Impact
The Terraria multiplayer protocol doesn't sanitize data before resending it to clients. TShock tries to sanitize that data so that it doesn't cause issues with clients, i.e. crashing. This exploit happens because when a client receives an invalid tile, or torch for that matter, it crashes since it's unable to find that invalid torch's color. The attacker can place several of these across the world to render the server unjoinable. Though, it doesn't crash the server. The only means to remove it is with third party tools such as TEdit or a modified client that's immune to invalid tiles.
Patches
This advisory patches 2 vulnerabilities. A defect in max place styles check, present in >4.21104
. And a defect in mismatched place style check introduced in 4.5.4
. Though 4.5.3 remains unaffected.
≥TShock 4.5.8 patches both vulnerabilities by fixing their respective checks.
- Max place styles check was changed to prioritize Extraneous place styles first
- Biome torches check was changed to:
- Better correct for biome torches1
- Allow right booster tracks to be placed legally. Right booster tracks is an extraneous place style, so the above check would block it from being placed. It is fixed along with the check
Note: @Yoraiz0r patched part of the issue in Terraria 1.4.3.0. This security advisory resolves the issue at the network level, preventing invalid data from reaching TShock in the first place.
1: A compromise is made. Since Terraria doesn't broadcast when a player toggles biome torches, the check checks for either a matching biome torch or the default torch. In other words, it checks for both situations: biome torch on and biome torch off
Workarounds
The mismatched tiles plugin (merged in 4.5.3) by @AgaSpace that simulates TShock 4.5.3 can be used for those who can't update.
References
https://forums.terraria.org/index.php?threads/106210/
Impact
The Terraria multiplayer protocol doesn't sanitize data before resending it to clients. TShock tries to sanitize that data so that it doesn't cause issues with clients, i.e. crashing. This exploit happens because when a client receives an invalid tile, or torch for that matter, it crashes since it's unable to find that invalid torch's color. The attacker can place several of these across the world to render the server unjoinable. Though, it doesn't crash the server. The only means to remove it is with third party tools such as TEdit or a modified client that's immune to invalid tiles.
Patches
This advisory patches 2 vulnerabilities. A defect in max place styles check, present in >
4.21104
. And a defect in mismatched place style check introduced in4.5.4
. Though 4.5.3 remains unaffected.≥TShock 4.5.8 patches both vulnerabilities by fixing their respective checks.
Note: @Yoraiz0r patched part of the issue in Terraria 1.4.3.0. This security advisory resolves the issue at the network level, preventing invalid data from reaching TShock in the first place.
1: A compromise is made. Since Terraria doesn't broadcast when a player toggles biome torches, the check checks for either a matching biome torch or the default torch. In other words, it checks for both situations: biome torch on and biome torch off
Workarounds
The mismatched tiles plugin (merged in 4.5.3) by @AgaSpace that simulates TShock 4.5.3 can be used for those who can't update.
References
https://forums.terraria.org/index.php?threads/106210/