For those of you wondering, it was also pushed to TF2 in today's update,
which means maps like pl_cashworks_final1 are broken because they are
larger than 64MB uncompressed.
On 4/24/2014 10:58 PM, Daniel Barreiro wrote:
I reported it to Eric. It's an issue with how they fixed the
decompressed file size check.
A TL;DR of the entire situation is I found an exploit that allowed you
to zip-bomb clients over fastdl. Reported it. They fixed it by making
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to
64MB, which means even if the map is sent over FastDL, if the
uncompressed file is more than 64MB, it wont download it on the client.
I sent him an email about this issue this caused, and asked if they
could whitelist BSP files. The zip-bomb exploit wont work with BSPs
as you can only send a single bsp file over FastDL per connect, and
the server has to be running the map. That would cause the exploit to
not work.
On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 <[email protected]
<mailto:[email protected]>> wrote:
Is anyone having issues with map downloads after this? It says the
map is missing. I checked my FastDL web server logs and it
returned HTTP 200 to the client.
Eric Smith <mailto:[email protected]>
Thursday, April 24, 2014 7:14 PM
The updates have been released.
-Eric
-----Original Message-----
From: [email protected]
<mailto:[email protected]>
[mailto:[email protected]] On Behalf
Of Eric Smith
Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list
([email protected]
<mailto:[email protected]>); Half-Life dedicated Linux
server mailing list ([email protected]
<mailto:[email protected]>);
'[email protected]
<mailto:[email protected]>'
([email protected]
<mailto:[email protected]>)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM
updates coming soon
We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM.
The notes for the updates are below. The new version for each
game will be 2198641.
The updates should be out in about 15 minutes.
-Eric
======================
- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being
checked by the engine
_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
--
Bubka3<http://www.getpostbox.com>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
