Calling Host_Error at this stage will cause a dead lock. Removed the call after performing several test (i think the reason all error calls are removed as of Titanfall 2 and Apex Legends (compared to Titanfall 1) is for this reason). Returning false does the job and allows the client to recover as soon as a valid packet comes in.
Implement bounds check for non-sanitized value of u.m_nNewEntity.
Debug builds of the engine have an assertion, however in release these are stripped.
This fixes a full chain client RCE exploit, for more information, see: https://ctf.re/source-engine/exploitation/2021/05/01/source-engine-2/
Client's can run string commands on the server with no rate limit. This means when you run 50k+ commands that are unknown, or spam 30k 'status' commands, you will be able to hang the server for 800/1200ms (15k/30kms if script printing to console is enabled!). Although the netchan processing budget system will kick you, the damage has already been done at this point. This change effectively breaks the ability to DOS the server from the client using networked string commands.
In easier words; binding 'status' to your mousewheel will get you kicked from the server, without hitching the server.
* Use 'CClient::Disconnect(..)' for all kicks and bans (this automatically clears the entire CClient slot, and removes the net channel).
* Only force disconnect when 'CNetChan::m_nSignonState' has a value that is not NULL.
* Clear the ServerPlayer slot on 'CClient::Disconnect(..)' and 'CClient::Connect(..)'.
* Only kick player for NetChannel overflow when value exceeds processing budget (not equals).
Implement net message process budget (channel gets removed if value is exceeded).
Use 'net_processLimit' to enable the implementation on the server. It will get enabled by default after testing and some cleanup. This helps against people trying to slow the server down by spamming net messages with a higher rate, e.g. using 'bind "mousewheel_up" "status"'.
* Replaced the boolean 'fatal' parameter with a error code parameter, anything non-null will prompt a message (fatal) and terminate the process with given error code.
* Fixed bug where the global ostreamsink for spdlog did NOT get cleared in 'SQVM_PrintFunc' when cvar 'sq_showvmoutput' was < 3. Moved to global scope.
* Added error message for when detouring the process has failed, with the error code.
* Only call 'Plat_GetProcessUpTime()' once per log, (improves performance and fixes bug where the error message box would show a different time stamp than what is logged into the console or file).
* All TIER0 loggers only log to notify and console when the SDK engine has fully initialized and detoured all functions.
When fatal is set, the function will show a error dialogue, which will halt the process and close when the message is dismissed. Else we will end up in a crash.
* Fix all compiler error for GameSDK on S0 and S1.
* Remove some unused patterns and globals (launch performance gains of 100ms).
* Remove most duplicate patterns.
* Relocate globals from engine to a more appropriate location.
* Renamed some unknown vars to a more appropriate name (most of these where obtained a while back, but as we reversed more parts of the engine, some of these vars become known).
* Renamed some vars to fit the naming convention used in the SDK.
* Fixed pattern debug logging using the wrong pointer, thus displaying the wrong address.
Renamed to EGlobalContext_t and used globally for all context types combined into one (required for rcon messages for example, as we do native and script messages, while also retaining colors).
* Removed some unused signatures.
* Named 2 CBaseFileSystem methods, and applied them to 'MOD_ProcessPakQueue()'.
* Renamed 'qword_1671061C8' to 'g_pMTVFTaskItem'.
* Renamed 'g_pMapVPKCache' to 'g_szMTVFItemName'.
* Only set first byte to 0 in 'g_szMTVFItemName' (actual size is 0x100, not 0x40).
* Use GetVirtualMethodTable for VFTable pointers.
* Pack CClientState to 4 bytes (this aligns it properly in memory).
* Use CClientState members directly for setting m_bRestrictServerCommands/m_bRestrictClientCommands.
* Use c++ methods as much as possible.
* Use enum types for accessing NavMesh objects from array.
* Use size_t for for loops when testing against size types.
* Don't compute strlen twice of more on the same string.
* Don't use unnecessary c string casts if there is a method with a std::string overload.
* Don't create string objects from string pointers if we could use them directly.
* Don't initialize RCON password twice on each change, and don't set if the new password equals the old.
* Moved ConVar usage text that where part of the help string to the usage string parameter.
* Flagged ConVar 'bhit_abs_origin' as FCVAR_DEVELOPMENTONLY | FCVAR_REPLICATED.
* Flagged ConCommand 'bhit' as FCVAR_DEVELOPMENTONLY | FCVAR_GAMEDLL.
* Check 'bhit_enable' before running the 'bhit' command callback.
* Fixed spelling in a few area's.
* Use responceid from server to determine in which context to log.
* Moved all script loggers from combined enums to minus instead (SERVER = -3, CLIENT = -2, UI = -1 SERVER_CODE = 0, etc), this makes it much easier to align stuff in combined systems such as the RUI logger or NetMsg().
* Color log networked RCON messages properly on the client.
* Added dedicated logger for all received RCON messages (net_console.log).
* Log commands submitted through in-game console (allows for easier debugging when going through log files).
* Implemented robust length-prefix framing logic for non-blocking sockets (previously used character sequences to determine length, but you cannot use character sequences on protocol buffers as its binary data. This logic should fix all problems regarding some commands not getting networked properly to the server and stuff not getting printed on the client).
* Increased buffer size to std::vector::max_size when netconsole is authenticated (MAX_NETCONSOLE_INPUT_LEN still remains enforced on accepted but not authenticated connections to prevent attackers from crashing the server).
* Process max 1024 bytes each recv buffer iteration.
* Additional optimizations and cleanup.
* Changing RCON passwords on the server now closes all connections and re-initializes the system.
* Fully mapped out VFTable interface for IConVar* (used for ConVar callbacks, see callback.cpp).
Removed padding that was causing the structure to misalign with the game's one.
Enabled 'SVC_UserMessage::Process()' hook (function works properly after the structure alignment).
Moved logging functions to dbg.h (tier0) and export them from the dll.
Added additional functions for checking bad pointers (debug only!).
Reduced output code size.
* Mostly rebuild CServer structure.
* Partially rebuild CNetworkStringTable structure.
* Partially rebuild CNetworkStringTableContainer structure.
* Removed redundant patterns which are now covered in the data structure.
Moved server/client headers and implementations into dedicated subfolder.
Renamed Some classes to match the game binary (e.g. CBaseClient is now CClient).
Removed redundant files.
