Silent replacement of destroyed baseobject on emit
xxshady opened this issue · 1 comments
xxshady commented
Description of the problem
If you send baseobject (vehicle, player, etc.) via network it can be received as another baseobject, which is a security hole.
Reproduction steps
- Create serverside vehicle
- Send it to client
- Send client->server event to destroy vehicle and right after it create another one, it will get same id
- Send vehicle (from step 2) back to server
- Server receives imposter vehicle we created in step 3
JS code:
server
alt.onClient('test', (player, obj) => {
alt.log('test:', obj, obj?.id)
alt.log(
'is bmx:', obj.model === alt.hash('bmx'),
'is sultan:', obj.model === alt.hash('sultan')
)
})
let veh
alt.onClient('destroy', (player) => {
veh.destroy()
veh = new alt.Vehicle('bmx', 0, 0, 0, 0, 0, 0)
alt.log('recreated veh id:', veh.id)
})
veh = new alt.Vehicle('sultan', 0, 0, 0, 0, 0, 0)
alt.log('created veh id:', veh.id)
player.emit('test', veh)client
alt.onServer('test', (obj) => {
alt.log('on server test')
alt.emitServer('destroy')
alt.emitServer('test', obj)
})Expected behaviour
Somehow prevent it in the distant future, since as Heron said, there is no way to fix it now.
Additional context
No response
Operating system
Windows 11
Version
15.0-dev404
Crashdump ID
No response
Reproduction tested
- I confirm that I have made sure that this issue is also present on the newest dev version
xxshady commented
It's core issue, and Heron said it wont be fixed