Great - we have over a dozen payload maps affected by this.
On Fri, Apr 25, 2014 at 12:38 AM, Ross Bemrose <[email protected]> wrote: > For those of you wondering, it was also pushed to TF2 in today's update, > which means maps like pl_cashworks_final1 are broken because they are > larger than 64MB uncompressed. > > > On 4/24/2014 10:58 PM, Daniel Barreiro wrote: > > I reported it to Eric. It's an issue with how they fixed the > decompressed file size check. > > A TL;DR of the entire situation is I found an exploit that allowed you > to zip-bomb clients over fastdl. Reported it. They fixed it by making > FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, > which means even if the map is sent over FastDL, if the uncompressed file > is more than 64MB, it wont download it on the client. > > I sent him an email about this issue this caused, and asked if they > could whitelist BSP files. The zip-bomb exploit wont work with BSPs as you > can only send a single bsp file over FastDL per connect, and the server has > to be running the map. That would cause the exploit to not work. > > > On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 <[email protected]> wrote: > >> Is anyone having issues with map downloads after this? It says the map is >> missing. I checked my FastDL web server logs and it returned HTTP 200 to >> the client. >> >> Eric Smith <[email protected]> >> Thursday, April 24, 2014 7:14 PM >> The updates have been released. >> >> -Eric >> >> >> -----Original Message----- >> From: [email protected] [ >> mailto:[email protected]<[email protected]>] >> On Behalf Of Eric Smith >> Sent: Thursday, April 24, 2014 3:59 PM >> To: Half-Life dedicated Win32 server mailing list ( >> [email protected]); Half-Life dedicated Linux server mailing >> list ([email protected]); ' >> [email protected]' ( >> [email protected]) >> Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming >> soon >> >> We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes >> for the updates are below. The new version for each game will be 2198641. >> >> The updates should be out in about 15 minutes. >> >> -Eric >> >> ====================== >> >> - Fixed an issue where plugin_load may load a non-binary file type >> - Fixed an issue where decompressed file sizes were not being checked by >> the engine >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> -- >> Bubka3 <http://www.getpostbox.com> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
