Yikes! This change definitely should have been included in the update notes! I can only imagine how many Admins are scratching their heads and pulling there hair out with this.
Limiting the map file size is going to be a huge issue for a lot of people. I certainly hope they make it a priority to address it in days rather than weeks. It could cripple some communities who have spent a lot of time building their community around the special custom maps they run. From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Barreiro Sent: Thursday, April 24, 2014 8:08 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon At the moment yes. Basically I had found an exploit which allowed me to send huge (4GB) files to the client as 150KB downloads, via a trick with FastDL. I reported it and their "fix" was to make it so you can't extract files larger than 64MB. On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 <[email protected]> wrote: So pretty much any map over 64MB, compressed or not, isn't downloading anymore. I don't know what type of fix broke this functionality but being able to download a map bigger then 64MB is important imo. <mailto:[email protected]> Daniel Barreiro Thursday, April 24, 2014 10:58 PM I reported it to Eric. It's an issue with how they fixed the decompressed file size check. A TL;DR of the entire situation is I found an exploit that allowed you to zip-bomb clients over fastdl. Reported it. They fixed it by making FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, which means even if the map is sent over FastDL, if the uncompressed file is more than 64MB, it wont download it on the client. I sent him an email about this issue this caused, and asked if they could whitelist BSP files. The zip-bomb exploit wont work with BSPs as you can only send a single bsp file over FastDL per connect, and the server has to be running the map. That would cause the exploit to not work. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds <mailto:[email protected]> Bubka3 Thursday, April 24, 2014 10:53 PM Is anyone having issues with map downloads after this? It says the map is missing. I checked my FastDL web server logs and it returned HTTP 200 to the client. <mailto:[email protected]> Eric Smith Thursday, April 24, 2014 7:14 PM The updates have been released. -Eric -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eric Smith Sent: Thursday, April 24, 2014 3:59 PM To: Half-Life dedicated Win32 server mailing list ([email protected]); Half-Life dedicated Linux server mailing list ([email protected]); '[email protected]' ([email protected]) Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes for the updates are below. The new version for each game will be 2198641. The updates should be out in about 15 minutes. -Eric ====================== - Fixed an issue where plugin_load may load a non-binary file type - Fixed an issue where decompressed file sizes were not being checked by the engine _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds -- Bubka3 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
