data/scripts/usercommands.lua:121-129::
local function parseinput(input) local args = string.split(input, " ") local command = getcommand(args[1]) if command == nil then print("Tried running unknown user command: ",args[1]) dumptable(args) print("input:", input) return nil end --[[More]]--
This is bad because a client can repeatedly spam the server with invalid commands of very long lengths to cause the server's log file to fill up with this data very quickly, causing server performance issues.
With enough time any server would have its HD filled causing instability.
Steps to Reproduce
1) Join server. 2) Spam TheNet:SendSlashCommandToServer() 3) Server'll lose HD space over time eventually causing the OS to do its OS-specific routines which may include shutting down the computer.
1) Join server. 2) Spam TheNet:SendSlashCommandToServer(
A developer has marked this issue as fixed. This means that the issue has been addressed in the current development build and will likely be in the next update.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now