minetest
/
minetest
mirror of https://github.com/minetest/minetest.git
1
0
Fork 0
Code Issues Releases Wiki Activity
minetest/src
History
Jozef Behran 33afe1fb56 Fix randomly rejected form field submits (#8091) 
If a formspec is submitted from a form fields handling
callback of another form (or "formspec shown from another
formspec"), the fields submitted for it can get
rejected by the form exploit mitigation subsystem with a
message like "'zorman2000' submitted formspec
('formspec_error:form2') but server hasn't sent formspec to
client, possible exploitation attempt" being sent to logs.
This was already reported as #7374 and a change was made
that fixed the simple testcase included with that bug
report but the bug still kept lurking around and popping
out in more complicated scenarios like the advtrains TSS
route programming UI.

Deep investigation of the problem revealed that this
sequence of events is entirely possible and leads to the
bug:

  1. Server: show form1
  2. Client *shows form1*
  3. Client: submits form1
  4. Server: show form2
  5. Client: says form1 closed
  6. Client *shows form2*
  7. Client: submits form2

What happens inside the code is that when the server in
step 4 sends form2, the registry of opened forms is
updated to reflect the fact that form2 is now the valid
form for the client to submit. Then when in step 5 client
says "form1 was closed", the exploit mitigation subsystem
code deletes the registry entry for the client without
bothering to check whether the form client says was
closed just now is indeed the form that is recorded in
that entry as the valid form. Then later, in step 7 the
client tries to submit its valid form fields, these will
be rejected because the entry is missing.

It turns out the procedure where the broken code resides
already gets the form name so a simple "if" around the
offending piece of code fixes the whole thing. And
advtrains TSS agrees with that.
 		2019-01-21 09:53:09 +01:00
..
client Import strstr function from FreeBSD 11 libc 2019-01-10 00:17:08 +01:00
content Optimize subgames search a little bit (#8096) 2019-01-18 10:47:50 +01:00
database Fix on_successful_save -> onSuccessfulSave 2019-01-04 11:33:04 +01:00
gui Android: Fix memory leak when displaying images in the mainmenu (#8011) 2018-12-22 08:46:41 +01:00
irrlicht_changes Drop .NET-specific workaround: _IRR_IMPLEMENT_MANAGED_MARSHALLING_BUGFIX 2018-11-11 18:08:15 +01:00
mapgen Fix Mapgen Valleys getSpawnLevelAtPoint() (#7756) 2018-10-03 00:50:21 +01:00
network Fix various bugs (Anticheat, Lua helpers) (#8013) 2019-01-06 10:24:44 +01:00
script Fix wrong code comment (#8061) 2019-01-06 17:21:04 +01:00
server Add an activeobject manager to hold active objects (#7939) 2018-12-13 20:18:54 +01:00
threading Fix 5 issues reported by PVS studio 2018-04-04 08:40:31 +02:00
unittest Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
util Drop libgmp on Android and use mini-gmp (#8047) 2019-01-04 16:45:37 +01:00
CMakeLists.txt Revert "Fix another GCC warning" 2018-12-04 16:45:07 +01:00
activeobject.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
activeobjectmgr.h Add an activeobject manager to hold active objects (#7939) 2018-12-13 20:18:54 +01:00
ban.cpp Add unittests on ActiveObject and BanManager class (#6866) 2018-01-01 18:48:52 +01:00
ban.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
chat.cpp Fix last performance-type-promotion-in-math-fn problems 2018-04-04 07:42:40 +02:00
chat.h Fix last performance-type-promotion-in-math-fn problems 2018-04-04 07:42:40 +02:00
chat_interface.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
chatmessage.h Travis: Update clang from 4.0 to 5.0 (#6467) 2017-10-09 11:32:06 +02:00
clientiface.cpp Add Lua methods 'set_rotation()' and 'get_rotation()' (#7395) 2018-11-28 09:38:50 +01:00
clientiface.h Check node updates whether the blocks are known (#7568) 2018-08-16 20:10:34 +02:00
clientsimpleobject.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
cloudparams.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
cmake_config.h.in C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
cmake_config_githash.h.in C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
collision.cpp Move client-specific files to 'src/client' (#7902) 2018-11-28 20:01:49 +01:00
collision.h Client-side autojump. Remove Android-only stepheight autojump (#7228) 2018-11-22 21:47:15 +00:00
config.h Update version correctly again (#6462) 2017-09-26 20:30:42 +02:00
constants.h Customizeable max breath for players (#6411) 2017-09-15 12:18:47 +02:00
content_mapnode.cpp Modernize src/c* src/d* and src/e* files (#6263) 2017-08-17 23:02:50 +02:00
content_mapnode.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
content_nodemeta.cpp C++11 patchset 9: move hardcoded init parameters to class definitions (part 1) (#5984) 2017-06-16 11:25:52 +02:00
content_nodemeta.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
content_sao.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
content_sao.h Add Lua methods 'set_rotation()' and 'get_rotation()' (#7395) 2018-11-28 09:38:50 +01:00
convert_json.cpp Add online content repository 2018-04-19 20:14:53 +01:00
convert_json.h Update JsonCPP to 1.8.3 (#6466) 2017-09-26 20:30:14 +02:00
craftdef.cpp Speed up the craft definition handling (#8097) 2019-01-13 15:11:47 +01:00
craftdef.h Modernize src/c* src/d* and src/e* files (#6263) 2017-08-17 23:02:50 +02:00
daynightratio.h Modernize src/c* src/d* and src/e* files (#6263) 2017-08-17 23:02:50 +02:00
debug.cpp Fix some misspellings (#8104) 2019-01-16 13:39:13 +01:00
debug.h Remove DSTACK support (#6346) 2017-08-30 08:09:41 +02:00
defaultsettings.cpp Extend pitch fly mode to swimming (#7943) 2018-12-31 00:07:30 +00:00
defaultsettings.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
emerge.cpp Fix crash caused by Lua error during startup (#7473) 2018-06-22 21:04:41 +02:00
emerge.h Node definition manager refactor (#7016) 2018-02-10 21:04:16 +01:00
environment.cpp Raycast: export exact pointing location (#6304) 2018-08-16 20:10:08 +02:00
environment.h Revert "Add an active object step time budget #6721" 2018-01-12 23:47:39 -08:00
event.h event.h: Fix import GCC warning caused by ce87310 2018-03-31 14:33:54 +02:00
exceptions.h Modernize source code: last part (#6285) 2017-08-20 13:30:50 +02:00
face_position_cache.cpp Modernize various files 2017-08-18 07:44:52 +02:00
face_position_cache.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
filesys.cpp Fix a stringop-truncation GCC warning 2018-12-04 12:39:19 +01:00
filesys.h Load files from subfolders in texturepacks 2017-11-17 19:23:08 +00:00
gamedef.h Client eventmanager refactor (#7179) 2018-03-30 18:32:52 +02:00
gameparams.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
genericobject.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
genericobject.h Add Lua methods 'set_rotation()' and 'get_rotation()' (#7395) 2018-11-28 09:38:50 +01:00
gettext.cpp Modernize various files 2017-08-18 07:44:52 +02:00
gettext.h Fix segfault caused by wrong wgettext() 2018-04-09 16:25:57 +02:00
gettime.h Modernize source code: last part (#6285) 2017-08-20 13:30:50 +02:00
httpfetch.cpp Add online content repository 2018-04-19 20:14:53 +01:00
httpfetch.h Travis: Update clang from 4.0 to 5.0 (#6467) 2017-10-09 11:32:06 +02:00
hud.cpp Fix last clang-tidy reported problems for performance-type-promotion-in-math-fn 2018-04-03 23:05:22 +02:00
hud.h Raise hotbar limit to 32 slots, add associated keybinding options (#7916) 2018-12-02 23:34:29 +01:00
inventory.cpp Inv deSerialize(): Prevent infinite loop, error on failure (#7711) 2018-09-14 20:29:21 +02:00
inventory.h Allow overriding tool capabilities through itemstack metadata 2017-10-29 11:57:38 +00:00
inventorymanager.cpp Fix various code issues found by cppcheck (#7741) 2018-09-23 20:12:39 +01:00
inventorymanager.h Run callback in IDropAction, refactor function arguments 2018-04-02 17:18:48 +02:00
irr_aabb3d.h Revert 6587 - Optimize entity-entity collision (#7539) 2018-07-08 21:30:55 +01:00
irr_v2d.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
irr_v3d.h Revert 6587 - Optimize entity-entity collision (#7539) 2018-07-08 21:30:55 +01:00
irrlichttypes.h Fix Android build (#7873) 2018-11-18 11:48:16 +01:00
irrlichttypes_bloated.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
irrlichttypes_extrabloated.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
itemdef.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
itemdef.h Overlays for wield and inventory images (#6107) 2017-08-25 13:20:53 +02:00
itemgroup.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
itemstackmetadata.cpp Add player:get_meta(), deprecate player attributes (#7202) 2018-04-06 10:52:29 +02:00
itemstackmetadata.h Add player:get_meta(), deprecate player attributes (#7202) 2018-04-06 10:52:29 +02:00
light.cpp Light curve: Simplify and improve code, fix darkened daytime sky (#7693) 2018-09-16 17:59:42 +01:00
light.h Light curve: Simplify and improve code, fix darkened daytime sky (#7693) 2018-09-16 17:59:42 +01:00
log.cpp Fix missing warningstream (or similar problem) (#7034) 2018-03-04 17:34:36 +01:00
log.h Fix missing warningstream (or similar problem) (#7034) 2018-03-04 17:34:36 +01:00
main.cpp Add command line option to load password from file (#7832) 2018-12-18 20:15:14 +01:00
map.cpp Allow an optional readonly base database (#7544) 2018-07-25 17:54:23 +02:00
map.h Send only changed node metadata to clients instead of whole mapblock (#5268) 2018-12-04 20:37:48 +01:00
map_settings_manager.cpp Move files to subdirectories (#6599) 2017-11-08 23:56:20 +01:00
map_settings_manager.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
mapblock.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
mapblock.h Optimize ABM checks. 2018-07-21 03:09:39 -07:00
mapnode.cpp mapnode: add const/noexcept (#8009) 2018-12-22 17:36:24 +01:00
mapnode.h mapnode: add const/noexcept (#8009) 2018-12-22 17:36:24 +01:00
mapsector.cpp ServerMap saving: cleanups (#6274) 2017-08-19 11:29:46 +02:00
mapsector.h ServerMap saving: cleanups (#6274) 2017-08-19 11:29:46 +02:00
metadata.cpp Add player:get_meta(), deprecate player attributes (#7202) 2018-04-06 10:52:29 +02:00
metadata.h Add player:get_meta(), deprecate player attributes (#7202) 2018-04-06 10:52:29 +02:00
modchannels.cpp Add session_t typedef + remove unused functions (#6470) 2017-09-27 19:47:36 +02:00
modchannels.h Add session_t typedef + remove unused functions (#6470) 2017-09-27 19:47:36 +02:00
modifiedstate.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
nameidmapping.cpp Code modernization: src/n*, src/o* (#6280) 2017-08-19 11:30:46 +02:00
nameidmapping.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
nodedef.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
nodedef.h Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
nodemetadata.cpp Send only changed node metadata to clients instead of whole mapblock (#5268) 2018-12-04 20:37:48 +01:00
nodemetadata.h Send only changed node metadata to clients instead of whole mapblock (#5268) 2018-12-04 20:37:48 +01:00
nodetimer.cpp Code modernization: src/n*, src/o* (#6280) 2017-08-19 11:30:46 +02:00
nodetimer.h Code modernization: src/n*, src/o* (#6280) 2017-08-19 11:30:46 +02:00
noise.cpp Fix more clang-tidy reported problems for performance-type-promotion-in-math-fn 2018-04-03 21:58:29 +02:00
noise.h Code modernization: src/n*, src/o* (#6280) 2017-08-19 11:30:46 +02:00
objdef.cpp Fix Windows build, clean up included headers 2015-05-22 20:37:59 +02:00
objdef.h Node definition manager refactor (#7016) 2018-02-10 21:04:16 +01:00
object_properties.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
object_properties.h Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
pathfinder.cpp Optimize path finalization in pathfinder (#8100) 2019-01-12 16:57:26 +01:00
pathfinder.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
player.cpp Extend pitch fly mode to swimming (#7943) 2018-12-31 00:07:30 +00:00
player.h Extend pitch fly mode to swimming (#7943) 2018-12-31 00:07:30 +00:00
porting.cpp porting.cpp: better minetest support on BSD 2018-12-11 17:35:39 +01:00
porting.h Add a MSVC / Windows compatible snprintf function (#7353) 2018-07-22 21:56:06 +02:00
porting_android.cpp Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
porting_android.h Android build fixes for c++11 2018-03-11 16:56:27 +01:00
profiler.cpp Travis: Update clang from 4.0 to 5.0 (#6467) 2017-10-09 11:32:06 +02:00
profiler.h Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
quicktune.cpp Use C++11 mutexes only (remove compat code) (#5922) 2017-06-06 16:29:28 +02:00
quicktune.h Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
quicktune_shortcutter.h Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
raycast.cpp Ease selection of entities behind nodes (#7739) 2018-10-26 19:23:33 +02:00
raycast.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
reflowscan.cpp Node definition manager refactor (#7016) 2018-02-10 21:04:16 +01:00
reflowscan.h Node definition manager refactor (#7016) 2018-02-10 21:04:16 +01:00
remoteplayer.cpp Fix on_successful_save -> onSuccessfulSave 2019-01-04 11:33:04 +01:00
remoteplayer.h Fix on_successful_save -> onSuccessfulSave 2019-01-04 11:33:04 +01:00
rollback.cpp Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
rollback.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
rollback_interface.cpp Send only changed node metadata to clients instead of whole mapblock (#5268) 2018-12-04 20:37:48 +01:00
rollback_interface.h Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
serialization.cpp compressZlib: don't use a SharedBuffer but a raw u8 * pointer 2017-07-27 07:56:48 +02:00
serialization.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
server.cpp Fix randomly rejected form field submits (#8091) 2019-01-21 09:53:09 +01:00
server.h Send only changed node metadata to clients instead of whole mapblock (#5268) 2018-12-04 20:37:48 +01:00
serverenvironment.cpp Fix some misspellings (#8104) 2019-01-16 13:39:13 +01:00
serverenvironment.h Add an activeobject manager to hold active objects (#7939) 2018-12-13 20:18:54 +01:00
serverlist.cpp Update JsonCPP to 1.8.3 (#6466) 2017-09-26 20:30:14 +02:00
serverlist.h Add online content repository 2018-04-19 20:14:53 +01:00
serverobject.cpp Code modernization: src/p*, src/q*, src/r*, src/s* (partial) (#6282) 2017-08-19 14:25:35 +02:00
serverobject.h Fix C++11 violation that broke clang on Debian Stretch 2018-12-16 20:08:25 +01:00
settings.cpp Advanced settings noiseparams: Remove '}' left in .conf 2019-01-19 18:31:41 +00:00
settings.h Fix issue Minetest crash when custom font path is not exist 2017-11-08 16:14:00 +01:00
settings_translation_file.cpp Update minetest.conf.example and run updatepo.sh (#7947) 2018-12-09 14:16:58 +01:00
sound.h Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
staticobject.cpp ServerEnvironment & StaticObject cleanups 2018-03-09 23:27:26 +01:00
staticobject.h ServerEnvironment & StaticObject cleanups 2018-03-09 23:27:26 +01:00
terminal_chat_console.cpp Modernize source code: last part (#6285) 2017-08-20 13:30:50 +02:00
terminal_chat_console.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
tileanimation.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
tileanimation.h Bump minimal protocol version to 36 (#6319) 2017-08-29 19:26:55 +02:00
tool.cpp Proselytize the network. Use IEEE F32 (#8030) 2019-01-03 17:04:26 +01:00
tool.h Tool.cpp/.h, lua_api/l_util.cpp: Tidy up code and remove dead code 2018-01-03 04:01:15 +00:00
translation.cpp Fix a -Wcatch-value warning reported by GCC 8.1 2018-05-28 14:17:19 +02:00
translation.h Add clientside translations. 2017-08-24 17:54:10 +02:00
version.cpp Update version correctly again (#6462) 2017-09-26 20:30:42 +02:00
version.h C++ modernize: Pragma once (#6264) 2017-08-17 22:19:39 +02:00
voxel.cpp Node definition manager refactor (#7016) 2018-02-10 21:04:16 +01:00
voxel.h VoxelArea: add_{x,y,z,p} must be static 2018-03-09 23:27:26 +01:00
voxelalgorithms.cpp Fix typo in lighting code since bcdb3d5 2018-03-10 09:37:43 +01:00
voxelalgorithms.h Remove unused light updating code 2018-02-04 03:16:45 +00:00