search

NTStation / NTstation13

NTstation13 - A version of Spacestation13, forked from /tg/station13.
36 stars 198 forks source link

Food-respawn-shade = Major exploit #861

Open Niknakflak opened 10 years ago

Niknakflak commented 10 years ago

Server revision: 2014-07-21 4e64e00cb9a7138f5d2a36c8e54221a14bee9b64

Description: It's a rather long complicated process that is unlikely to be repeated but however is highly exploitable. This is most likely ONLY a problem on NT. If you are shaded (in a soul stone) you can be put inside of bread or cheese. This bread of cheese can then be grilled, deep fried, or baked into another food item with the various kitchen appliances. However, with the soul stone inside, once the food item is eaten, the player who was soul stoned is kicked from the server. Upon rejoining, they are in the lobby able to join as a new character.

Steps to reproduce: 1) Soul stone an innocent 2) Put Soul stoned innocent into cheese or bread. 3) Deep fry, grille, and or bake the bread or cheese wheel with the soul stone in it, into something else. 4) Eat the new food item, or have Ian eat it. 5) Soul stoned player will be disconnected from the server and upon rejoining be in the lobby with the ability to rejoin as a new character.

Bug was found by Iteq and Saiga and was reproduced multiple times by me.

Anything else? In the event that grilling and deep frying doesn't actually contribute to this bug, it may be 100% dependent on the oven which turns the food into something new rather than just changing how it looks.

@Iamgoofball

Iamgoofball commented 10 years ago

ok I think I know why it does this

everything the oven makes is customizable foods.

customizable foods, when finished, del() the objects inside of them instead of qdelling because qdel+botany plants = runtimes fnr.

when the bread/cheese/what have you gets del'd, it doesn't end up calling the stuff to check for stuff inside of it and disposing of that properly. Resulting in the soulstone getting del() called on it. And the code to move ghosts to being a ghost instead of kicking them when their container gets deleted is inside qdel or Destroy().

the easiest solution is to block soulstones from being put in bread or cheese, and will take the least amount of coding and snowflake.

if you can do me a huge favor and try it w/o deep frying or grilling the bread or what have you, that'd be rad.

RemieRichards commented 10 years ago

least amount of (coding) and snowflake

WHAT. that's THE most snowflake thing you could do! Adding a check for one item to ban it from being in bread and cheese is ludicrously snowflakey!

You should instead make a "banned_from_food" list and check item types against that list.

Tokiko1 commented 10 years ago

I wonder if this also happens with pAIs/carded AIs.

Tokiko1 commented 10 years ago

Yeah! This seems to happen with carded AIs aswell.

JJRcop commented 10 years ago

Would making atom/movable/Del() call Destroy() cause any problems?