Merge pull request #2933 from punchready/patch-2

Update STR handling to reject for-sure invalid framing values
Pryaxis · Mar 25, 2023 · 01b8e52 · 01b8e52
2 parents 9e9996f + ec72f49
commit 01b8e52
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/TShockAPI/Handlers/SendTileRectHandler.cs b/TShockAPI/Handlers/SendTileRectHandler.cs
@@ -181,6 +181,7 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle
 					}
 
 					NetTile newTile = tiles[x, y];
+
 					TileObjectData data;
 
 					// If the new tile has an associated TileObjectData object, we take the tile and the surrounding tiles that make up the tile object
@@ -218,10 +219,26 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle
 								case TileID.ShimmerMonolith:
 									{
 										// Allowed changes
+
+										// Based on empirical tests, these should be some conservative upper bounds for framing values
+										if (newTile.FrameX != -1 || newTile.FrameY != -1)
+										{
+											if (newTile.FrameX is < 0 or > 1000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+											if (newTile.FrameY is < 0 or > 5000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+										}
 									}
 									break;
 								default:
 									{
+										processed[x, y] = true;
 										continue;
 									}
 							}
@@ -241,10 +258,26 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle
 								case TileID.TargetDummy:
 									{
 										// Allowed placements
+
+										// Based on empirical tests, these should be some conservative upper bounds for framing values
+										if (newTile.FrameX != -1 || newTile.FrameY != -1)
+										{
+											if (newTile.FrameX is < 0 or > 1000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+											if (newTile.FrameY is < 0 or > 500)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+										}
 									}
 									break;
 								default:
 									{
+										processed[x, y] = true;
 										continue;
 									}
 							}

diff --git a/docs/changelog.md b/docs/changelog.md
@@ -109,6 +109,7 @@ Use past tense when adding new entries; sign your name off when you add or chang
 * Relaxed custom death message restrictions to allow Inferno potions in PvP. (@drunderscore)
 * Allowed Flower Boots to place Ash Flowers on Ash Grass blocks. (@punchready)
 * Removed unnecessary range check that artifically shortened quick stack reach. (@boddyn, #2885, @bcat)
+* Improved the exploit protection in tile rect handling. (@punchready)
 
 ## TShock 5.1.3
 * Added support for Terraria 1.4.4.9 via OTAPI 3.1.20. (@SignatureBeef)