mirror of
https://github.com/Mezeporta/Erupe.git
synced 2026-03-21 23:22:34 +01:00
b40217c7fe
Prevent savedata corruption and denial-of-service by adding four layers of protection to the save pipeline: - Bounded decompression (nullcomp.DecompressWithLimit): caps output size to prevent OOM from crafted payloads that expand to exhaust memory - Bounds-checked delta patching (deltacomp.ApplyDataDiffWithLimit): validates offsets before writing, returns errors for negative offsets, truncated patches, and oversized output; ApplyDataDiff now returns original data on error instead of partial corruption - Size limits on save handlers: rejects compressed payloads >512KB and decompressed data >1MB before processing; applied to main savedata, platedata, and platebox diff paths - Rotating savedata backups: 3 slots per character with 30-minute interval, snapshots the previous state before overwriting, backed by new savedata_backups table (migration 0007)
10 lines
460 B
SQL
10 lines
460 B
SQL
-- Rotating savedata backup table (3 slots per character, time-gated).
|
|
-- Prevents permanent data loss from save corruption by keeping recent snapshots.
|
|
CREATE TABLE IF NOT EXISTS savedata_backups (
|
|
char_id INTEGER NOT NULL REFERENCES characters(id) ON DELETE CASCADE,
|
|
slot SMALLINT NOT NULL CHECK (slot BETWEEN 0 AND 2),
|
|
savedata BYTEA NOT NULL,
|
|
saved_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
PRIMARY KEY (char_id, slot)
|
|
);
|