mirror of
https://github.com/space-wizards/RobustToolbox.git
synced 2026-02-14 19:29:36 +01:00
65b8d0cce2
Apparently cheat clients have figured out that none of SS14's code does validation against NaN inputs. Uh oh. IRobustSerializer can now be configured to remove NaN values when reading. This is intended to be set on the server to completely block the issue. Added "Unsafe" float types that can be used to bypass the new configurable behavior, in case somebody *really* needs NaNs. An alternative option was to make a "SafeFloat" type, and only apply the sanitization to that. The problem is that would require updating hundreds if not thousands of messages in SS14, and probably significantly confuse contributors on "when use what." Blocking NaNs by default is likely to cause little issues while ensuring the entire exploit is guaranteed impossible.
2.2 KiB
2.2 KiB