CODE: A Trivial Duplication Bug in bpl17 and Before

From: Daniel A. Koepke (
Date: 07/13/01

The following applies ONLY to CircleMUD 3.0bpl17 and earlier.  The bug was
silently fixed as part of other changes by Alex in bpl18.  I did not
recall nor find previous discussion of this bug.  It is presented here.
Both how to exploit the bug and how to fix the bug are discussed.  The
purpose in detailing how it's exploited (since it's quite simple) is to
help administrators in detecting the abuse of the bug (which should also
be quite simple, once you know what to look for).  The existence of this
easily reproducable bug only came to my present awareness as a result of
some thoughts on the do_set() thread.

The principal effect of the bug, as I have envisioned it, is death without
punishment.  A player can die without having any of his stats affected,
including, most importantly, experience and gold.  The experience part
introduces a tactic whereby through repeated use of the bug, the player
can "whittle" down tougher mobs in combat without losing exp for their
deaths; the gold part introduces a get-rich-quick duplication scheme.

To reproduce: login a character that has exp and/or gold.  Walk up to the
first mobile that's guaranteed to be able to kill you quickly and attack
it.  Before this first character dies, begin a second login sequence of
the same character.  Stop at the password prompt.  When the in-game
character dies, complete the delayed login by typing in the proper
password.  The stats of the in-game character as were last saved when you
began the login (and *not* those from the death) will be the version kept
on the character and saved from then on.

This means that GET_EXP(ch) has not been penalized for the death and
GET_GOLD(ch) has not been zeroed out by the death.  By returning to your
corpse and getting the coins out of it, you have doubled your gold.
Naturally, this process may be repeated as many times as desired to obtain
as much gold as desired.  If you're dealing some damage to the mobile
that's killing you, you could (eventually) kill it, without ever suffering
the effects of your many deaths.

Due to the reconnects that are necessary and the logging done in comm.c in
perform_dupe_check(), you should be able to spot potential instances of
cheating by looking at suspicious reconnects.

To fix: The following changes to extract_char() should work to prevent the

     if (ch->followers || ch->master)
  -  /* Forget snooping, if applicable */
     if (ch->desc) {
  +    /* Fix a duplication bug for character extractions. */
  +    for (t_desc = descriptor_list; t_desc; t_desc = t_desc->next) {
  +      if (t_desc == ch->desc || !t_desc->character)
  +        continue;
  +      if (GET_IDNUM(ch) == GET_IDNUM(t_desc->character)) {
  +        SEND_TO_Q("Mulitple login detected -- bye.\r\n", t_desc);
  +        STATE(t_desc) = CON_CLOSE;
  +      }
  +    }
  +    /* Forget snooping, if applicable. */

That's actually Mailer Code(tm), but it seems operable to me.


   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 12/06/01 PST