search

ValveSoftware / halflife

Half-Life 1 engine based games
Other
3.74k stars 631 forks source link

[GoldSource] New download checks prevent legitimate files from downloading #2179

Open ghost opened 5 years ago

ghost commented 5 years ago

If required content has a dot (.) in their name, the engine will classify them as an invalid file type and prevent the download, even if they're legitimate. 

Invalid file type...skipping download of models/player/ecx.vegeta-ts/ecx.vegeta-ts.mdl
Invalid file type...skipping download of models/player/ecx.vegeta-ts.majin/ecx.vegeta-ts.majin.mdl
Invalid file type...skipping download of models/player/ecx.vegeta-ts.ssj/ecx.vegeta-ts.ssj.mdl
Invalid file type...skipping download of models/player/ecx.vegeta-ts.ssj2/ecx.vegeta-ts.ssj2.mdl
Invalid file type...skipping download of models/player/ecx.vegeta-ts.ssj4/ecx.vegeta-ts.ssj4.mdl
Invalid file type...skipping download of models/player/ecx.vegetto/ecx.vegetto.mdl
Invalid file type...skipping download of models/player/ecx.vegetto.ssj/ecx.vegetto.ssj.mdl
Invalid file type...skipping download of models/player/ecx.videl/ecx.videl.mdl
Invalid file type...skipping download of models/player/ecx.yamcha/ecx.yamcha.mdl

As a result, upon joining the client will crash due to missing models.

Tested on Earth's Special Forces 1.2.3 and Half-Life under Proton.

SamVanheer commented 5 years ago

The engine explicitly checks if there is more than one dot, so this is probably intentional behavior but not to block files with more than one dot, rather to prevent it from matching the wrong part of a filename to an extension.

The function IsSafeFileToDownload should check what the filename ends with. The function COM_LastFileExtension should do fine for this, just remember that this function returns everything after the dot, not including the dot.

Separate logic will be needed for the cases that check for complete filenames (e.g. halflife.wad).

SkillartzHD commented 5 years ago

This does not have how to be removed from IsSafeFileToDownload, is for client security can not receive files with. (dot), otherwise anyone can throw files on the player outside the game goldsrc (/../../)

SamVanheer commented 5 years ago

A separate check already exists for that:

if ( !Q_strstr(lwrfilename, "\\")
      && !Q_strstr(lwrfilename, ":")
      && !Q_strstr(lwrfilename, "..")
      && !Q_strstr(lwrfilename, "~")
      && lwrfilename[0] != '/' )
    {
SkillartzHD commented 5 years ago

yes , and why not a fast download and implementation in Netchan_CreateFileFragments As it comes to Netchan_CreateFileFragments that allows downloading files during the game (without PF_Precache _*) (the client supports the download during the game with the exceptions from IsSafeFileToDownload. Cfg. bat. dll etc..) There is a restrictive for downloading files during the game in SV_BeginFileDownload_f, which is very good If the client allows the download during the game, why not use the Netchan_CreateFileFragmentsfunction in the server (at that I did not think so far, anyway it is a good idea to do in a module)