Jump to content
Displayname123

SECURITY. Lack of text character limits in certain objects poses potential means for denial of service

Recommended Posts

Version 41.65 

Multiplayer

Mods: vanilla

 

Reproduction:

Write to a sheet of paper, journal, notebook etc. Inputted strings needn't be meaningful. You will note the lack of sanity checking / outright character limits in both the title and body of the text. Upon inputting approximately 1MB of random data into the title of the sheet, a drop in fps from 60 to 2-3 is noted. If the amount of data inputted is large enough other users may experience "lag." If one were to write to multiple such sheets with obscenely long titles the server may well be rendered nonoperational. Essentially, one may be able to execute a denial of service attack on a PZ server without access to a botnet or the like. In so doing the threat actor may well bypass traditional detection.

 

Solution:

Implement sane character limits in the title and body of  any in-game document that a player can write to. E.g. sheet of paper, journal etc.

Edited by Displayname123
typo

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...