There’s a new server crashing script that relies on the chat system to crash servers. Here’s a very simple fix for it. It’s very easy to patch it, but I’ve seen it never mentioned on the devforums (except for one instance.) It’s very dangerous and easily accessible, so I thought I’d write a patch for it.
Fork ChatMessageValidator with this
If you’d rather not fork:
if string.len(msg) > 300 then
-- kick player
No credit needed. Enjoy!
Simply printing this causes the Studio instance to go extremely laggy and/or crash.
Yeah. It’s pretty clever how it works, but it’s still extremely easy to patch.
Can be bypassed by using a higher or lower value or by changing the character used. I would just kick for any messages processed above 300 characters because the chat bar realistically allows only 200; the 100 is just extra padding in case a legitimate message gets processed that’s over 300 characters.
thnx for telling me that! working on a piece of code for yall to use.
You would be right, but for some reason changing the character actually breaks the script. I’m not exactly sure why this is.
Better to be safe than sorry. Most chat crash exploits involve sending the server a massive amount of characters unsanitised. Interesting behaviour that it doesn’t crash with changed values though, I haven’t actually put it in Studio myself to repro.
This is a really bad ‘patch’ because it creates a 96MB(!) string every time a player chats. You could just get the length of the string and kick people based on that.
if #msg > 100000 then
Yeah, that was totally an oversight on my end. I’ve found a better solution in all to this, which doesn’t create any lag. I’ll edit it once I confirm it works.
exactly, thats what im doing
thanks for pointing that out.