r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: ctf skin prob
Pages: [1]
Print
Author Topic: ctf skin prob  (Read 4733 times)
bolondska
Guest
« on: August 18, 2005, 06:06:04 pm »

help plz,  if anyone is using a skin named/or in the folder of ..  using the symbols..     [  ]     ,  then the skin I see is a dm skin and not a ctf,  this is most confusing because I dont know what team they are on Smiley
Logged
Bossman
Member

Posts: 486


« Reply #1 on: August 18, 2005, 07:01:34 pm »



   You should tell the person/s in the server that there skin is not right to please change it. Most players will fix it unless new player and don't know how. Then also let admin know of the problem so he can set server config to help out with it. 
Logged
bolondska
Guest
« Reply #2 on: August 20, 2005, 09:31:17 am »

There is little chance of getting anyone to change their clan skin that they have been using for years.
It only seems to be the r1q2 client that does not display the skins properly.
What you are suggesting is to look at the symptoms and not the cause.
Surely it must be an easy fix in the r1q2 software.   
I cant understand why this hasnt been addressed or noticed earlier.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #3 on: August 20, 2005, 10:37:08 am »

This is an intentional fix for malformed skins. Quake II should not load skins with .. paths for security reasons. As an additional level of protection, several non-alphanumeric characters are also blocked.
Logged
fallen
Guest
« Reply #4 on: August 20, 2005, 12:55:36 pm »

could we get a proper explaination to why this was removed?
it bugs the hell outa me still that you remove native functions with no particular purpose
Logged
Bossman
Member

Posts: 486


« Reply #5 on: August 20, 2005, 05:10:00 pm »



   Well bolondska I think you are wrong because for the most part everone that has been in my server like this has fixed there skin with no problem. In ctf there are set skins anyway so if you are a clan with a skin and the skin is not allowed in a server how do you think they play there? That would put a cap on the servers they can get into in the first place so I don't think a clan member with a favorite skin would not want to change there skin and chose not to play because of a small thing like that. For that mater I don't think anyone would mind if they wanted to play in any server in question.
Logged
bolondska
Guest
« Reply #6 on: August 20, 2005, 06:13:44 pm »

Naming of skins will never be enforced on the xs public server,  this will only put people off from using r1q2.
Some peeps are deliberately using ][  symbols now because they know it will confuse the opposition using r1q2 Sad


This is only serving to alienate r1q2 users,  I have always promoted r1q2 but it looks like I will have to stop using it.

Why cant you fix it so any paths using malformed charactors in ctf use the default ctf skin  instead of the dm skin, that sounds like common sense to me !!!
Logged
QwazyWabbit
Member

Posts: 402


« Reply #7 on: August 20, 2005, 06:46:23 pm »

Using [ ] <> () in nicknames is permissible. Skins names are filenames and those characters are not strictly legal as Linux or Windows file names and as such should have been filtered out by the file system. If the files don't exist on the server in the first place then prohibiting them in a client makes no difference. Enforcement of a skin name by a CTF server ought to be automatic and should not be interfered with by the engine. If a client on a CTF server sets a skin name the server should have immediately set it back to the skin designated by his team.
Logged
fallen
Guest
« Reply #8 on: August 20, 2005, 10:38:02 pm »

i agree, r1q2 is an awesome client
but there are some things that want to make me use somethign else
im sorry to say it,  but you need to wake up r1ch

i agree that this is your client, but if you want people to use it
you need to stop removing things that dont need to do be removed
Logged
QwazyWabbit
Member

Posts: 402


« Reply #9 on: August 21, 2005, 01:52:45 am »

Let me clarify my position.

I don't think R1ch is totally wrong in filtering these kinds of characters from skin names. I do think he has sometimes been a little too aggressive where the file system would have provided the necessary protection in the case of an illegal file name. R1Q2 checks that the characters are alphanumeric or "_" or "-" and prohibits all others. In general, this would be a good filter for untrusted user input. Skins are folder/filenames to the system and the file system should be rejecting illegal characters. Would this have crashed the server? I have not looked at the original 3.21 sources to see what would happen so I can't answer that question. Should a server or client filter out characters that would be illegal in a file name? I think the answer is probably yes. Why? Because an application should prevent a user from passing to the file system a file name that the application knows would be illegal. The question then becomes "what's legal?" In Win32 NTFS the rules are: 255 characters or less in length. The complete path cannot exceed 259 characters, including separators. May not begin or end with a space. May contain 1 or more file extensions (e.g., MyFile.Ext1.Ext2.Ext3.Txt). Legal characters from 32-255 characters in length, but not the characters ? ”/ \ < > * : or |.  So [] (){} as might be found in clan tags would be permissibile under the Win32 filename rules. I am fairly sure this is also true for Linux systems with the added caveat that *nix systems are case sensitive and can also depend on the locale. But would you really want to see something like QwazyWabbit<WOS>/clanskin[WOS]/myskin.skin[wos].skin.ext in a game? I don't think so. I also know you wouldn't want to see 255 character skin names even though they would be legal to the file system. Names that long would have overflowed the buffers within the game itself. This is the kind of abuse R1ch was trying to prevent.

The proper method for an application to deal with file names is to always check the return value from the system calls and deal with the error returns gracefully. Too often, the Q2 engine simply crashed or terminated when OS errors occurred. I think r1ch was trying to deal with this in an expeditious manner and prevent error returns rather than deal with aftermath of what amounts to malicious behavior. I also notice that he was dealing with preventing buffer overflows of the config strings so this was clearly a security concern at that time.

I don't agree that allowing skins to contain clan tags is a good idea. I think it was a bug within the original Q2 game to allow it in the first place. In the case of CTF servers in particular, the use of custom skins seems abusive since the clients and server ought to be using server-enforced team skins that the server admin or the mod has defined. The mod would be responsible for this, not the engine. If a custom skin were detected, it should be taken care of in the mod with a forced change to the proper config string. Repeated changes away from the server-defined team skins should be dealt with by automatic kicking of the offending client. If the server is deliberately using custom skins on teams then the client should allow the download of that skin and use it. Should the skin contain a clan tag? I myself wouldn't want to see it and wouldn't play on a server that enforced it.

QW
« Last Edit: August 21, 2005, 02:07:30 am by QwazyWabbit » Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #10 on: August 21, 2005, 06:18:14 pm »

I agree that male/grunt isn't the best failsafe option in CTF, but the client has no clue that it's a CTF game. If the server won't provide legal skin filenames then the client has no choice but to fall back to a safe value. Would you rather have the model not drawn at all?

In testing I have found that the allowance of certain characters (namely . / and other path traversal methods) can cause client compromises under specific circumstances and memory exhaustion in others. With Win32, Mac and Linux and maybe even other architectures, each on their own file system, I opted to take a safe set of characters which were likely available on every platform and filesystem.

The mod should be the one enforcing the skins, not the engine. When the mod allows illegal characters then the engine has no choice but to fall back to a safe default. I question why any CTF mod would allow the use of custom skins given that it would be so trivial to switch to a non-colored skin. The CTF mod should have a list of allowed model/skin pairs and not deviate from those.

Perhaps an updated SP/DM and CTF Game DLL should be part of the R1Q2 project also.
Logged
bolonska
Guest
« Reply #11 on: August 22, 2005, 03:33:06 am »

Rich,  can the client check 'game = ctf'  then set the default skin ??
Logged
Bossman
Member

Posts: 486


« Reply #12 on: August 22, 2005, 08:40:53 am »

   What would happen if CTF r1q2 clients took the grunt out of there ctf/players/male dir? I would think all that would be left is them seeing a enforced skin from server. I think the grunt is being enforced by r1q2 server side not the r1q2 client persay because of the skin stuff it checks. So if r1q2 clients take grunt out of there players dir then that may work for that client seeing a color player in CTF instead of grunt so they can then tell who is who even if that player/s trys to set it up so you see them that way won't matter if you don't have it.. Remember it is in baseq2/players/male dir also... Just something to try until it gets fixed might work. I don't know for sure have not tried it but someone could. Just for CTF players BTW.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #13 on: August 22, 2005, 02:27:34 pm »

The server validates skins (sv_validate_playerskins) serverside by default to help protect non-R1Q2 clients who may be connected. The R1Q2 client also does the same validation clientside in the case of playing on non-R1Q2 servers. Perhaps the clientside validation should also be optional...

Checking the 'game' is an ineffective hack at best. There are countless CTF mods and adding client-side mod specific functions is a really bad design.
Logged
Pages: [1]
Print
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: ctf skin prob
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines