View Issue Details

IDProjectCategoryView StatusLast Update
0007528Multi Theft Auto : San AndreasServerpublic2013-03-01 16:07
ReporterStifflersMomAssigned Toccw 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target Version1.3.2Fixed in Version1.3.2 
Summary0007528: outputChatBox to a invalid player goes to ALL players
Description

On a heavy loaded server we had strange outputs to the main chat during a mass timeout. While discovering this issue, we have found out, that the origin of this output was a ChatBox msg, wich was adressed to a player, which has timed out just at this moment. This could be a security problem.

Steps To Reproduce

srun demo=getPlayerFromName("DemoPlayer") setTimer(outputChatBox,10000,1,"test",demo,255,255,255,true)

If "DemoPlayer" leaves the server after the timer starts, "test" goes to all other players after 10 seconds.

TagsNo tags attached.

Activities

arranTuna

2013-02-27 12:52

manager   ~~0018190

This has always been the case even before that outputChatBox improvement Kenix made recently. If it's anything but a valid player element it uses root.

If you made sure that the player element was valid at the time of it being sent this would never happen though I imagine if a check in the MTA code was made to make sure it would only sent to root if root was specified that it's a quick fix.

Kenix

2013-02-27 17:11

updater   ~~0018191

http://bugs.mtasa.com/view.php?id=7378

H5N1[PL]

2013-02-27 18:47

viewer   ~~0018192

Last edited: 2013-02-27 18:47

I had that problem on my server (devgaming) after update. Sometimes some messages were global instead of being send to specific player. It was weird because it happened on loop being done on players within colSphere, even isElement (which was pointless for using it on players within some area for me) didn't help. I had to install old MTA.

StifflersMom

2013-02-27 19:30

updater   ~~0018195

I have tested it with server version v1.3.1-release-4952 with the same command:
srun demo=getPlayerFromName("DemoPlayer") setTimer(outputChatBox,10000,1,"test",demo,255,255,255,true)
The output is going exactly to no one, if DemoPlayer leaves within the timer period. I also think, if the visibleTo element is a player element, and the player element becomes invalid, the visibleTo must not become root.

CWanted

2013-02-28 09:17

updater   ~~0018196

http://code.google.com/p/mtasa-blue/source/detail?r=5117

Issue History

Date Modified Username Field Change