From 65c15e137fe584edb38edea21c49873be00d554c Mon Sep 17 00:00:00 2001 From: Elias Fleckenstein <54945686+EliasFleckenstein03@users.noreply.github.com> Date: Sat, 26 Sep 2020 18:41:44 +0200 Subject: Patch fast/teleport vulnerability when attached to an entity (#10340) --- src/server/player_sao.cpp | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'src/server') diff --git a/src/server/player_sao.cpp b/src/server/player_sao.cpp index 67efed210..e5b239bba 100644 --- a/src/server/player_sao.cpp +++ b/src/server/player_sao.cpp @@ -558,11 +558,34 @@ void PlayerSAO::setMaxSpeedOverride(const v3f &vel) bool PlayerSAO::checkMovementCheat() { - if (isAttached() || m_is_singleplayer || + if (m_is_singleplayer || g_settings->getBool("disable_anticheat")) { m_last_good_position = m_base_position; return false; } + if (UnitSAO *parent = dynamic_cast(getParent())) { + v3f attachment_pos; + { + int parent_id; + std::string bone; + v3f attachment_rot; + getAttachment(&parent_id, &bone, &attachment_pos, &attachment_rot); + } + + v3f parent_pos = parent->getBasePosition(); + f32 diff = m_base_position.getDistanceFromSQ(parent_pos) - attachment_pos.getLengthSQ(); + const f32 maxdiff = 4.0f * BS; // fair trade-off value for various latencies + + if (diff > maxdiff * maxdiff) { + setBasePosition(parent_pos); + actionstream << "Server: " << m_player->getName() + << " moved away from parent; diff=" << sqrtf(diff) / BS + << " resetting position." << std::endl; + return true; + } + // Player movement is locked to the entity. Skip further checks + return false; + } bool cheated = false; /* -- cgit v1.2.3