Is it possible to get virus from online content?

[EndChapter]

Openttd written with c++ which makes online content easy exploitable. My question is: Does someone control online content? Is there a system for that or whoeverwants to make online content can do?

[TrueBrain]

Openttd written with c++ which makes online content easy exploitable.

That is quite a statement, and I am tempted to respond with: citation needed ;)

Although OpenTTD is written in C++, that doesn't make it "easy exploitable". But that might be more an academic discussion.

More important to know and realise, is that our online content isn't C++ code, nor binary executables (or libraries). To dive a bit deeper, we need to split up what is actually on the online content service.

First, we have scenarios. Scenarios are basically savegames, with another extension, and act accordingly. They are read as a binary format, interpreted by OpenTTD, and the game is loaded. So this isn't a binary executable of any kind. As such, your classic "virus" cannot impact this.
That isn't to say there is no chance someone exploits a scenario to do something evil .. that is always possible. But that would require for someone to specifically target OpenTTD, its savegame system, and then get people to download the compromised scenario. Not impossible, but also not possible to guard against, as it would be a novel "virus". It is however rather improbable.

Second, we have heightmaps. Those are simply PNGs. We use libpng to load those images, which has been well tested. Exploitable? Very unlikely, but not zero. But I am sure OpenTTD won't be first on the list when an exploit is found ... browsers are a much easier target in that case :)

Third, we have AIs and GameScripts. Those are written in a language called Squirrel, similar to LUA, which we interpreted. The scripts are sandboxed, and have no access to the OS or filesystem in any way, shape or form. The only thing they can do, is access an API we supply.
The only way to exploit this, would be to find a weakness in any of the API entrypoints, and abuse that. Give the amount of abuse the API has had over the years, this is really unlikely.

Lastly, we have NewGRFs. This too is a custom binary format, which is read and interpreted by OpenTTD, byte by byte. It contains graphics and instructions how to work with these. This too, is sandboxed, and here too an API (although more an ABI) is supplied which can be used. Recently we have been fuzzing NewGRFs, to see if anything breaks. Nothing showed up.

So where does this leave us.

Can we guarantee the online content system cannot be exploited?
No.
In security, you can never guarantee such thing. Someone with enough time and money for sure will find something. This is the inherent risk of being on the Internet.

Is it likely?
No.
Any exploit would need to specifically target OpenTTD, and what ever exploit is found, it would only work on OpenTTD, and only for those people that downloaded the content explicitly. It is a very small target audience, and as such, not really likely someone puts in that much time and effort.

In other words, I used a lot of words to say: it is impossible to get a classic "virus" via the online content. The only exploitable way to abuse the online content system is to specifically target OpenTTD and one of its binary formats. Which is not impossible, just improbable.

So to end where I started: I don't agree with the statement: it is written in C++, so it is easy exploitable :)

Hope this settles your nerves a bit :) If you have any other questions or want more detail, let us know!

PS: additionally, the online content service also validates uploads, as in: you cannot upload some arbitrary file and say: this is a NewGRF. The system will refuse the upload. It has to be an actual NewGRF before it is accepted. Similar for the other types. This is just an extra line of defense.