Fix for Rare BufferOverflow that could cause rcon to become unresponsive core/rcon.js #291
Conversation
Refactor Bug fix to decoder for rare overflow caused Bug fix decoder, rework
Matttor
changed the title
|
This also takes care of the password logging issue by writing to .netconnection directly, |
|
fixes issues 262, 260, 200 |
|
I have sandboxed this against a live server, over 1 million requests and responses with 0% failure. |
fix to string/body typo
Clean up of listeners, now cleans up all listeners, auth once only, error on connect while connected, minor method rework
removed unintended addition to constructor
Squad ver 4.3 was outputting over size > 4096, still assessing 4.4, using 8192 for now
fixed mistake
|
this.autoReconnectDelay = options.autoReconnectDelay || 5000; seems incorrect? - followed the core/rcon.js file, however it seems to be passed, |
|
We've been using this for days now and no issues encountered yet. We'll be monitoring it and see if we can find anything. |
Server chat call sequence simplified, removed eventlistener, now call processChatPacket() directly on decoded chat packet, this allowed for further cleanup of connect()
Chat event listeners no longer cleared on rcon restart this.removeAllListeners() was cleaning up all event listeners related to chat etc, only need a broad fail proof way to clean up "auth" listeners. .once is the best way I can see to create a trigger that resolves connect() promise. for now I have added this.events, and moved "auth" event to this.events this is to allow use of .removeAllListeners() to clean up connection auth listener that are hard to ID, while still resolving the promise and not bloating the code.
After testing I feel this is a better solution/extension to my last commit "auth" is determined above net level "close", "data" etc but as a sudo grouping it makes enough sense here, new netConnection() when connect() is called cleans up, #cleanUp is removed as we can now just handle everything in onClose
|
Wanted to ask if this is working properly and is it stable, since there has been quite a long time now for it to be tested? |
Hi, we've been using this for weeks now and have already tested numerous versions. However, I'm not sure yet if this is the latest version that we've been using. |
|
I hope to push the latest version within a few days, it has had the reject/resolves cleaned up and some other minor tweaks, however for most people outwardly it will work just the same. |
|
Awesome, sounds good to me. |
This version has has had promises cleaned up, and some methods moved into connect()
|
Is this going to be merged? Looking to potentially use SquadJS but would like to see these issues closed out first for stability. Thanks! |
I've used Squad JS well over a year when I had my server, it rarely crashed. |
Why not use SquadJS and use this file instead? I've been using this for weeks now and no issues so far. When we were on FTP before, rcon silently dies almost 10+ times a day and I had to restart every hour. |
The main issue is not crashing, but the rcon silently dies without crashing. |
If you are able to just swap the files, do that for now. Its a low effort fix :) |
|
Can confirm it runs fine with Node 16.9.0 |
|
@fantinodavide Are these still valid/good PRs? |
|
Conflicts will need resolving now. |
|
Not sure what happened there, There is one minor bug fix to handle possible event listener leak, I can do another pr or you may just do the following; at Or I can do another pr |
|
I understand now, to resolve this conflict by re-adding lvl 4 pwd vBlog; #sendAuth() { |
Brought upto date with pw std, listener and packet size tweaks
err -> error
|
Have made the changes, this is now inline with the version people have been using, + the lvl 4 pw logging etc |
|
@Matttor still getting conflict warnings, you may need to resolve them through the PR/CLI process first. It is still preventing me to do anything currently. If you can't fix I'll take a look later but please don't make another PR. Want to keep everything tidy. |
|
@Matttor just had an issue, the badPacket() method got called after updating the player list, probably too frequently, but setting the condition as follows fixed my issue: |
|
@Matttor some important notes here #318 (comment) |
|
Sorry, I gave you a bit misleading info yesterday. 11kb package I was receiving was a TCP payload size, not an rcon's |
|
Hello, your PR seems to have solved all the problems we've had with regards to RCON in our SquadJS. However, there's a minor typo/bug on line 149, where if the module recieved a bad packet, it would try to print out the buffer. During the logging it's supposed to call "this.bufToHexString(this.stream)", while the bufToHexString method is named "#bufToHexString" When this happend, it would cause a crash. |
|
Good spot, thank you @mrkaland95 |
Bug fix to decoder for rare overflow caused by packet sequence illustrated below,
(reads from random point in the buff to get size of packet that can cause non returning loop)
looking for a packet of L10 and then looking for something on the end that matches 0100000 returns false when TCP has cut packet as shown; the next data will be "fragments". This is compounded because Squad on rare occasions sends 0100000 to denote chat msg breaks and it does not follow spec.
Rework of decoder to better suite OWI Squads rcon flavour. (oversize packets, 0x01, NO 0001000, instead 0100000)
(Note all decode checking I have written is overkill but I have developed it regardless, all bad packets came from the bug above TCP does not break like that at the application layer).
See my simpleRcon examples for underlying logic.
I have 'Wrapped' my rcon client methods in SquadJS-like methods (looking to confirm I've not missed anything)
.execute(){ .once() is achieved by using the packet id as the event id, a new counter this.msgId starts at 20 and is reset at 80, tuned for timeout errors on current map call timeout goes to aprox 10 seconds.
This is my first draft, well tested in sandbox, not yet executed with SquadJS.