User:Taffer: Difference between revisions
From OuroDev
Created page with "Being a place for notes about my investigation into the code. == General == What are these _test folders for? Not unit tests (lulz of course not), just one project file......" |
No edit summary |
||
| Line 1: | Line 1: | ||
Being a place for notes about my investigation into the code. | Being a place for notes about my investigation into the code. I'm focusing on security. | ||
== General == | == General == | ||
What are these _test folders for? Not unit tests (lulz of course not), just one project file... | What are these _test folders for? Not unit tests (lulz of course not), just one project file... | ||
== 3rdparty == | |||
* zlib woefully out of date; have a pull request already in place to update it to current | |||
* Crypto++ woefully out of date | |||
I need to look at the rest of the libs, and also figure out what's used where. Only a few things get built during a build (zlib, Crypto++, zeromq, IJG, yajl), maybe. | |||
== AuthServer == | == AuthServer == | ||
Revision as of 20:20, 3 May 2019
Being a place for notes about my investigation into the code. I'm focusing on security.
General
What are these _test folders for? Not unit tests (lulz of course not), just one project file...
3rdparty
- zlib woefully out of date; have a pull request already in place to update it to current
- Crypto++ woefully out of date
I need to look at the rest of the libs, and also figure out what's used where. Only a few things get built during a build (zlib, Crypto++, zeromq, IJG, yajl), maybe.
AuthServer
- Doesn't appear to use any of the external/* libs. Arda2 appears to reference them though at least in the Linux Makefile.
- cryptLib is a SHA512 implementation; it may be specific to AuthServer messages. It should be replaced by calls to OpenSSL or Crypto++ as they'll be faster and bug-free. Yes, three implementations of SHA-512.
Game
- Looked in game.c, oh dear there's a lot of unsafe string handling going on in this code base...