Binnie's Mods

Binnie's Mods

23M Downloads

[1.7.10] Genetics security issue

Dimansel opened this issue ยท 0 comments

commented

Here on the server side no check is made to ensure that desired gene is discovered by the player.
That could be exploited by making minor changes in the client code.

@Override
public void recieveGuiNBT(Side side, EntityPlayer player, String name, NBTTagCompound nbt) {
super.recieveGuiNBT(side, player, name, nbt);
if (side != Side.SERVER || !name.equals("gene-select")) {
return;
}
Gene gene = new Gene(nbt.getCompoundTag("gene"));
if (gene.isCorrupted()) {
return;
}
ItemStack held = getHeldItemStack();
ItemStack converted = Engineering.addGene(held, gene);
getPlayer().inventory.setItemStack(converted);
getPlayer().inventory.markDirty();
if (getPlayer() instanceof EntityPlayerMP) {
((EntityPlayerMP) getPlayer()).sendContainerToPlayer(player.inventoryContainer);
}
}