Re: [CODE][BUG] Exploitable bug in do_flee/do_simple_move

From: Ronald Fenner Jr (abbadon@mac.com)
Date: 09/12/01


on 9/12/01 2:03 AM, Mike Breuer at mbreuer@NEW.RR.COM wrote:

> I had a point-by-point response prepared, but I'm going to forgo it.  It
> comes down to this: you are saying that overriding existing behavior is the
> same thing as blocking behavior.  I disagree-- or at least I did before we
> got into this.  In the case of my quest stone, I must allow the movement to
> occur (by invoking the default handler-- not by writing my own code), and
> then check the current location in order to adjust the item's properties.  I
> feel that is reasonable to expect a spec_proc to do this, but apparently
> this goes against assumptions made in the stock code.
>
> If I'm the only one who wants to code it that way, then I guess the "bug" is
> not relevant to everyone else as I had assumed.  I might even be persuaded
> to change some of my procs around, since I'm bound to run into other
> examples of stock code that makes the same assumptions.  In any case, I
> should proabably avoid such debates when I'm wired from watching CNN for 16
> hours.  Thanks for your views.

actually after looking at the code and this is with mount code added,
do_move calls preform_move as:
perform_move(ch, subcmd - 1, 0)
the 0 on the end is supposed to tell perform_move, and any other function it
may call, like if you have it split down for move and mount, that it needs
to have a specials check. Normally do_move calls it with 0 but if you were
calling it some where else in the code where the command_interperter
function did not have a chance to check for specials you could pass TRUE to
make sure a specials check is preformed before any thing else. This would
allow a special to block the move. do_flee calls perform_move with this
check set to TRUE the reason here is to let specials block the fleeing
character from going a particular direction if it gets chosen. It's not a
problem in the system since it accounts for whether a spec_proc needs to be
called or not. Your best bet is to modify the spec_proc to a function with
it only really needing to look at the room after the characters is moved or
not. perform_move is probably the best place to put a call to it.

just my 2 cents

Ron Fenner

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/06/01 PST