User:Taffer: Difference between revisions
From OuroDev
(Created page with "Being a place for notes about my investigation into the code. == General == What are these _test folders for? Not unit tests (lulz of course not), just one project file......") |
(looked into current 3rdparty/* code usage) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Being a place for notes about my investigation into the code. | Being a place for notes about my investigation into the code. I'm focusing on security. | ||
== General == | == General == | ||
What are these _test folders for? Not unit tests (lulz of course not), just one project file... | What are these _test folders for? Not unit tests (lulz of course not), just one project file... | ||
== 3rdparty == | |||
As of 2019-05-11, here's a list of which 3rdparty directories are referenced from which projects: | |||
* 3dsmax - Utilties/3dsmax (animation import/export?) | |||
* 'AlienFX SDK' - Game_test (so, unused?) | |||
* cg - Game_test, GetTex, StreamingClientPrototype | |||
* cryptopp - all over the place | |||
* DirectX - GetVrml, libs/crashrpt | |||
* DoubleFusion - Game_test | |||
* fmod - not used! | |||
* freetype - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test | |||
* freetype-2.1.9 - not used! | |||
* gc-7.2alpha6 - not used! | |||
* glew - Game, Game_test, GetTex, StreamingClientPrototype | |||
* IJGWin32 - CostumeCreator, Game | |||
* jpgdlib - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test | |||
* libcubemapgen - Game, Game_test | |||
* libiconv - StructParser | |||
* libxml2 - StructParser | |||
* lua-5.1.5 - MapServer | |||
* nvcpl - Game_test | |||
* nvdxt - not used! | |||
* nvidia-texture-tools-2.0.7-1 - GetTex, StreamingClientPrototype | |||
* nvparse - CostumeCreator, Game | |||
* nvperf - Game_test | |||
* oggvorbis - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test | |||
* PhysX - Game_test, mapserver_test | |||
* UnitTest++ - mapserver_test, PropertySheets/unitTest.vsprops | |||
* VTune - CostumeCreator, dbquery_test, Game_test, mapserver_test, RaidServer_test, StatServer_test, TestClientLauncher, TestClientLauncher_test, TestClient_test | |||
* wtl70 - libs/crashrpt | |||
* yajl - AccountServer | |||
* zeromq2-1 - AccountServer, dbserver, MapServer | |||
* zlibsrc - all over the place | |||
cryptopp and zlib are used everywhere. @Cattan's already updated zlib, but we really need to update cryptopp ASAP. | |||
If the *_test projects aren't actually useful (they link in UnitTest++, but there don't appear to be any unit tests in the code?) we could eliminate some additional unused code. | |||
== AuthServer == | == AuthServer == | ||
| Line 9: | Line 48: | ||
* Doesn't appear to use any of the external/* libs. Arda2 appears to reference them though at least in the Linux Makefile. | * Doesn't appear to use any of the external/* libs. Arda2 appears to reference them though at least in the Linux Makefile. | ||
* cryptLib is a SHA512 implementation; it may be specific to AuthServer messages. It should be replaced by calls to OpenSSL or Crypto++ as they'll be faster and bug-free. Yes, three implementations of SHA-512. | * cryptLib is a SHA512 implementation; it may be specific to AuthServer messages. It should be replaced by calls to OpenSSL or Crypto++ as they'll be faster and bug-free. Yes, three implementations of SHA-512. | ||
* Need to make it use zlib, etc. from 3rdparty instead of the local duplicates so we can upgrade things sanely. | |||
== Game == | == Game == | ||
* Looked in game.c, oh dear there's a lot of unsafe string handling going on in this code base... | * Looked in game.c, oh dear there's a lot of unsafe string handling going on in this code base... | ||
Latest revision as of 08:28, 11 May 2019
Being a place for notes about my investigation into the code. I'm focusing on security.
General
What are these _test folders for? Not unit tests (lulz of course not), just one project file...
3rdparty
As of 2019-05-11, here's a list of which 3rdparty directories are referenced from which projects:
- 3dsmax - Utilties/3dsmax (animation import/export?)
- 'AlienFX SDK' - Game_test (so, unused?)
- cg - Game_test, GetTex, StreamingClientPrototype
- cryptopp - all over the place
- DirectX - GetVrml, libs/crashrpt
- DoubleFusion - Game_test
- fmod - not used!
- freetype - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test
- freetype-2.1.9 - not used!
- gc-7.2alpha6 - not used!
- glew - Game, Game_test, GetTex, StreamingClientPrototype
- IJGWin32 - CostumeCreator, Game
- jpgdlib - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test
- libcubemapgen - Game, Game_test
- libiconv - StructParser
- libxml2 - StructParser
- lua-5.1.5 - MapServer
- nvcpl - Game_test
- nvdxt - not used!
- nvidia-texture-tools-2.0.7-1 - GetTex, StreamingClientPrototype
- nvparse - CostumeCreator, Game
- nvperf - Game_test
- oggvorbis - CostumeCreator, Game_test, TestClientLauncher, TestClientLauncher_test, TestClient_test
- PhysX - Game_test, mapserver_test
- UnitTest++ - mapserver_test, PropertySheets/unitTest.vsprops
- VTune - CostumeCreator, dbquery_test, Game_test, mapserver_test, RaidServer_test, StatServer_test, TestClientLauncher, TestClientLauncher_test, TestClient_test
- wtl70 - libs/crashrpt
- yajl - AccountServer
- zeromq2-1 - AccountServer, dbserver, MapServer
- zlibsrc - all over the place
cryptopp and zlib are used everywhere. @Cattan's already updated zlib, but we really need to update cryptopp ASAP.
If the *_test projects aren't actually useful (they link in UnitTest++, but there don't appear to be any unit tests in the code?) we could eliminate some additional unused code.
AuthServer
- Doesn't appear to use any of the external/* libs. Arda2 appears to reference them though at least in the Linux Makefile.
- cryptLib is a SHA512 implementation; it may be specific to AuthServer messages. It should be replaced by calls to OpenSSL or Crypto++ as they'll be faster and bug-free. Yes, three implementations of SHA-512.
- Need to make it use zlib, etc. from 3rdparty instead of the local duplicates so we can upgrade things sanely.
Game
- Looked in game.c, oh dear there's a lot of unsafe string handling going on in this code base...