I'm not asking somebody to actually introduce me into native coding or writing the code for me.
I just want to figure out a safe way to open a file, parse or write stuff, and safely close it without causing problems with the engine in runtime.
This will likely happen during the course of a native function call so nothing latent.
Any directions?
(Native) Safely handling binary files within actor class.
-
- Skilled
- Posts: 198
- Joined: Thu Apr 16, 2020 3:23 pm
- Personal rank: GameDev
Re: (Native) Safely handling binary files within actor class.
Hmm, what do you mean by "safely?" Are these files going to contain user input / data sent to other users?
The native code uses c++, and there are ways to serialize objects to and from binary data. You can do this relatively easily, and do extra error correction / escaping if youre worried about invalid inputs. If you want to be safe, you can attempt to parse / deserialize, and then bail if anything about the data seems "off." Obv you'd want to sanitize strings/names and avoid ANY calls that execute calls to console / command line / operating system calls that directly use this serialized / deserialized data, and if you do, heavily sanitize and think of a worst case scenario (the worst case scenario would be somebody transmitting this data to you / to a client / server from within ut99, and it being able to exploit a RCE vulnerability / use some kind of injection to execute arbitrary code / function).
The easiest example is looking up SQL injection mitigation, php execution mitigation, and JS eval dangers.
The native code uses c++, and there are ways to serialize objects to and from binary data. You can do this relatively easily, and do extra error correction / escaping if youre worried about invalid inputs. If you want to be safe, you can attempt to parse / deserialize, and then bail if anything about the data seems "off." Obv you'd want to sanitize strings/names and avoid ANY calls that execute calls to console / command line / operating system calls that directly use this serialized / deserialized data, and if you do, heavily sanitize and think of a worst case scenario (the worst case scenario would be somebody transmitting this data to you / to a client / server from within ut99, and it being able to exploit a RCE vulnerability / use some kind of injection to execute arbitrary code / function).
The easiest example is looking up SQL injection mitigation, php execution mitigation, and JS eval dangers.
- sektor2111
- Godlike
- Posts: 6423
- Joined: Sun May 09, 2010 6:15 pm
- Location: On the roof.
Re: (Native) Safely handling binary files within actor class.
Last post was in 2013 and... problem has been solved - nothing here is for client as long as you cannot force client to install new natives out of his will - this was not really accepted in UT community. The problem was concerning Server stuff - sample is GunLoc mutator if I well recall the name.
-
- Skilled
- Posts: 198
- Joined: Thu Apr 16, 2020 3:23 pm
- Personal rank: GameDev
Re: (Native) Safely handling binary files within actor class.
I was unaware of the date... it showed up at the top of forum posts near others that wre recent, and assumed that list was chronological. Doh!
Kind of a dumb design decision to not enforce it to be chronological, but good to know
Kind of a dumb design decision to not enforce it to be chronological, but good to know