12.07.2013, 22:02
(
Последний раз редактировалось Johnson_boy; 03.10.2016 в 18:28.
)
No longer available.
I think I may have found an issue, but I'm not completely sure about it, so please correct me if I'm wrong.
Imagine the following scenario: Player A joins the server, and enters his correct password. Player A now leaves the server, while the server is still processing his password (perhaps due to a high cost setting, or whatever reason). A new player, player B, now enters the server and is assigned the ID previously used by player A. The server is now finished processing the password, and sends a "Hooray, you successfully logged in!" message to player B, as the script still thinks he is player A. While in fact player A has left the server. I'm not sure if this classifies as a race condition, I think it does. I haven't found any checks to prevent such a situation, but I haven't actually tested yet if this could actually happen - so it's just guessing at the moment. |
Since the thread which runs the server scripts actually won't fire a disconnect call to the scripts during expensive calculations. Which means Player A can enter a correct password, the script starts to calculate with a huge delay. The player can actually quit the server without any problems, The server still thinks that the player is still connected and continues proceeding the calculation. Player B can't actually join during the expensive calculation, because the server will just not respond to the player. After the calculation the script fires the disconnection call and allows Player B to join. Player B just won't be logged in after connecting automaticly!
|
I think I may have found an issue, but I'm not completely sure about it, so please correct me if I'm wrong.
Imagine the following scenario: Player A joins the server, and enters his correct password. Player A now leaves the server, while the server is still processing his password (perhaps due to a high cost setting, or whatever reason). A new player, player B, now enters the server and is assigned the ID previously used by player A. The server is now finished processing the password, and sends a "Hooray, you successfully logged in!" message to player B, as the script still thinks he is player A. While in fact player A has left the server. I'm not sure if this classifies as a race condition, I think it does. I haven't found any checks to prevent such a situation, but I haven't actually tested yet if this could actually happen - so it's just guessing at the moment. |
In computer sience the meaning of a "thread" is to define a task, a process actually performs, so the word "multi-threaded" means that a process is divided into multiple tasks, also called threads. The SA:MP server AFAIK runs in 2 independent threads, an internal one and the one which actually processes all the running plugins and AMX (compiled scripts).
|
I have never tested that, but I believe this bug could occur. There is no sense to make the cost so high that it'd take more than a second to finish, but in theory, it is possible. I could maybe add a check, which determines whether or not it's the same client based on IP address.
|
public OnPlayerConnect(playerid) // It might be better to do this on OnPlayerDisconnect, as it removes the need to check if the player is actually still connected.
{
connectId[playerid]++;
}
public PasswordHash(playerid, checkid, iterations_left, thread, bool:verifying)
{
if(connectId[playerid] != checkid)
{
return 1; // It's not the same player anymore
}