Commit Graph

215 Commits

Author SHA1 Message Date
Lion Kortlepel 9ca12fc7a6 fix std::weak_ptr locking and expiry checks
You're supposed to .lock() instead of TOCTOU checking, of course.
Not sure what I was thinking when I built that. .lock() returns a
default constructed std::shared_ptr on error, which is `false` via
`operator bool`.
2026-04-19 18:17:54 +00:00
Lion Kortlepel b3e8d86cef refactor Lua result handling for safety
this massively improves thread safety and cleanly serializes accesses
into the lua engine's result objects where accesses before were
extremely unsafe and could access a corrupt/invalid stack.

this fixes various obscure crashes related to accessing results,
without changing any observable behavior.
2026-04-19 18:17:54 +00:00
Lion Kortlepel 7089e5da9a fix race on disconnect
between the time we check for `is_open` and the actual disconnect, the
socket could already have been disconnected by another thread (TOCTOU).
Furthermore, the disconnects can race causing a segfault or similar
issue in the asio's internals.
2026-04-19 18:17:53 +00:00
Lion Kortlepel e9ce71d39a make send file accept a non-blocking socket 2026-04-19 18:17:53 +00:00
Lion Kortlepel d26e53a975 handle error cases early 2026-04-19 18:17:53 +00:00
Lion Kortlepel b1946ef1d9 use ReadWithTimeout until fully completed auth 2026-04-19 18:17:53 +00:00
Lion Kortlepel c08eefdf69 move TIoPollThread out and use it in TServer
the previous IoCtx was never being polled
2026-04-19 18:17:53 +00:00
Lion Kortlepel be0d8d5334 make connection reject msg a debug message, avoiding spam on ddos 2026-04-19 18:17:53 +00:00
Lion Kortlepel 1f55c35f2b fix ReadSocketWithTimeout to use dedicated io context polled on a new jthread
jthread so it's cancellable
2026-04-19 18:17:53 +00:00
Lion Kortlepel 58e5317687 refactor ReadWithTimeout to not spawn a thread + use an fd each read
this was exhausting file descriptors with enough concurrent reads, from
what I can tell. Either way, spawning a new OS thread per read is not
the way.
Because this is so critical, I added unit-tests for that behavior.
2026-04-19 18:17:53 +00:00
Lion Kortlepel b5642247a6 accept without EP, explicitly (and fallibly) get the endpoint 2026-04-19 18:17:53 +00:00
Lion Kortlepel 6fca901aa2 implement connection limiter to replace manual limiting code 2026-04-08 12:31:35 +00:00
Lion Kortlepel 7925caf1a2 catch boost tcp's remote_endpoint() throwing and crashing the server
this happens when, somehow, the client disconnects before we get here.
I had this happen when breaking in the debugger and continuing, which
leads to clients timing out (client-side timeouts).
2026-04-07 21:19:33 +00:00
Lion Kortlepel 8cdee376c6 use jthread to join thread on scope exit 2026-04-07 20:25:17 +00:00
SaltySnail 66884920db Remove clients when shutting down the socket 2026-03-31 23:44:43 +02:00
SaltySnail 5c2a0db7ef Added timeout on read 2026-03-31 22:32:57 +02:00
SaltySnail 75e9c52ce8 Rewrite accept code to not use continue 2026-03-28 16:23:29 +01:00
SaltySnail b4b262196b Revert "Skip invalid socket when accept() fails"
This reverts commit 83afafc0c3.
2026-03-28 16:15:42 +01:00
alex 48d721f602 Harden malformed vehicle packet parsing 2026-03-07 21:23:00 -07:00
wadyankaw 83afafc0c3 Skip invalid socket when accept() fails
When Acceptor.accept() returns an error (e.g., "Too many open files"),
the server was continuing to process an invalid socket, causing resource
leaks and potential infinite error loops.

Add continue statement to skip processing when accept() fails, allowing
the server to retry on the next iteration instead of crashing.

Fixes resource exhaustion DoS vulnerability where server would enter
error loop instead of handling gracefully.
2025-12-28 03:54:55 +03:00
Tixx c4c894c1f7 Bump version v3.9.0 2025-10-20 22:41:29 +02:00
Tixx 731599f16e Json vehicle state and apply paint packet (#416)
Converts the vehicle stored client side from a raw string to parsed json
data. This allows us to more easily edit the vehicle state serverside,
which I've started using in this PR for updating the state after a paint
packet.

---

By creating this pull request, I understand that code that is AI
generated or otherwise automatically generated may be rejected without
further discussion.
I declare that I fully understand all code I pushed into this PR, and
wrote all this code myself and own the rights to this code.
2025-06-19 17:46:49 +02:00
Tixx 7db40e068e Replace obsolete function 2025-04-01 09:43:49 +02:00
Tixx 6053aa6192 Fix protected mod kick 2025-04-01 09:11:49 +02:00
Tixx 7a439bb5b9 Add mod hash caching and mod protection 2025-03-31 08:04:15 +02:00
Tixx 73e9595d14 Switch C-Style int cast to c++ style uint16 cast 2025-03-29 20:17:25 +01:00
Tixx 71b8a61c97 Add custom IP bind option 2025-03-15 20:45:48 +01:00
Tixx 00560f7646 Wait for the server to start before loading plugins or allowing connections 2025-02-15 21:47:17 +01:00
Tixx 2f577a2358 Store vehicles in parsed json 2025-01-25 22:16:06 +01:00
Tixx a7eeda0569 Add size header to information packet 2025-01-12 16:55:38 +01:00
Tixx 26f1be0a51 Switch to curl 2025-01-11 22:18:50 +01:00
Tixx d7f3bc8b9f Debug log responses from auth and backend 2024-12-23 18:18:42 +01:00
Mathijs 9046b5a4d3 Fix build failure with Boost >= v1.87.0
Closes #401
2024-12-18 14:12:38 +01:00
Tixx 99a51808a0 Fix postPlayerAuth not running until after leaving 2024-11-25 00:33:10 +01:00
Tixx 1c07cf83b2 Fix postPlayerAuth and add reason value 2024-11-24 22:28:32 +01:00
Lion 9ad4f61209 Information packet (#382)
This PR adds an "I" packet which returns the server information. This
can be used by external programs and the launcher to get information
about a server without having to connect it to. It can be toggled in the
config and in lua.
2024-11-01 12:27:31 +01:00
Tixx 956d6f50e1 Add setting for the information packet 2024-10-14 00:39:12 +02:00
Tixx 6aeb2eb736 Add server identification packet 2024-10-14 00:39:12 +02:00
Lion Kortlepel f40d4c1ddd add 'P' packet on UDP
this can be used to check if UDP works :)
2024-10-13 22:13:05 +02:00
Lion c39beb5b72 reuse minclientversion where possible
Co-authored-by: Tixx <83774803+WiserTixx@users.noreply.github.com>
2024-10-09 18:03:01 +02:00
Lion Kortlepel 7dd2d89ad9 clarify auth version reject message 2024-10-09 16:48:40 +02:00
Lion Kortlepel 3403c8acba fix version check on auth 2024-10-09 16:44:38 +02:00
Lion 077bb6b1cd Add player limit bypass to onPlayerAuth (#372)
With this PR, returning 2 in onPlayerAuth will allow the player to join
without checking if the server is full. This makes it easier for plugin
developers to allow for example their staff to join without having to
change the max player count.
2024-10-05 16:07:53 +02:00
Lion Kortlepel 88ca17236a remove two-socket download 2024-09-29 01:15:48 +02:00
Lion Kortlepel a4b62d013c implement mod hashing + new download 2024-09-29 00:32:52 +02:00
Tixx bb3c762d68 Add player limit bypass to onPlayerAuth 2024-09-28 14:52:04 +02:00
Lion Kortlepel 73f494041a fix exception propagation on packet decompression 2024-09-19 16:59:17 +02:00
Lion 63b2a8e4a3 Add post event(s) (#364)
Adds `post*` events which are triggered after the respective `on*` event
has completed and the results have been sent.

They have the same arguments as the `on*` function, with the exception
that another argument is added in the beginning which contains whether
the `on*` variant was cancelled.
2024-09-19 01:37:17 +02:00
Lion Kortlepel 3068a0e5c4 add back car deletion 2024-09-18 16:46:11 +02:00
Lion Kortlepel 86b37e8ae1 move postPlayerAuth later again, after client insert 2024-09-18 16:26:26 +02:00