From c3d2e930511be4ed30b27b752ee99828c7fb0db3 Mon Sep 17 00:00:00 2001 From: Leon Friedrich <60421075+ElectroJr@users.noreply.github.com> Date: Wed, 21 Dec 2022 11:29:38 +1300 Subject: [PATCH] Validate client input for pointing (#13115) --- .../Pointing/EntitySystems/PointingSystem.cs | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/Content.Server/Pointing/EntitySystems/PointingSystem.cs b/Content.Server/Pointing/EntitySystems/PointingSystem.cs index 3c1ffd74e4..f8fce9939f 100644 --- a/Content.Server/Pointing/EntitySystems/PointingSystem.cs +++ b/Content.Server/Pointing/EntitySystems/PointingSystem.cs @@ -98,9 +98,15 @@ namespace Content.Server.Pointing.EntitySystems public bool TryPoint(ICommonSession? session, EntityCoordinates coords, EntityUid pointed) { - var mapCoords = coords.ToMap(EntityManager); - if ((session as IPlayerSession)?.ContentData()?.Mind?.CurrentEntity is not { } player) + if (session?.AttachedEntity is not { } player) { + Logger.Warning($"Player {session} attempted to point without any attached entity"); + return false; + } + + if (!coords.IsValid(EntityManager)) + { + Logger.Warning($"Player {ToPrettyString(player)} attempted to point at invalid coordinates: {coords}"); return false; } @@ -134,6 +140,8 @@ namespace Content.Server.Pointing.EntitySystems return false; } + + var mapCoords = coords.ToMap(EntityManager); _rotateToFaceSystem.TryFaceCoordinates(player, mapCoords.Position); var arrow = EntityManager.SpawnEntity("PointingArrow", mapCoords); @@ -238,7 +246,10 @@ namespace Content.Server.Pointing.EntitySystems private void OnPointAttempt(PointingAttemptEvent ev, EntitySessionEventArgs args) { - TryPoint(args.SenderSession, Transform(ev.Target).Coordinates, ev.Target); + if (TryComp(ev.Target, out TransformComponent? xform)) + TryPoint(args.SenderSession, xform.Coordinates, ev.Target); + else + Logger.Warning($"User {args.SenderSession} attempted to point at a non-existent entity uid: {ev.Target}"); } public override void Shutdown()