Complete.Org: Mailing Lists: Archives: freeciv-dev: April 2004:
[Freeciv-Dev] Re: (PR#8457) No assertion in post_receive_packet_player_a 		Home

[Freeciv-Dev] Re: (PR#8457) No assertion in post_receive_packet_player_a

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: matusik_s@xxxxx
Subject: [Freeciv-Dev] Re: (PR#8457) No assertion in post_receive_packet_player_attribute_chunk() !!!
From: "rwetmore@xxxxxxxxxxxx" <rwetmore@xxxxxxxxxxxx>
Date: Thu, 8 Apr 2004 07:51:25 -0700
Reply-to: rt@xxxxxxxxxxx 
<URL: http://rt.freeciv.org/Ticket/Display.html?id=8457 >


Such SOPs would presumably be obvious candidates for fixing.

Unfortunately, there has been a misplaced developer-centric philosopy over 
the last few years that says crashing servers to get stack traces is far 
more important than things like security, user-friendlieness, 
failsafe/robust coding practices, saving game state or informative error 
logging on crash ...

The current code tends to run wide-open to catch problems from all the 
implicit rules and constraints, as opposed to in subsystems with boundary 
checks. The original Freeciv subsystem flavour of 3 years ago is largely 
gone now :-(.

Cheers,
RossW
=====

imbaczek@xxxxxxxxxxxxxx wrote:
> <URL: http://rt.freeciv.org/Ticket/Display.html?id=8457 >
> 
> On 2004-04-06 you wrote:
> 
>>The pre-delta code checked partly for incorrect array sizes given. The
>>delta code didn't do this at all. The attached patch fixed this. I'm
>>not sure about the way to react if such a case is found. Feel free to
>>change.
> 
> IMO bad/evil packets should be dropped, optionally with a log message.
> Killing the servers will lead to DoS attacks.
[Prev in Thread] Current Thread [Next in Thread]