getName(), "interact");
 
-	auto check_inv_access = [player, player_has_interact] (
+	auto check_inv_access = [player, player_has_interact, this] (
 			const InventoryLocation &loc) -> bool {
 		if (loc.type == InventoryLocation::CURRENT_PLAYER)
 			return false; // Only used internally on the client, never sent
@@ -634,6 +634,10 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
 			// Allow access to own inventory in all cases
 			return loc.name == player->getName();
 		}
+		if (loc.type == InventoryLocation::DETACHED) {
+			if (!getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName()))
+				return false;
+		}
 
 		if (!player_has_interact) {
 			infostream << "Cannot modify foreign inventory: "
diff --git a/src/server/serverinventorymgr.cpp b/src/server/serverinventorymgr.cpp
index 555e01ec6..2a80c9bbe 100644
--- a/src/server/serverinventorymgr.cpp
+++ b/src/server/serverinventorymgr.cpp
@@ -168,6 +168,18 @@ bool ServerInventoryManager::removeDetachedInventory(const std::string &name)
 	return true;
 }
 
+bool ServerInventoryManager::checkDetachedInventoryAccess(
+		const InventoryLocation &loc, const std::string &player) const
+{
+	SANITY_CHECK(loc.type == InventoryLocation::DETACHED);
+
+	const auto &inv_it = m_detached_inventories.find(loc.name);
+	if (inv_it == m_detached_inventories.end())
+		return false;
+
+	return inv_it->second.owner.empty() || inv_it->second.owner == player;
+}
+
 void ServerInventoryManager::sendDetachedInventories(const std::string &peer_name,
 		bool incremental,
 		std::function<void(const std::string &, Inventory *)> apply_cb)
diff --git a/src/server/serverinventorymgr.h b/src/server/serverinventorymgr.h
index ccf6d3b2e..0e4b72415 100644
--- a/src/server/serverinventorymgr.h
+++ b/src/server/serverinventorymgr.h
@@ -43,6 +43,7 @@ public:
 	Inventory *createDetachedInventory(const std::string &name, IItemDefManager *idef,
 			const std::string &player = "");
 	bool removeDetachedInventory(const std::string &name);
+	bool checkDetachedInventoryAccess(const InventoryLocation &loc, const std::string &player) const;
 
 	void sendDetachedInventories(const std::string &peer_name, bool incremental,
 			std::function<void(const std::string &, Inventory *)> apply_cb);
-- 
cgit v1.2.3