At the moment yes. Basically I had found an exploit which allowed me to send huge (4GB) files to the client as 150KB downloads, via a trick with FastDL. I reported it and their "fix" was to make it so you can't extract files larger than 64MB.
On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 <[email protected]> wrote: > So pretty much any map over 64MB, compressed or not, isn't downloading > anymore. I don't know what type of fix broke this functionality but being > able to download a map bigger then 64MB is important imo. > > Daniel Barreiro <[email protected]> > Thursday, April 24, 2014 10:58 PM > I reported it to Eric. It's an issue with how they fixed the decompressed > file size check. > > A TL;DR of the entire situation is I found an exploit that allowed you to > zip-bomb clients over fastdl. Reported it. They fixed it by making FastDL > listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, which > means even if the map is sent over FastDL, if the uncompressed file is more > than 64MB, it wont download it on the client. > > I sent him an email about this issue this caused, and asked if they could > whitelist BSP files. The zip-bomb exploit wont work with BSPs as you can > only send a single bsp file over FastDL per connect, and the server has to > be running the map. That would cause the exploit to not work. > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > Bubka3 <[email protected]> > Thursday, April 24, 2014 10:53 PM > Is anyone having issues with map downloads after this? It says the map is > missing. I checked my FastDL web server logs and it returned HTTP 200 to > the client. > > > Eric Smith <[email protected]> > Thursday, April 24, 2014 7:14 PM > The updates have been released. > > -Eric > > > -----Original Message----- > From: [email protected] [ > mailto:[email protected]<[email protected]>] > On Behalf Of Eric Smith > Sent: Thursday, April 24, 2014 3:59 PM > To: Half-Life dedicated Win32 server mailing list ( > [email protected]); Half-Life dedicated Linux server mailing > list ([email protected]); ' > [email protected]' ( > [email protected]) > Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming > soon > > We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes > for the updates are below. The new version for each game will be 2198641. > > The updates should be out in about 15 minutes. > > -Eric > > ====================== > > - Fixed an issue where plugin_load may load a non-binary file type > - Fixed an issue where decompressed file sizes were not being checked by > the engine > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > -- > Bubka3 <http://www.getpostbox.com> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
