Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
Bug in will_fall( )
Oct 23, 2017, 1:35 am
By GatewaySysop
Bug in do_zap( ), do_brandish( )
Oct 18, 2017, 1:52 pm
By GatewaySysop
Bug in get_exp_worth( )
Oct 10, 2017, 1:26 am
By GatewaySysop
Bug in do_drag( )
Oct 8, 2017, 12:40 am
By GatewaySysop
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Memwatch
Author: Johan Lindh
Submitted by: Vladaar
Beastmaster 6D sound files
Author: Vladaar
Submitted by: Vladaar
Users Online
CommonCrawl, Yahoo!

Members: 0
Guests: 13
Stats
Files
Topics
Posts
Members
Newest Member
476
3,704
19,231
608
LAntorcha
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Codebases » SWR FUSS » Exploit in do_order
Forum Rules | Mark all | Recent Posts

Exploit in do_order
< Newer Topic :: Older Topic > Mortals forcing switched immortals

Pages:<< prev 1 next >>
Post is unread #1 Feb 14, 2008, 9:23 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

This is my first time back since the loss of Smaugfuss.org, which I just found out about and am sorry to see the loss of. But I on to bugfixing?!

This exploit, found by Morgon of SWGI and fixed by me, allows a mortal to control an immortal if the immortal switches into a mob that is charmed. I fixed this one with a simple ifcheck addition and it works to my liking. As always, if you find a better solution, feel free to share.

do_order, act_comm.c
   for( och = ch->in_room->first_person; och; och = och_next )
   {
      och_next = och->next_in_room;

      if( IS_AFFECTED( och, AFF_CHARM ) && och->master == ch && ( fAll || och == victim ) )
      {
         found = TRUE;
         act( AT_ACTION, "$n orders you to '$t'.", ch, argument, och, TO_VICT );
         interpret( och, argument );
      }
   }


Fix the ifcheck to reflect the change:
if( IS_AFFECTED( och, AFF_CHARM ) && och->master == ch && ( fAll || och == victim ) && !IS_IMMORTAL(och))


With this check, if the mortal tries to 'order' the mob or 'order' all and there is an immortal switched into the mob, it will return 'You have no followers here.' to the player. This fixes the problem and I see no loophole around it. This exploit allowed me to promote my mortal to an immortal by ordering a mob to makeimm the mortal. There is low chance of the situation happening, but if it does it could be dangerous.
       
Post is unread #2 Feb 21, 2008, 10:36 am
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

Erm, anyone?
       
Post is unread #3 Feb 21, 2008, 12:38 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

This is just checking if the charmed character is immortal, not if the character controlling the charmed character is immortal. You would need to check that victim->desc->original is an immortal. Furthermore I would recommend that it not be an imm check, but a trust comparison of the switched character vs. the ordering character; presumably a higher-level imm could still force around a lower-level imm.
       
Post is unread #4 Feb 21, 2008, 4:41 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

So you'd recommend a get_trust(och->desc->orginal) compared to the the trust level of ch?
       
Post is unread #5 Feb 21, 2008, 5:03 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

Well, if you want imms to be able to force imms of lower levels, then yes. But if you wanted to stop all forcing of imms switched into NPCs, you would leave it as you originally had. I'm not sure which is the best behavior in all cases; I can see arguments either way.
       
Post is unread #6 Feb 21, 2008, 5:07 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

If it was a higher level immortal, he'd be able to tell an immortal was switched into the mob anyway. Personally, I don't want any immortals to be forced via the command at all, that's why I made it that way.
       
Post is unread #7 Feb 21, 2008, 5:28 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

I think that makes sense. Still, you need to be checking the victim's desc's char, not just the victim, right?
       
Post is unread #8 Feb 21, 2008, 6:50 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

That doesn't work. When no one is switched into the mob, then it crashes when used.
       
Post is unread #9 Feb 21, 2008, 6:51 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

Umm, sorry if this sounds simplistic, but in that case why not just check if there's a desc before dereferencing it? :wink:
       
Post is unread #10 Feb 21, 2008, 8:35 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

Because that requires two lines of code, whereas my current fix requires one. :)
       
Post is unread #11 Feb 21, 2008, 9:09 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

One of us must be misunderstanding... How is your fix checking that the person switched into the character is an immortal, when it only checks the NPC, and not the person switched into that NPC?
       
Post is unread #12 Feb 21, 2008, 9:14 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

I'm not sure how switch works, but it must make the person in the mob assume the mob somehow, because like I said, the ifcheck I used works. When no one's inside the MOB, the mob can be ordered, but if an immortal switches in, it reports that the ch has no followers when he tries to order the mob with the immortal in it.
       
Post is unread #13 Feb 21, 2008, 9:25 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

Ah. What happens is that get_trust, which is what IS_IMMORTAL expands to, looks at ch's desc already. So if the NPC has a desc pointer with an original pointer, get_trust uses the desc's original. My bad...
       
Post is unread #14 Feb 21, 2008, 10:56 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

So what would be the proper fix?
       
Post is unread #15 Feb 21, 2008, 11:23 pm
Go to the top of the page
Go to the bottom of the page

David Haley
Sorcerer
GroupMembers
Posts903
JoinedJan 29, 2007

What you did is correct. :cool: As I said, I hadn't realized that IS_IMMORTAL was already checking the trust of the character switched into the NPC, so there's no need to do so again in the do_order command.
       
Post is unread #16 Dec 9, 2008, 7:51 pm
Go to the top of the page
Go to the bottom of the page

Kayle
Off the Edge of the Map
GroupAdministrators
Posts1,195
JoinedMar 21, 2006

So this fix works? And there's no complaints?
       
Pages:<< prev 1 next >>