[Wesnoth-bugs] [patch #2611] Remove redundant [own_side] tag

Tue, 29 Mar 2011 09:05:02 -0700 

URL:
  <http://gna.org/patch/?2611>

                 Summary: Remove redundant [own_side] tag
                 Project: Battle for Wesnoth
            Submitted by: zaroth
            Submitted on: Tue 29 Mar 2011 04:04:56 PM GMT
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

explained in IRC log:

[17:12:31] <zaroth> i noticed something weird when looking at
change_side_controller(): 
[17:12:44] <zaroth> if(own_side) {
[17:12:44] <zaroth> change["own_side"] = true;
[17:12:44] <zaroth> }
[17:12:52] <zaroth> shouldn't that be server-sided?
[17:13:00] <zaroth> and if it is, isn't this redundant?
[17:13:30] <zaroth> because what does it change if it's my own side on the
client side? shouldn't the server determine that?
[17:13:44] <zaroth> to avoid security risk?
[17:13:55] <zaroth> (i haven't looked into server code yet, just asking)
[17:18:19] <Crab_> I guess that the server doesn't care much
[17:18:38] <zaroth> so one could write a malicious client
[17:18:44] <zaroth> jump into someone's game
[17:18:49] <zaroth> and take all the control?
[17:19:09] <zaroth> if he simply always included own_side=true?
[17:19:39] <Crab_> I think he needs to be the host to change side control
[17:19:56] <zaroth> yeah, that's my point
[17:20:09] <zaroth> because I found the host/own_side checking in the client
code
[17:20:30] <zaroth> so it's either redundant (if it's done both on server and
client side) or a security risk (if it's done only in client)
[17:21:06] <zaroth> i mean, only the own_side checking is in client,
obviously, not the host
[17:21:09] <Crab_> yes
[17:21:16] <Crab_> I guess it's redundant
[17:21:24] <Crab_> check if it's ever read
[17:28:11] <zaroth> the server code: if (!(sock == old_player || sock ==
owner_)) {
[17:28:14] <zaroth> it's not read anywhere



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 29 Mar 2011 04:04:56 PM GMT  Name: remove_redundant_own_side.patch 
Size: 4kB   By: zaroth

<http://gna.org/patch/download.php?file_id=12737>

    _______________________________________________________

Reply to this item at:

  <http://gna.org/patch/?2611>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Wesnoth-bugs mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-bugs

Reply via email to