mirror of
https://github.com/space-wizards/RobustToolbox.git
synced 2026-02-14 19:29:36 +01:00
65b8d0cce2
Apparently cheat clients have figured out that none of SS14's code does validation against NaN inputs. Uh oh. IRobustSerializer can now be configured to remove NaN values when reading. This is intended to be set on the server to completely block the issue. Added "Unsafe" float types that can be used to bypass the new configurable behavior, in case somebody *really* needs NaNs. An alternative option was to make a "SafeFloat" type, and only apply the sanitization to that. The problem is that would require updating hundreds if not thousands of messages in SS14, and probably significantly confuse contributors on "when use what." Blocking NaNs by default is likely to cause little issues while ensuring the entire exploit is guaranteed impossible.
54 lines
2.2 KiB
C#
54 lines
2.2 KiB
C#
using System;
|
|
|
|
namespace Robust.Shared.Maths;
|
|
|
|
/// <summary>
|
|
/// Marker type to indicate floating point values that should preserve NaNs across the network.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Robust's network serializer may be configured to flush NaN float values to 0,
|
|
/// to avoid exploits from lacking input validation. Even if this feature is enabled,
|
|
/// NaN values passed in this type are still untouched.
|
|
/// </remarks>
|
|
/// <param name="Value">The actual inner floating point value</param>
|
|
/// <seealso cref="System.Half"/>
|
|
public readonly record struct UnsafeHalf(Half Value)
|
|
{
|
|
public static implicit operator Half(UnsafeHalf f) => f.Value;
|
|
public static implicit operator UnsafeHalf(Half f) => new(f);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Marker type to indicate floating point values that should preserve NaNs across the network.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Robust's network serializer may be configured to flush NaN float values to 0,
|
|
/// to avoid exploits from lacking input validation. Even if this feature is enabled,
|
|
/// NaN values passed in this type are still untouched.
|
|
/// </remarks>
|
|
/// <param name="Value">The actual inner floating point value</param>
|
|
/// <seealso cref="System.Single"/>
|
|
public readonly record struct UnsafeFloat(float Value)
|
|
{
|
|
public static implicit operator float(UnsafeFloat f) => f.Value;
|
|
public static implicit operator UnsafeFloat(float f) => new(f);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Marker type to indicate floating point values that should preserve NaNs across the network.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Robust's network serializer may be configured to flush NaN float values to 0,
|
|
/// to avoid exploits from lacking input validation. Even if this feature is enabled,
|
|
/// NaN values passed in this type are still untouched.
|
|
/// </remarks>
|
|
/// <param name="Value">The actual inner floating point value</param>
|
|
/// <seealso cref="System.Double"/>
|
|
public readonly record struct UnsafeDouble(double Value)
|
|
{
|
|
public static implicit operator double(UnsafeDouble f) => f.Value;
|
|
public static implicit operator UnsafeDouble(double f) => new(f);
|
|
public static implicit operator UnsafeDouble(float f) => new(f);
|
|
public static implicit operator UnsafeDouble(UnsafeFloat f) => new(f);
|
|
}
|