Config
Log for #openttd on 5th February 2020:
Times are UTC Toggle Colours
00:02:13  *** Flygon has joined #openttd
00:24:00  *** ZirconiumX has quit IRC
00:56:01  *** gelignite has quit IRC
00:56:22  *** ZirconiumX has joined #openttd
01:11:15  *** Wormnest has joined #openttd
01:43:39  *** glx has quit IRC
02:02:31  *** jinks has joined #openttd
03:01:33  *** Wormnest has quit IRC
03:07:01  *** Wormnest has joined #openttd
03:11:43  *** WormnestAndroid has quit IRC
03:12:54  *** WormnestAndroid has joined #openttd
03:25:02  *** WormnestAndroid has quit IRC
03:25:12  *** WormnestAndroid has joined #openttd
03:38:29  *** D-HUND has joined #openttd
03:41:52  *** debdog has quit IRC
04:27:10  *** WormnestAndroid has quit IRC
04:29:53  *** Wormnest has quit IRC
04:30:23  *** WormnestAndroid has joined #openttd
05:45:17  *** tokai has joined #openttd
05:45:17  *** ChanServ sets mode: +v tokai
05:52:08  *** tokai|noir has quit IRC
05:58:54  *** argoneus14 has joined #openttd
05:59:43  *** Lejving_ has joined #openttd
06:01:46  *** orudge` has joined #openttd
06:01:55  *** Markk_ has joined #openttd
06:02:16  *** sla_ro|master has joined #openttd
06:03:14  *** epoll has joined #openttd
06:04:17  *** D-HUND has quit IRC
06:04:17  *** SmatZ has quit IRC
06:04:17  *** Hirundo has quit IRC
06:04:17  *** fonsinchen has quit IRC
06:04:17  *** avdg has quit IRC
06:04:17  *** XeryusTC has quit IRC
06:04:17  *** gnu_jj has quit IRC
06:04:17  *** ericnoan has quit IRC
06:04:17  *** Mek has quit IRC
06:04:17  *** orudge has quit IRC
06:04:17  *** argoneus1 has quit IRC
06:04:17  *** DorpsGek_III has quit IRC
06:04:17  *** TrueBrain has quit IRC
06:04:17  *** Lejving has quit IRC
06:04:17  *** dihedral has quit IRC
06:04:17  *** Markk has quit IRC
06:04:17  *** DecapitatedO has quit IRC
06:04:17  *** seatsea04192116 has quit IRC
06:04:17  *** syr has quit IRC
06:04:17  *** funnel has quit IRC
06:04:17  *** Markk_ is now known as Markk
06:04:26  *** debdog has joined #openttd
06:04:35  *** gnu_jj has joined #openttd
06:04:45  *** TrueBrain has joined #openttd
06:05:00  *** funnel has joined #openttd
06:05:03  *** dihedral has joined #openttd
06:05:43  *** fonsinchen has joined #openttd
06:05:53  *** Mek has joined #openttd
06:08:30  *** seatsea041921162 has joined #openttd
06:08:30  *** SmatZ has joined #openttd
06:08:30  *** Hirundo has joined #openttd
06:08:30  *** avdg has joined #openttd
06:08:30  *** XeryusTC has joined #openttd
06:08:30  *** ericnoan has joined #openttd
06:08:30  *** DorpsGek_III has joined #openttd
06:08:30  *** DecapitatedO has joined #openttd
06:33:30  *** Flygon has quit IRC
06:33:52  *** Flygon has joined #openttd
07:40:19  *** andythenorth has joined #openttd
08:26:51  *** andythenorth has quit IRC
08:51:22  *** Samu has joined #openttd
09:00:51  *** el3ktr4 has joined #openttd
09:17:33  *** el3ktr4 has quit IRC
09:24:36  *** el3ktr4 has joined #openttd
09:31:26  *** andythenorth has joined #openttd
09:39:39  *** Guest15459 has quit IRC
09:52:06  *** el3ktr4 has quit IRC
10:20:11  *** andythenorth has quit IRC
10:23:44  *** Arveen has quit IRC
10:33:55  *** Lejving_ has quit IRC
10:35:12  *** Arveen has joined #openttd
11:26:09  *** andythenorth has joined #openttd
11:34:37  *** gelignite has joined #openttd
11:40:59  *** andythenorth has quit IRC
11:43:23  *** andythenorth has joined #openttd
12:17:12  *** snail_UES_ has joined #openttd
12:26:33  *** Lejving has joined #openttd
12:33:28  *** snail_UES_ has quit IRC
13:15:41  *** WormnestAndroid has quit IRC
13:15:54  *** WormnestAndroid has joined #openttd
13:28:07  *** sla_ro|master has quit IRC
13:44:35  *** Flygon has quit IRC
13:52:09  *** gelignite has quit IRC
13:52:15  *** gelignite has joined #openttd
14:11:17  *** backtu[m] has left #openttd
14:34:39  <_dp_> hi
14:35:06  <_dp_> nielsm, did you intentionally change rating modification radius or just forgot to check for manhattan distance?
14:35:09  <_dp_> https://github.com/OpenTTD/OpenTTD/commit/d84b67e54d663a62a0a90ddf3fcc7c3f728826af#diff-249239106fd58103249d1178388d72feR3706
14:35:46  <_dp_> for example new advertisement zones https://i.imgur.com/JHTBmaE.png vs old ones https://i.imgur.com/yov79Ho.png
14:36:15  <_dp_> also affects crashes and exclusive rights afaict
14:37:15  <_dp_> I kinda like new adv zones though
14:37:23  <_dp_> but not so much crashes xD
14:38:38  <_dp_> new adv zones change town layout a lot for citybuilders
14:59:49  *** WormnestAndroid has quit IRC
15:00:59  *** WormnestAndroid has joined #openttd
15:01:45  *** WormnestAndroid has quit IRC
15:04:11  *** WormnestAndroid has joined #openttd
15:04:58  *** andythenorth has quit IRC
15:23:48  *** el3ktr4 has joined #openttd
15:24:17  *** sla_ro|master has joined #openttd
15:25:46  <nielsm> _dp_ nope that's not intentional
15:34:06  <nielsm> _dp_ should I make the fix or are you working on one?
15:56:26  <_dp_> nielsm, I'm not so you do it :p
15:56:36  <_dp_> it's a matter of adding && DistanceManhattan back anyway
15:57:35  *** Wormnest has joined #openttd
15:59:11  <_dp_> nielsm, btw, why not just put intsqrt here? https://github.com/OpenTTD/OpenTTD/blob/master/src/town_cmd.cpp#L3317
15:59:38  <nielsm> because it rounds the wrong way
16:00:33  <_dp_> does it? also you can always do +1
16:09:56  <nielsm> I guess IntSqrt is not unreasonably slow (it has no mul or div operations) and just adding +1 to the result would give a better aproximation of smallest integer greater than the real square root
16:11:36  <_dp_> ofc, much faster than querying useless towns
16:11:56  <nielsm> sorry, smallest integer not less than the real square root, is the correct
16:13:59  <_dp_> you're including radius border in query so don't think you need greater integer, just insqrt should be fine
16:14:14  <_dp_> at least I do just intsqrt for zoning and it seems to be ok
16:14:20  <_dp_> not that I tested it much xD
16:16:21  <_dp_> a > intsqrt(x) means a * a > x
16:16:53  *** spnda has joined #openttd
16:33:09  *** gelignite has quit IRC
16:37:22  <_dp_> hm, shouldn't it be T::Get here? https://github.com/OpenTTD/OpenTTD/blame/master/src/station_cmd.cpp#L110
16:37:35  <Eddi|zuHause> uhm what? a*a>x should be preferable to a>intsqrt(x)
16:37:37  <_dp_> not that it matters as waypoints and stations seem to share pool
16:38:26  <_dp_> Eddi|zuHause, look where it is, a*a>x isn't rly an option there
16:38:57  <Eddi|zuHause> i haven't followed the discussion
16:39:15  <spnda> Some update to #7955, I finally got my own Draw function to actually draw the road stops properly. Now my last step is to draw custom sprites. Close to done.
16:39:29  <_dp_> Eddi|zuHause, can't quite query kd-tree by a squared value
16:40:37  <Eddi|zuHause> spnda: that reads like "it's 90% done, now for the other 90%..."
16:40:46  <spnda> exactöy
16:40:48  <spnda> exactly*
17:04:46  *** Progman has joined #openttd
17:05:12  *** Wormnest has quit IRC
17:12:54  *** gelignite has joined #openttd
17:16:38  *** WormnestAndroid has quit IRC
17:16:56  *** WormnestAndroid has joined #openttd
17:33:31  *** andythenorth has joined #openttd
17:37:13  *** el3ktr4 has quit IRC
17:42:43  *** el3ktr4 has joined #openttd
18:00:05  *** el3ktr4 has quit IRC
18:01:25  *** el3ktr4 has joined #openttd
18:08:09  *** y2kboy23 has quit IRC
18:08:14  *** andythenorth has quit IRC
18:08:24  *** y2kboy23 has joined #openttd
18:12:44  *** supermop_work has quit IRC
18:13:54  <tycoondemon> why is this link dead: http://binaries.openttd.org/releases/1.9.3/ ?
18:15:25  <milek7> https://cdn.openttd.org/openttd-releases/1.9.3/
18:15:44  <nielsm> did we not set up redirects from the old urls?
18:15:49  <nielsm> TrueBrain
18:31:28  *** glx has joined #openttd
18:31:29  *** ChanServ sets mode: +v glx
18:36:18  *** frosch123 has joined #openttd
18:37:51  *** Wolf01 has joined #openttd
18:39:00  <Wolf01> Ouch, I lost about 300g in 10 minutes
18:41:45  <nielsm> that can be benign or very serious
18:42:38  <Wolf01> I cut the beard :P
18:45:10  <Wolf01> https://steamcommunity.com/app/361420/discussions/0/1750147465524215521/ @ Eddi|zuHause
18:45:50  <DorpsGek_III> [OpenTTD/OpenTTD] DorpsGek pushed 1 commits to master https://git.io/JvZIY
18:45:50  <DorpsGek_III>   - Update: Translations from eints (by translators)
18:47:14  *** andythenorth has joined #openttd
18:50:45  <frosch123> eints committed, so i guess our team implementation converged to something
18:51:20  <andythenorth> yo
18:51:30  <andythenorth> Horse 98% :P
18:51:39  <andythenorth> I started redrawing all the steam engines
18:51:46  <andythenorth> due to not being very good at drawing
18:52:40  <frosch123> if you improve enough within one cycle, you can continue endless
18:53:45  <frosch123> hmm... also, if your taste changes enough within one cycle, you can continue indefinitely
19:00:00  <Eddi|zuHause> Wolf01: i probably won't do anything that crazy
19:00:06  <andythenorth> frosch123: ^^ FIRS
19:00:07  <andythenorth> :P
19:01:14  <frosch123> did you consider www.your-firs.org, where users can draw their own cargoflow and then generate a .grf?
19:07:04  *** WormnestAndroid has quit IRC
19:07:54  *** WormnestAndroid has joined #openttd
19:07:59  <andythenorth> somewhat I did :P
19:08:02  <andythenorth> but life
19:09:46  <frosch123> i guess instead of a .grf it should generate a .tar and include the source code at the same time
19:10:06  <frosch123> then every noob automatically complies to the gpl
19:12:37  <andythenorth> winner
19:12:41  <andythenorth> let's do it for April
19:13:44  <frosch123> oh, in that case the page could just show "our server is currently experiencing very high load, please retry later"
19:14:03  <frosch123> you just need a cool screenshot
19:14:32  *** gnu_jj has quit IRC
19:14:43  *** gnu_jj has joined #openttd
19:18:37  <Wolf01> <Eddi|zuHause> Wolf01: i probably won't do anything that crazy <- the craziest thing I did was to create a straight road between all the gateways, only on one planet
19:19:13  *** el3ktr4 has quit IRC
19:21:22  *** Wormnest has joined #openttd
19:22:46  *** gnu_jj has quit IRC
19:37:08  *** gelignite2nd has joined #openttd
19:38:19  *** Torxed has joined #openttd
19:39:27  <Torxed> Hey, server is advertised, I can see it when filtering/searching for it and joining works. But if i go via "Add server" and add the IP to the server manually it says "Server offline", any known reasons why that is? (Not behind a NAT, firewall turned off, can test the connection with netcat/python and it greets me all well and fine, just not via the game)
19:40:01  <Torxed> I should probably say that I'm referring to my own dedicated server :)
19:40:39  <nielsm> do you include the port number when you add the server via address?
19:41:18  *** gnu_jj has joined #openttd
19:41:58  <Torxed> nielsm: yes and no. Tried both and both yield the same result.
19:42:32  <Torxed> Using standard port 3979, essentially default config. Except i turned on advertising server and switched the lan_internet to 0 to make it public (also tried with =1 on it)
19:45:39  <Torxed> That's odd, the server advertises the local IP so when I'm connecting to the advertised server it's my local IP. And the server also acts as a router in my home that's why the advertised one works.
19:45:55  <Torxed> And connecting from a VPS outside it can't, so yea it's something with blocking connections externally for some reason.
19:48:03  <Torxed> Does openttd actually bind on all interfaces? or just one?
19:48:46  <Torxed> (0.0.0.0:3970 is a bit ambigious unless it actually opens on all interfaces. But only see one listing in the logs so.. one interface?)
19:49:12  <nielsm> yeah 0.0.0.0 is standard notation for listening on all interfaces
19:49:13  *** gelignite2nd has quit IRC
19:50:45  <frosch123> @ports
19:50:46  <DorpsGek> frosch123: OpenTTD uses TCP and UDP port 3979 for server <-> client communication, UDP port 3978 for masterserver (advertise) communication (outbound), and TCP port 3978 for content service, a.k.a. BaNaNaS (outbound)
19:51:02  <frosch123> i still cannot remember the ports :)
19:51:56  <frosch123> anyway, connecting to a server used tcp, while querying online status used udp
19:52:11  <frosch123> so, there is some difference in the connection
19:52:18  <Torxed> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3979
19:52:20  <Torxed> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3979
19:52:42  <Torxed> Could essentially kill iptables heh, but the port should be open on both UDP and TCP. NOt sure why this is not working : /
19:53:11  <Torxed> 3978 is not open tho, not sure that's an issue?
19:53:49  <frosch123> no, your server will never listen on that
19:54:06  <frosch123> your client used it to download online content
19:54:17  <Torxed> Ah. Sorry for spamming btw, I appreciate all the help I get.
19:54:30  <Torxed> What's the syntax for [server_bind_addresses] ? I currently just do:    <ip> = true
19:54:38  <Torxed> According to https://wiki.openttd.org/Server_bind_ip
19:55:25  <frosch123> i would expect the value does not matter
19:55:35  <frosch123> it just uses the key
19:56:51  <Torxed> That worked. So forcing it to the external interface made it work.
19:57:07  <Torxed> Are you 100% sure it actually creates a socket on all interfaces, not just accept from any network source? :)
20:00:16  <milek7> it probably just creates socket with INADDR_ANY
20:00:26  <nielsm> socket applications bind to IP addresses, not physical interfaces
20:14:25  <Samu> 14 companies with 5000 road vehicles, 1 more to go
20:17:47  <Torxed> nielsm: not true entirely. when binding to a interface (via 0.0.0.0) it actually will get allocated to the interface with the lowest metric. Not on all devices depending on the language used. Or at least that's my past experiences.
20:18:14  <Torxed> But `INADDR_ANY` should listen on all interfaces ._o
20:18:53  <Torxed> I'm confused >_< oh well, I don't mind the server just listening on one interface. That's the one i wanted anyway. And it "solved" the issue heh
20:24:04  <milek7> but INADDR_ANY is 0.0.0.0
20:24:54  <milek7> there's no such thing as binding 'to interface' in IP berkeley socket api
20:35:50  *** spnda has quit IRC
20:40:01  <Torxed> milek7: You're right, but I can't explain this issue in any other way :/
20:59:06  *** el3ktr4 has joined #openttd
21:00:35  *** sla_ro|master has quit IRC
21:02:06  *** Torxed has quit IRC
21:18:09  *** nielsm has quit IRC
21:33:27  *** Wormnest has quit IRC
21:36:31  *** supermop_work has joined #openttd
21:47:48  *** Wormnest has joined #openttd
21:47:55  *** el3ktr4 has quit IRC
21:48:53  *** ToBeFree has joined #openttd
21:51:12  *** andythenorth has left #openttd
22:12:12  *** el3ktr4 has joined #openttd
22:25:30  <DorpsGek_III> [OpenTTD/OpenTTD] James103 opened issue #7976: RCON kick/ban can crash the server https://git.io/JvZmM
22:26:05  <TrueBrain> 19:15 <nielsm> did we not set up redirects from the old urls? <- the URL the user gave never existed. 1.9 was never published there. As such, no redirect :)
22:27:15  <TrueBrain> I am however now slowly merging the two different archives together, so soon (tm) they will all redirect to the same :)
22:28:09  <TrueBrain> So it isn't dead as it never existed to start with :D
22:28:35  <TrueBrain> Guess user tried to alter the URL himself or something
22:29:08  <Eddi|zuHause> my first guess would be some tool that appends the version number to a base url
22:30:05  <TrueBrain> Bit late to notice 1.9 is not working I would say :D almost a year old :p
22:31:30  <TrueBrain> After moving BaNaNaS I can redirect this to the new archive.. till then the users have to survive a little bit longer with this :D
22:33:55  <Eddi|zuHause> how far along are we with the project to accelerate the release schedule? :p
22:46:23  *** Wolf01 has quit IRC
22:46:24  *** ToBeFree_ has joined #openttd
22:47:31  *** ToBeFree has quit IRC
22:51:26  <DorpsGek_III> [OpenTTD/OpenTTD] LordAro commented on issue #7976: RCON kick/ban can crash the server https://git.io/JvZmM
22:55:26  <_dp_> by the way things are going I wouldn't be surprised to see 1.10 delayed instead of accelerated :p
22:56:15  *** ToBeFree_ has quit IRC
22:56:47  <LordAro> bad
22:59:32  <DorpsGek_III> [OpenTTD/OpenTTD] LordAro commented on issue #7976: RCON kick/ban can crash the server https://git.io/JvZmM
23:02:15  *** frosch123 has quit IRC
23:09:45  *** Progman has quit IRC
23:10:26  <LordAro> wait, now i can't reproduce it
23:10:28  <LordAro> what
23:21:32  <TrueBrain> If it is use after free, reproducing can be tricky :p
23:22:04  <LordAro> i reproduced it 3 times before adding some debug information
23:22:10  <LordAro> now it doesn't crash at all
23:22:20  <TrueBrain> Memory offsets? :)
23:22:28  <TrueBrain> Often with these kind of bugs
23:23:24  <LordAro> https://github.com/OpenTTD/OpenTTD/blob/master/src/network/network_server.cpp#L2091 it *should* be fine
23:23:44  <TrueBrain> Opening these URLs on mobile makes the mobile hang
23:23:45  <TrueBrain> Funny
23:23:56  <LordAro> "L2091" that's why :p
23:24:29  <TrueBrain> I expected more of GitHub :p
23:27:30  <TrueBrain> So it can still kick the rcon user
23:27:37  <TrueBrain> Seen by the comment of the earlier url
23:27:45  <TrueBrain> That results in use after free
23:28:24  <TrueBrain> Seems NetworkClientSocket needs a protection flag instead of this hard coded filtering
23:28:53  <TrueBrain> CAN_NOT_BE_KICKED_OR_BANNED flag or something :p
23:29:16  <LordAro> i don't follow - NetworkServerOrBanIP follows on from the console command
23:29:25  <LordAro> as per above, the server's client id can't be kicked
23:29:31  <LordAro> what am i missing?
23:29:34  <TrueBrain> The rcon can
23:30:16  <TrueBrain> They are two different sockets, not?
23:30:58  <TrueBrain> _redirect_console_to_client
23:31:07  <TrueBrain> As by your snippet in the issue
23:31:40  <TrueBrain> There in very poor English it says bad things happen if you do
23:31:47  <TrueBrain> Kick the rcon client
23:33:29  <LordAro> oh i see
23:33:39  <LordAro> rcon is weirdly implemented :)
23:33:55  <TrueBrain> As is the console
23:33:57  <Samu> 4732, almost there, last company to 5000...
23:33:59  <TrueBrain> But yed
23:34:02  <TrueBrain> Yes
23:34:14  <Samu> cyas good night
23:34:26  <TrueBrain> So someone found this bug and fixed it in one place, yet not in the other
23:35:13  <TrueBrain> This is strictly seen CVE worthy btw .. with a score of 1 or something
23:35:13  <LordAro> mm
23:36:00  <LordAro> is "DoS can be caused by the admin of said server" really CVE worthy?
23:36:35  <LordAro> ultimately seems very similar to "server admin can turn off server"
23:38:21  <TrueBrain> Rcon != server admin
23:38:33  <TrueBrain> There is why it is CVE worthy
23:39:00  <TrueBrain> As you can escape the process and read memory of the host
23:39:23  <TrueBrain> It is like a really low score, as you need to have/guess the password :p
23:39:34  <LordAro> "read the memory of the host" ?
23:39:37  <TrueBrain> But I am just mentioning it :)
23:39:38  <LordAro> that's a bit of a leap, surely
23:39:49  <TrueBrain> Use after free allows a lot of cool things
23:40:27  <TrueBrain> Many exploits are based on these things :)
23:40:37  <LordAro> i'm not convinced this is even remotely exploitable
23:40:58  <LordAro> (other than standard DoS)
23:40:58  <TrueBrain> Please do read up on these kind of exploits .. your head will explode :D
23:41:05  <LordAro> i am quite aware of them
23:41:14  <TrueBrain> They are so much fun :D
23:42:03  <_dp_> yeah, memory violation usually stuff doesn't look exploitable
23:42:11  <LordAro> but you'd have to somehow manipulate 20 different objects in memory in increasingly impossible ways to even get anything to do anything
23:42:12  <_dp_> but some crafty bastard always finds a way xD
23:42:31  *** Samu has quit IRC
23:42:40  <TrueBrain> You can mostly prep the data that will be written
23:43:06  <TrueBrain> So the main question is, is this socket static? Or on the stack?
23:43:35  <TrueBrain> I think you overestimate the amount of manipulation you need
23:44:21  <TrueBrain> But okay, it is not like anyone will be putting effort on this, so who cares really
23:44:38  <TrueBrain> It is just sad this already got fixed once :p
23:45:03  *** rptr has left #openttd
23:47:38  <LordAro> i remain unconvinced
23:47:47  <LordAro> but i do think it's CVE worthy
23:47:53  <LordAro> just not as "exploitable"
23:48:23  <TrueBrain> It is also not a DoS .. so as what you want to put it under?
23:48:43  <LordAro> how is it not a DoS?
23:49:08  <TrueBrain> 'quit' is an easier DoS?
23:49:28  <LordAro> well yes
23:49:38  <LordAro> which brings this conversation full circle
23:50:00  <TrueBrain> Only because you fail to see the fun things you can do here ;)
23:50:40  <TrueBrain> I only mentioned it is CVE worthy because it is a freaking use after free WHILE you have control over the flow for a bit of time :)
23:50:56  <TrueBrain> Especially as you can queue commands
23:51:10  <TrueBrain> Would be fun to PoC this
23:51:36  <LordAro> if you can show even the slightest bit of memory manipulation as a result of this, i'll believe you
23:51:48  <LordAro> until then... i shall sleep
23:51:58  <TrueBrain> You control the exact text that will be written in the freed buffer
23:52:10  <TrueBrain> How much more perfect do you want it?
23:52:35  <TrueBrain> Anyway, I don't really care if you can see the potential here or not .. the impact remains very low
23:52:55  <TrueBrain> So it is just a nice exercise if bored .. has no real impact
23:52:58  <LordAro> no you don't? you don't control anything
23:53:17  <TrueBrain> Rcon can batch commands
23:53:42  <TrueBrain> The console code is really horrible btw :p did we ever mention that?
23:54:22  <TrueBrain> Anyway, we are arguing in something neither of us will ever put effort in, so let's agree to disagree and move on :)
23:56:32  <LordAro> you brought it up!
23:57:04  <LordAro> i fail to see any possibility of doing anything with this information
23:57:27  <milek7> i remember reading about single-byte heap overflow with fixed value enabling RCE on ChromeOS
23:58:26  <LordAro> there are prior limits to packet length, command length, character input, the fact that the object that's being used after free is completely separate to the command itself...
23:58:29  <LordAro> i could probably go on
23:59:06  <LordAro> of course it's low impact - a) it's OpenTTD b) the exploiter would already have rcon

Powered by YARRSTE version: svn-trunk