* Added validity checks for player names, they must be UTF-8 encoded, else game clients will crash attempting to set non-UTF-8 player names in RUI.
* CServer::RejectConnection now takes a 'v_netadr_t*', previously it was 'user_creds_s*', which worked as 'v_netadr_t' is the first member in 'user_creds_s'.
* Programmer must now manually pass a character buffer to 'v_net_adr::GetAddress(...)'.
The smart pistol's laser line overlay did not draw after the debug overlay rebuild. After some small debugging, I found out that there was a function that creates the curved trace, and creates an overlay with index 4 (originally swept_box), however, the structure is different to that of swept_box. This is laser_line. Implemented logic for drawing out laser line, which essentially just calls DrawLine (as is the case in the engine).
* Use single static buffer instead of each overlay having its own (its only used in the material system thread).
* Improved readability by using ternary operators and c++ style casts.
* Construct min/max for AI Script Network boxes using SIMD (significantly reduced instruction count!).
* Move NavMesh debug draw to dedicated class for future changes.
the parameter check for '-novid' has been removed from S2 onwards, but later added back in. Our S3 build doesn't have it as well. This commit adds it back in and allows user to launch the game without the startup video's by adding '-novid' to the launch arguments. ('-dev' also works, but this enables developer and sv_cheats..).
Calling Host_Error at this stage will cause a dead lock. Removed the call after performing several test (i think the reason all error calls are removed as of Titanfall 2 and Apex Legends (compared to Titanfall 1) is for this reason). Returning false does the job and allows the client to recover as soon as a valid packet comes in.
Implement bounds check for non-sanitized value of u.m_nNewEntity.
Debug builds of the engine have an assertion, however in release these are stripped.
This fixes a full chain client RCE exploit, for more information, see: https://ctf.re/source-engine/exploitation/2021/05/01/source-engine-2/
Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands.
In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
* Check if m_MessageHandler is removed before running limit test.
* Add warning DevMsg if client exceeds value.
* Default 'net_processTimeBudget' value to '200'.
* Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel).
* Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL.
* Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'.
* Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
Implement net message process budget (channel gets removed if value is exceeded).
Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
Removed extraneous 'FCVAR_SERVER_CAN_EXECUTE' flag. We disconnect clients using 'CClient::Disconnect(..)', relying on the client is useless without an anti-cheat and anti-tamper. Client can still use this to disconnect on its own though.
'migrateme' seemed useless as well, removed 'FCVAR_SERVER_CAN_EXECUTE'.
This makes all 'FCVAR_SERVER_CAN_EXECUTE' require 'FCVAR_DEVELOPMENTONLY' to be stripped, in order to execute without the '-devsdk' parameter (development launch arg),
This should allow users to host dedicated servers without looking back, as you should reload/restart a server every 3 hours (a full process restart is the most recommended option, but a 'soft' reload works like a charm most of the time).
We reset the idle name in HS_GAME_SHUTDOWN, but the restart command callback uses the name field to 'map' into the same map (restarting), which causes issues when we reset it to 'server_idle'.
Changed behavior to only reset name (non recursive) if we are running but do not have an active game.
* Replaced the boolean 'fatal' parameter with a error code parameter, anything non-null will prompt a message (fatal) and terminate the process with given error code.
* Fixed bug where the global ostreamsink for spdlog did NOT get cleared in 'SQVM_PrintFunc' when cvar 'sq_showvmoutput' was < 3. Moved to global scope.
* Added error message for when detouring the process has failed, with the error code.
* Only call 'Plat_GetProcessUpTime()' once per log, (improves performance and fixes bug where the error message box would show a different time stamp than what is logged into the console or file).
* All TIER0 loggers only log to notify and console when the SDK engine has fully initialized and detoured all functions.
* Fade notify text by a fixed amount regardless of the frame times.
* Implement Valve's 'lerping' animation for text when entries fade away and expire.
* Don't run/push/remove anything if 'con_drawnotify' is disabled.
Bool is a char on this platform, and UINT8_MAX is 0xff (255), yet we set this char to 256 causing arithmetic overflow. Looking at the assembly of the game, this really is a uint16_t, and gets set to 256 in CHostState::Init, parsed to State_NewGame as 256 before the lowbyte is being reset to 0.
* Installed change callback 'NET_UseRandomKeyChanged_f' for cvar 'net_useRandomKey' (when set, it will generate a random key as this is needed when this is enabled!).
* Fixed bug where multiple of the same entries get added to the global ban/refuse list.
* Fixed bug where we still use the client instance after deleting it in 'CBanSystem::BanListCheck()'.
* Load banlist at a later state (not at construction of class), this is needed for a future change of adapting the 'business' code to feature the game's FileSystem.
* CServer cleanup.
* More detailed ban messages (banned, added to refused list, removed from slot, etc..).
* Use localization key for banned message ("#Valve_Reject_Banned").
* Add const qualifiers to all CPylon methods.
Note:
* This commit requires changes on the master server, these changes are already performed, however the new master server isn't live yet until we publish the new release.
