This is a side-effect of the bugfix on checking decompressed file size. It was actually in the notes "- Fixed an issue where decompressed file sizes were not being checked by the engine"
I'm hoping they can fix it tomorrow before the weekend. I sent Eric an email, and hopefully he'll see this email thread. If anyone else wants to let him know so he doesn't miss it, go ahead. On Thu, Apr 24, 2014 at 11:21 PM, Mike Vail <[email protected]> wrote: > Yikes! This change definitely should have been included in the update > notes! I can only imagine how many Admins are scratching their heads and > pulling there hair out with this. > > > > Limiting the map file size is going to be a huge issue for a lot of > people. I certainly hope they make it a priority to address it in days > rather than weeks. It could cripple some communities who have spent a lot > of time building their community around the special custom maps they run. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Daniel Barreiro > *Sent:* Thursday, April 24, 2014 8:08 PM > > *To:* Half-Life dedicated Win32 server mailing list > *Subject:* Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM > updates coming soon > > > > At the moment yes. > > > > Basically I had found an exploit which allowed me to send huge (4GB) files > to the client as 150KB downloads, via a trick with FastDL. I reported it > and their "fix" was to make it so you can't extract files larger than 64MB. > > > > > > > > On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 <[email protected]> wrote: > > So pretty much any map over 64MB, compressed or not, isn't downloading > anymore. I don't know what type of fix broke this functionality but being > able to download a map bigger then 64MB is important imo. > > > *Daniel Barreiro* <[email protected]> > > Thursday, April 24, 2014 10:58 PM > > I reported it to Eric. It's an issue with how they fixed the decompressed > file size check. > > > > A TL;DR of the entire situation is I found an exploit that allowed you to > zip-bomb clients over fastdl. Reported it. They fixed it by making FastDL > listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, which > means even if the map is sent over FastDL, if the uncompressed file is more > than 64MB, it wont download it on the client. > > > > I sent him an email about this issue this caused, and asked if they could > whitelist BSP files. The zip-bomb exploit wont work with BSPs as you can > only send a single bsp file over FastDL per connect, and the server has to > be running the map. That would cause the exploit to not work. > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > *Bubka3* <[email protected]> > > Thursday, April 24, 2014 10:53 PM > > Is anyone having issues with map downloads after this? It says the map is > missing. I checked my FastDL web server logs and it returned HTTP 200 to > the client. > > *Eric Smith* <[email protected]> > > Thursday, April 24, 2014 7:14 PM > > The updates have been released. > > -Eric > > > -----Original Message----- > From: [email protected] [ > mailto:[email protected]<[email protected]>] > On Behalf Of Eric Smith > Sent: Thursday, April 24, 2014 3:59 PM > To: Half-Life dedicated Win32 server mailing list ( > [email protected]); Half-Life dedicated Linux server mailing > list ([email protected]); ' > [email protected]' ( > [email protected]) > Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming > soon > > We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes > for the updates are below. The new version for each game will be 2198641. > > The updates should be out in about 15 minutes. > > -Eric > > ====================== > > - Fixed an issue where plugin_load may load a non-binary file type > - Fixed an issue where decompressed file sizes were not being checked by > the engine > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > -- > > Bubka3 > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
