search

SymmetricDevs / Supersymmetry

Repository for the Supersymmetry Minecraft Modpack
GNU Lesser General Public License v3.0
197 stars 84 forks source link

XNET exploit involving paste from clipboard (connector) #818

Closed NeoRussia closed 3 months ago

NeoRussia commented 3 months ago

Description of the Bug

The paste from clipboard function with connector configuration can bypass value limitations on XNET connectors. This allows a player to use any integer for values such as speed for xnet channels, allowing for infinite throughput or corrupting the entity or even world file with invalid logic.

Reproduction

paste this code into connector for funny:

{
  "type": "xnet.item",
  "connector": {
    "rsmode": "IGNORED",
    "color0": "OFF",
    "color1": "OFF",
    "color2": "OFF",
    "color3": "OFF",
    "side": "WEST",
    "facingoverride": "WEST",
    "advancedneeded": false,
    "itemmode": "EXT",
    "extractmode": "FIRST",
    "stackmode": "SINGLE",
    "oredictmode": false,
    "metamode": false,
    "nbtmode": false,
    "blacklist": false,
    "priority": 0,
    "speed": 0,
    "filter0": {
      "item": "gregtech:machine",
      "meta": 1004
    }
  },
  "advanced": false
}

Version

SUSY 1.12.5 ( xnet-1.12-1.8.2 )

Relevant log output

Description: Ticking block entity

java.lang.ArithmeticException: / by zero
    at mcjty.xnet.apiimpl.items.ItemChannelSettings.tick(ItemChannelSettings.java:162)
    at mcjty.xnet.blocks.controller.TileEntityController.TickCentral_TrueITickableUpdate(TileEntityController.java:250)
    at com.github.terminatornl.tickcentral.api.TickHub.trueUpdate(TickHub.java:48)
    at com.github.terminatornl.laggoggles.Main.redirectUpdate(Main.java:94)
    at mcjty.xnet.blocks.controller.TileEntityController.update(TileEntityController.java)
    at net.minecraft.world.World.updateEntities(World.java:1838)
    at net.minecraft.world.WorldServer.updateEntities(WorldServer.java:613)
    at net.minecraft.server.MinecraftServer.updateTimeLightAndEntities(MinecraftServer.java:767)
    at net.minecraft.server.MinecraftServer.tick(MinecraftServer.java:668)
    at net.minecraft.server.integrated.IntegratedServer.tick(IntegratedServer.java:279)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:526)
    at java.lang.Thread.run(Thread.java:750)
trainvoi commented 3 months ago

:trollface:

bruberu commented 3 months ago

This might replicate in modern versions of Xnet as well.

CaliforniaDemise commented 3 months ago

I can look

CaliforniaDemise commented 3 months ago

Fixed in this

loxoDev commented 3 months ago

Nice, good work. Ill leave this open until we incorporated your fork.

loxoDev commented 3 months ago

Fixed in #823