Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denial of Service attack #39

Open
Outworldz opened this issue Jun 5, 2021 · 1 comment
Open

Denial of Service attack #39

Outworldz opened this issue Jun 5, 2021 · 1 comment

Comments

@Outworldz
Copy link

The recursive #Include system cannot handle an estate number larger than about 800 due to the recursion in it, and the 1 MB stack space. The estate number can be almost unlimited in DreamGrid as it can handle thousands of regions. It also starts at 1000 now due to a need to skip over any possible estate. Web crawlers and rogue operators read an unused URL in the Diva code that is not normally used, and it will crash Robust due to the limited stack space of 1 MB.

I added a simple cutoff limit, shown below, which can be much lower than 500. I had to use a high estate number for auto creation of a a specific estate for Endless Land and Seas in DreamGrid. If you need a more details as to exactly what is happening and where, please contact me directly fred at outworldz.com.

Processor.cs line 141:

    private string Include(string argStr)
    {
        if (m_Index > 500) 
            return string.Empty;
@Outworldz
Copy link
Author

10 recursions is a reasonable limit for the avatar choices.

@Outworldz Outworldz mentioned this issue Jun 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Outworldz