Thanks for the breakdown, nice to have a full explanation, since it never came up clearly.
Also, it seems a bit counter intuitive to have your website in your signature while posting here, especially what the site sells. Unless I'm missing something? But yeah. On 21 Mar 2016 22:32, "Brendan H" <[email protected]> wrote: > This update patches a crash exploit circulating for CSGO SRCDS. This > affected both official and community servers. Since this update came with > no documentation for server owners, I'd thought I'd do some documentation > myself. > > The crash worked by using a malicious client to run the ConCommand > "setinfo" in rapid succession for a period of time. Malicious commands > were in the format "setinfo %d %d" where %d was an incrementing integer. > On low-memory configurations, SRCDS could run out of heap space, or cause > high CPU usage - enough to lag the server. > > This memory and resource exhaustion worked because a) setinfo iterated > every registered ConCommand looking for one with the same name as the first > parameter, which would block, b) if none exists, a new one is created with > the specified name and value on the heap, and c) each unique run of setinfo > would cause step (a) to take longer, thereby consuming more resources. > > Prior to this patch, mitigation was possible with SourceMod plugins that > rate-limited ConVars. SourceMod Anti-Cheat had this capability, among > other plugins. Vanilla servers were doneskies. > > *Most servers will be unaffected by this patch.* If your server, for > whatever reason, needs to use setinfo or FCVAR_USERINFO in the middle of > the game, then you must selectively whitelist allowed userinfo keys by > defining the FCVAR_USERINFO ConVar on connection. This can be done quite > easily on SourceMod. > > > 1. Listen for OnClientConnect events. > 2. Define a new ConVar with the specified key name with flag > FCVAR_USERINFO (9). > > > > Regards, > Brendan H > Senior Software Engineer > Platinum Digital Group LLC > > On 3/21/2016 16:52 PM, Vitaliy Genkin wrote: > > An optional server stability update for CS:GO has been released. It is > recommended for server operators to update servers with PatchVersion=1.35.2.9 > to the latest build ServerVersion=310. > > Community servers that need clients to upload changes to their userinfo > entries during gameplay must set all allowed server-side userinfo setting > keys when processing client connect. > > GL HF! > > > _______________________________________________ > Csgo_servers mailing > [email protected]https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
