Jump to content

SECURITY. Lack of text character limits in certain objects poses potential means for denial of service


Displayname123

Recommended Posts

Version 41.65 

Multiplayer

Mods: vanilla

 

Reproduction:

Write to a sheet of paper, journal, notebook etc. Inputted strings needn't be meaningful. You will note the lack of sanity checking / outright character limits in both the title and body of the text. Upon inputting approximately 1MB of random data into the title of the sheet, a drop in fps from 60 to 2-3 is noted. If the amount of data inputted is large enough other users may experience "lag." If one were to write to multiple such sheets with obscenely long titles the server may well be rendered nonoperational. Essentially, one may be able to execute a denial of service attack on a PZ server without access to a botnet or the like. In so doing the threat actor may well bypass traditional detection.

 

Solution:

Implement sane character limits in the title and body of  any in-game document that a player can write to. E.g. sheet of paper, journal etc.

Edited by Displayname123
typo
Link to comment
Share on other sites

  • Displayname123 changed the title to SECURITY. Lack of text character limits in certain objects poses potential means for denial of service

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...