subject:"\[hlds\] \[hlds_announce\] Mandatory CS\:S, DoD\:S, and HL2\:DM updates coming soon"

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-25 Thread Bubka3

Isn't the limit by default 16? I highly doubt many clients have changed 
their cvar setting to allow for a 64MB download...



Kyle Sanderson mailto:kyle.l...@gmail.com
Friday, April 25, 2014 1:27 AM
I don't know why this update was required for servers.

If we can't extract maps larger then 64M, then this is indeed a 
significant problem. Unfortunately a lot of ignorance is present with 
shipping assets, and since the VPK system is busted by design. This 
definitely needs to get backed out before the weekend. There's a great 
deal of CS:S maps that we, along with many other servers, 
unfortunately host that are over 250M compressed with bz2. 
Uncompressed they're surpassing 500M, primarily due to the fact assets 
can't be shipped and mounted via versioned VPKs.


Regards,
Kyle.



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric.  It's an issue with how they fixed the 
decompressed file size check.


A TL;DR of the entire situation is I found an exploit that allowed you 
to zip-bomb clients over fastdl. Reported it. They fixed it by making 
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 
64MB, which means even if the map is sent over FastDL, if the 
uncompressed file is more than 64MB, it wont download it on the client.


I sent him an email about this issue this caused, and asked if they 
could whitelist BSP files.  The zip-bomb exploit wont work with BSPs 
as you can only send a single bsp file over FastDL per connect, and 
the server has to be running the map. That would cause the exploit to 
not work.




___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Thursday, April 24, 2014 10:53 PM
Is anyone having issues with map downloads after this? It says the map 
is missing. I checked my FastDL web server logs and it returned HTTP 
200 to the client.



Eric Smith mailto:er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com 
[mailto:hlds_announce-boun...@list.valvesoftware.com] On Behalf Of 
Eric Smith

Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list 
(hlds@list.valvesoftware.com); Half-Life dedicated Linux server 
mailing list (hlds_li...@list.valvesoftware.com); 
'hlds_annou...@list.valvesoftware.com' 
(hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates 
coming soon


We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The 
notes for the updates are below. The new version for each game will be 
2198641.


The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked 
by the engine



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


--
Bubka3http://www.getpostbox.com
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-25 Thread Daniel Barreiro

The default is 16, but I did a test and even with it set to 16 on the
client, it only prevented it if it was larger than 64MB.

Sent from my Android Phone. Please ignore any errors.
On Apr 25, 2014 8:41 AM, Bubka3 bub...@gmail.com wrote:

Isn't the limit by default 16? I highly doubt many clients have changed
their cvar setting to allow for a 64MB download...

Kyle Sanderson kyle.l...@gmail.com
Friday, April 25, 2014 1:27 AM
I don't know why this update was required for servers.

If we can't extract maps larger then 64M, then this is indeed a
significant problem. Unfortunately a lot of ignorance is present with
shipping assets, and since the VPK system is busted by design. This
definitely needs to get backed out before the weekend. There's a great deal
of CS:S maps that we, along with many other servers, unfortunately host
that are over 250M compressed with bz2. Uncompressed they're surpassing
500M, primarily due to the fact assets can't be shipped and mounted via
versioned VPKs.

Regards,
Kyle.

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Daniel Barreiro smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric. It's an issue with how they fixed the decompressed
file size check.

A TL;DR of the entire situation is I found an exploit that allowed you to
zip-bomb clients over fastdl. Reported it. They fixed it by making FastDL
listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, which
means even if the map is sent over FastDL, if the uncompressed file is more
than 64MB, it wont download it on the client.

I sent him an email about this issue this caused, and asked if they could
whitelist BSP files. The zip-bomb exploit wont work with BSPs as you can
only send a single bsp file over FastDL per connect, and the server has to
be running the map. That would cause the exploit to not work.

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 bub...@gmail.com
Thursday, April 24, 2014 10:53 PM
Is anyone having issues with map downloads after this? It says the map is
missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com [
mailto:hlds_announce-boun...@list.valvesoftware.comhlds_announce-boun...@list.valvesoftware.com]
On Behalf Of Eric Smith
Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list (
hlds@list.valvesoftware.com); Half-Life dedicated Linux server mailing
list (hlds_li...@list.valvesoftware.com); '
hlds_annou...@list.valvesoftware.com' (
hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming
soon

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-25 Thread Bubka3


So is not even coded to the cvar, it's just hard coded to 64MB?


Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Friday, April 25, 2014 10:04 AM

The default  is 16, but I did a test and even with it set to 16 on the 
client, it only  prevented it if it was larger than 64MB.


Sent from my Android Phone. Please ignore any errors.

___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Friday, April 25, 2014 8:40 AM
Isn't the limit by default 16? I highly doubt many clients have 
changed their cvar setting to allow for a 64MB download...



Kyle Sanderson mailto:kyle.l...@gmail.com
Friday, April 25, 2014 1:27 AM
I don't know why this update was required for servers.

If we can't extract maps larger then 64M, then this is indeed a 
significant problem. Unfortunately a lot of ignorance is present with 
shipping assets, and since the VPK system is busted by design. This 
definitely needs to get backed out before the weekend. There's a great 
deal of CS:S maps that we, along with many other servers, 
unfortunately host that are over 250M compressed with bz2. 
Uncompressed they're surpassing 500M, primarily due to the fact assets 
can't be shipped and mounted via versioned VPKs.


Regards,
Kyle.



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric.  It's an issue with how they fixed the 
decompressed file size check.


A TL;DR of the entire situation is I found an exploit that allowed you 
to zip-bomb clients over fastdl. Reported it. They fixed it by making 
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 
64MB, which means even if the map is sent over FastDL, if the 
uncompressed file is more than 64MB, it wont download it on the client.


I sent him an email about this issue this caused, and asked if they 
could whitelist BSP files.  The zip-bomb exploit wont work with BSPs 
as you can only send a single bsp file over FastDL per connect, and 
the server has to be running the map. That would cause the exploit to 
not work.




___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Thursday, April 24, 2014 10:53 PM
Is anyone having issues with map downloads after this? It says the map 
is missing. I checked my FastDL web server logs and it returned HTTP 
200 to the client.





--
Bubka3http://www.getpostbox.com
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-25 Thread ics

Default 16, servers can set up to 64. Only server setting matters. If 
client has 16, he can still download the map more than 16 megs.


-ics

Bubka3 kirjoitti:

So is not even coded to the cvar, it's just hard coded to 64MB?


Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Friday, April 25, 2014 10:04 AM

The default  is 16, but I did a test and even with it set to 16 on 
the client, it only  prevented it if it was larger than 64MB.


Sent from my Android Phone. Please ignore any errors.

___
To unsubscribe, edit your list preferences, or view the list 
archives, please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Friday, April 25, 2014 8:40 AM
Isn't the limit by default 16? I highly doubt many clients have 
changed their cvar setting to allow for a 64MB download...



Kyle Sanderson mailto:kyle.l...@gmail.com
Friday, April 25, 2014 1:27 AM
I don't know why this update was required for servers.

If we can't extract maps larger then 64M, then this is indeed a 
significant problem. Unfortunately a lot of ignorance is present with 
shipping assets, and since the VPK system is busted by design. This 
definitely needs to get backed out before the weekend. There's a 
great deal of CS:S maps that we, along with many other servers, 
unfortunately host that are over 250M compressed with bz2. 
Uncompressed they're surpassing 500M, primarily due to the fact 
assets can't be shipped and mounted via versioned VPKs.


Regards,
Kyle.



___
To unsubscribe, edit your list preferences, or view the list 
archives, please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric.  It's an issue with how they fixed the 
decompressed file size check.


A TL;DR of the entire situation is I found an exploit that allowed 
you to zip-bomb clients over fastdl. Reported it. They fixed it by 
making FastDL listen to net_maxfilesize. Net_maxfilesize is 
engine-locked to 64MB, which means even if the map is sent over 
FastDL, if the uncompressed file is more than 64MB, it wont download 
it on the client.


I sent him an email about this issue this caused, and asked if they 
could whitelist BSP files.  The zip-bomb exploit wont work with BSPs 
as you can only send a single bsp file over FastDL per connect, and 
the server has to be running the map. That would cause the exploit to 
not work.




___
To unsubscribe, edit your list preferences, or view the list 
archives, please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Thursday, April 24, 2014 10:53 PM
Is anyone having issues with map downloads after this? It says the 
map is missing. I checked my FastDL web server logs and it returned 
HTTP 200 to the client.





--
Bubka3http://www.getpostbox.com


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Eric Smith

The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com 
[mailto:hlds_announce-boun...@list.valvesoftware.com] On Behalf Of Eric Smith
Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list 
(hlds@list.valvesoftware.com); Half-Life dedicated Linux server mailing list 
(hlds_li...@list.valvesoftware.com); 'hlds_annou...@list.valvesoftware.com' 
(hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes for 
the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by the 
engine


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Bubka3

Is anyone having issues with map downloads after this? It says the map 
is missing. I checked my FastDL web server logs and it returned HTTP 200 
to the client.



Eric Smith mailto:er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com 
[mailto:hlds_announce-boun...@list.valvesoftware.com] On Behalf Of 
Eric Smith

Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list 
(hlds@list.valvesoftware.com); Half-Life dedicated Linux server 
mailing list (hlds_li...@list.valvesoftware.com); 
'hlds_annou...@list.valvesoftware.com' 
(hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates 
coming soon


We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The 
notes for the updates are below. The new version for each game will be 
2198641.


The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked 
by the engine



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


--
Bubka3http://www.getpostbox.com
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Daniel Barreiro

I reported it to Eric. It's an issue with how they fixed the decompressed
file size check.

On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 bub...@gmail.com wrote:

Is anyone having issues with map downloads after this? It says the map is
missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Bubka3

So pretty much any map over 64MB, compressed or not, isn't downloading 
anymore. I don't know what type of fix broke this functionality but 
being able to download a map bigger then 64MB is important imo.



Daniel Barreiro mailto:smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric.  It's an issue with how they fixed the 
decompressed file size check.


A TL;DR of the entire situation is I found an exploit that allowed you 
to zip-bomb clients over fastdl. Reported it. They fixed it by making 
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 
64MB, which means even if the map is sent over FastDL, if the 
uncompressed file is more than 64MB, it wont download it on the client.


I sent him an email about this issue this caused, and asked if they 
could whitelist BSP files.  The zip-bomb exploit wont work with BSPs 
as you can only send a single bsp file over FastDL per connect, and 
the server has to be running the map. That would cause the exploit to 
not work.




___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
Bubka3 mailto:bub...@gmail.com
Thursday, April 24, 2014 10:53 PM
Is anyone having issues with map downloads after this? It says the map 
is missing. I checked my FastDL web server logs and it returned HTTP 
200 to the client.



Eric Smith mailto:er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com 
[mailto:hlds_announce-boun...@list.valvesoftware.com] On Behalf Of 
Eric Smith

Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list 
(hlds@list.valvesoftware.com); Half-Life dedicated Linux server 
mailing list (hlds_li...@list.valvesoftware.com); 
'hlds_annou...@list.valvesoftware.com' 
(hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates 
coming soon


We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The 
notes for the updates are below. The new version for each game will be 
2198641.


The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked 
by the engine



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


--
Bubka3http://www.getpostbox.com
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Daniel Barreiro

At the moment yes.

Basically I had found an exploit which allowed me to send huge (4GB) files
to the client as 150KB downloads, via a trick with FastDL. I reported it
and their fix was to make it so you can't extract files larger than 64MB.

On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 bub...@gmail.com wrote:

So pretty much any map over 64MB, compressed or not, isn't downloading
anymore. I don't know what type of fix broke this functionality but being
able to download a map bigger then 64MB is important imo.

Daniel Barreiro smelly.feet.you.h...@gmail.com
Thursday, April 24, 2014 10:58 PM
I reported it to Eric. It's an issue with how they fixed the decompressed
file size check.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Mike Vail

Yikes! This change definitely should have been included in the update notes! I 
can only imagine how many Admins are scratching their heads and pulling there 
hair out with this. 

 

Limiting the map file size is going to be a huge issue for a lot of people. I 
certainly hope they make it a priority to address  it in days rather than 
weeks. It could cripple some communities who have spent a lot of time building 
their community around the special custom maps they run.

 

 

From: hlds-boun...@list.valvesoftware.com 
[mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Daniel Barreiro
Sent: Thursday, April 24, 2014 8:08 PM
To: Half-Life dedicated Win32 server mailing list
Subject: Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates 
coming soon

 

At the moment yes.

 

Basically I had found an exploit which allowed me to send huge (4GB) files to 
the client as 150KB downloads, via a trick with FastDL.  I reported it and 
their fix was to make it so you can't extract files larger than 64MB. 

 

 

 

On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 bub...@gmail.com wrote:

So pretty much any map over 64MB, compressed or not, isn't downloading anymore. 
I don't know what type of fix broke this functionality but being able to 
download a map bigger then 64MB is important imo.






 mailto:smelly.feet.you.h...@gmail.com Daniel Barreiro

Thursday, April 24, 2014 10:58 PM

I reported it to Eric.  It's an issue with how they fixed the decompressed file 
size check.

 

A TL;DR of the entire situation is I found an exploit that allowed you to 
zip-bomb clients over fastdl. Reported it. They fixed it by making FastDL 
listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB, which 
means even if the map is sent over FastDL, if the uncompressed file is more 
than 64MB, it wont download it on the client.

 

I sent him an email about this issue this caused, and asked if they could 
whitelist BSP files.  The zip-bomb exploit wont work with BSPs as you can only 
send a single bsp file over FastDL per connect, and the server has to be 
running the map. That would cause the exploit to not work.





___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds



 mailto:bub...@gmail.com Bubka3

Thursday, April 24, 2014 10:53 PM

Is anyone having issues with map downloads after this? It says the map is 
missing. I checked my FastDL web server logs and it returned HTTP 200 to the 
client.





 mailto:er...@valvesoftware.com Eric Smith

Thursday, April 24, 2014 7:14 PM

The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com 
[mailto:hlds_announce-boun...@list.valvesoftware.com] On Behalf Of Eric Smith
Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list 
(hlds@list.valvesoftware.com); Half-Life dedicated Linux server mailing list 
(hlds_li...@list.valvesoftware.com); 'hlds_annou...@list.valvesoftware.com' 
(hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes for 
the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by the 
engine


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

 

-- 

Bubka3


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

 

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Daniel Barreiro

This is a side-effect of the bugfix on checking decompressed file size.
It was actually in the notes
- Fixed an issue where decompressed file sizes were not being checked by
the engine

I'm hoping they can fix it tomorrow before the weekend. I sent Eric an
email, and hopefully he'll see this email thread. If anyone else wants to
let him know so he doesn't miss it, go ahead.

On Thu, Apr 24, 2014 at 11:21 PM, Mike Vail supp...@boomgaming.net wrote:

Yikes! This change definitely should have been included in the update
notes! I can only imagine how many Admins are scratching their heads and
pulling there hair out with this.

Limiting the map file size is going to be a huge issue for a lot of
people. I certainly hope they make it a priority to address it in days
rather than weeks. It could cripple some communities who have spent a lot
of time building their community around the special custom maps they run.

*From:* hlds-boun...@list.valvesoftware.com [mailto:
hlds-boun...@list.valvesoftware.com] *On Behalf Of *Daniel Barreiro
*Sent:* Thursday, April 24, 2014 8:08 PM

*To:* Half-Life dedicated Win32 server mailing list
*Subject:* Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM
updates coming soon

At the moment yes.

On Thu, Apr 24, 2014 at 11:04 PM, Bubka3 bub...@gmail.com wrote:

*Daniel Barreiro* smelly.feet.you.h...@gmail.com

Thursday, April 24, 2014 10:58 PM

I reported it to Eric. It's an issue with how they fixed the decompressed
file size check.

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

*Bubka3* bub...@gmail.com

Thursday, April 24, 2014 10:53 PM

Is anyone having issues with map downloads after this? It says the map is
missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

*Eric Smith* er...@valvesoftware.com

Thursday, April 24, 2014 7:14 PM

The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Bubka3

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread E. Olsen

Great - we have over a dozen payload maps affected by this.

On Fri, Apr 25, 2014 at 12:38 AM, Ross Bemrose rbemr...@gmail.com wrote:

For those of you wondering, it was also pushed to TF2 in today's update,
which means maps like pl_cashworks_final1 are broken because they are
larger than 64MB uncompressed.

On 4/24/2014 10:58 PM, Daniel Barreiro wrote:

I reported it to Eric. It's an issue with how they fixed the
decompressed file size check.

A TL;DR of the entire situation is I found an exploit that allowed you
to zip-bomb clients over fastdl. Reported it. They fixed it by making
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB,
which means even if the map is sent over FastDL, if the uncompressed file
is more than 64MB, it wont download it on the client.

I sent him an email about this issue this caused, and asked if they
could whitelist BSP files. The zip-bomb exploit wont work with BSPs as you
can only send a single bsp file over FastDL per connect, and the server has
to be running the map. That would cause the exploit to not work.

On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 bub...@gmail.com wrote:

Is anyone having issues with map downloads after this? It says the map is
missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Daniel Barreiro

Hopefully they can push a fix. Making BSPs whitelisted should solve the
issue. BSPs can't be affected by the exploit they were patching, so they
should be able to whitelist them with no issues.

On Fri, Apr 25, 2014 at 12:46 AM, E. Olsen ceo.eol...@gmail.com wrote:

Great - we have over a dozen payload maps affected by this.

On Fri, Apr 25, 2014 at 12:38 AM, Ross Bemrose rbemr...@gmail.com wrote:

For those of you wondering, it was also pushed to TF2 in today's
update, which means maps like pl_cashworks_final1 are broken because they
are larger than 64MB uncompressed.

On 4/24/2014 10:58 PM, Daniel Barreiro wrote:

I reported it to Eric. It's an issue with how they fixed the
decompressed file size check.

A TL;DR of the entire situation is I found an exploit that allowed you
to zip-bomb clients over fastdl. Reported it. They fixed it by making
FastDL listen to net_maxfilesize. Net_maxfilesize is engine-locked to 64MB,
which means even if the map is sent over FastDL, if the uncompressed file
is more than 64MB, it wont download it on the client.

I sent him an email about this issue this caused, and asked if they
could whitelist BSP files. The zip-bomb exploit wont work with BSPs as you
can only send a single bsp file over FastDL per connect, and the server has
to be running the map. That would cause the exploit to not work.

On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 bub...@gmail.com wrote:

Is anyone having issues with map downloads after this? It says the map
is missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread ics

Same here, I have custom maps on mapcycle that are bigger than 64MB on 
their natural size. Great update once again!


-ics

E. Olsen kirjoitti:

Great - we have over a dozen payload maps affected by this.


On Fri, Apr 25, 2014 at 12:38 AM, Ross Bemrose rbemr...@gmail.com 
mailto:rbemr...@gmail.com wrote:


For those of you wondering, it was also pushed to TF2 in today's
update, which means maps like pl_cashworks_final1 are broken
because they are larger than 64MB uncompressed.


On 4/24/2014 10:58 PM, Daniel Barreiro wrote:

I reported it to Eric.  It's an issue with how they fixed the
decompressed file size check.

A TL;DR of the entire situation is I found an exploit that
allowed you to zip-bomb clients over fastdl. Reported it. They
fixed it by making FastDL listen to net_maxfilesize.
Net_maxfilesize is engine-locked to 64MB, which means even if the
map is sent over FastDL, if the uncompressed file is more than
64MB, it wont download it on the client.

I sent him an email about this issue this caused, and asked if
they could whitelist BSP files.  The zip-bomb exploit wont work
with BSPs as you can only send a single bsp file over FastDL per
connect, and the server has to be running the map. That would
cause the exploit to not work.


On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 bub...@gmail.com
mailto:bub...@gmail.com wrote:

Is anyone having issues with map downloads after this? It
says the map is missing. I checked my FastDL web server logs
and it returned HTTP 200 to the client.


Eric Smith mailto:er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric


-Original Message-
From: hlds_announce-boun...@list.valvesoftware.com
mailto:hlds_announce-boun...@list.valvesoftware.com
[mailto:hlds_announce-boun...@list.valvesoftware.com] On
Behalf Of Eric Smith
Sent: Thursday, April 24, 2014 3:59 PM
To: Half-Life dedicated Win32 server mailing list
(hlds@list.valvesoftware.com
mailto:hlds@list.valvesoftware.com); Half-Life dedicated
Linux server mailing list (hlds_li...@list.valvesoftware.com
mailto:hlds_li...@list.valvesoftware.com);
'hlds_annou...@list.valvesoftware.com
mailto:hlds_annou...@list.valvesoftware.com'
(hlds_annou...@list.valvesoftware.com
mailto:hlds_annou...@list.valvesoftware.com)
Subject: [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM
updates coming soon

We're releasing mandatory updates for CS:S, DoD:S, and
HL2:DM. The notes for the updates are below. The new version
for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

==

- Fixed an issue where plugin_load may load a non-binary
file type
- Fixed an issue where decompressed file sizes were not
being checked by the engine


___
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


-- 
Bubka3http://www.getpostbox.com


___
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds




___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds



___
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds




___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

2014-04-24 Thread Kyle Sanderson

I don't know why this update was required for servers.

If we can't extract maps larger then 64M, then this is indeed a significant
problem. Unfortunately a lot of ignorance is present with shipping assets,
and since the VPK system is busted by design. This definitely needs to get
backed out before the weekend. There's a great deal of CS:S maps that we,
along with many other servers, unfortunately host that are over 250M
compressed with bz2. Uncompressed they're surpassing 500M, primarily due to
the fact assets can't be shipped and mounted via versioned VPKs.

Regards,
Kyle.

On Thu, Apr 24, 2014 at 8:58 PM, Daniel Barreiro
smelly.feet.you.h...@gmail.com wrote:

I reported it to Eric. It's an issue with how they fixed the decompressed
file size check.

On Thu, Apr 24, 2014 at 10:53 PM, Bubka3 bub...@gmail.com wrote:

Is anyone having issues with map downloads after this? It says the map is
missing. I checked my FastDL web server logs and it returned HTTP 200 to
the client.

Eric Smith er...@valvesoftware.com
Thursday, April 24, 2014 7:14 PM
The updates have been released.

-Eric

We're releasing mandatory updates for CS:S, DoD:S, and HL2:DM. The notes
for the updates are below. The new version for each game will be 2198641.

The updates should be out in about 15 minutes.

-Eric

- Fixed an issue where plugin_load may load a non-binary file type
- Fixed an issue where decompressed file sizes were not being checked by
the engine

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

--
Bubka3 http://www.getpostbox.com

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

Re: [hlds] [hlds_announce] Mandatory CS:S, DoD:S, and HL2:DM updates coming soon

15 matches

Site Navigation

Mail list logo

Footer information