Commit Graph

6877 Commits

Author SHA1 Message Date
Ray J. Greenwell 7e08d9fd48 All we're ever doing with the prefixes is iterating them. List. 2026-03-20 13:39:51 -07:00
Ray J. Greenwell d823feb674 Rayified: Delay chopping out a substring, check primitives?
I guess I could validate that the primitive code is the final character
in the string. start == end - 1...
2026-03-20 13:28:10 -07:00
Ray Greenwell 0e9b81404a Merge pull request #10 from fourbites/deserialization-fixes
Deserialization fixes
2026-03-20 13:16:06 -07:00
fourbites 84bed9e479 Class check cleanup 2026-03-20 20:53:26 +01:00
fourbites 1fd6240d09 Another class filtering fix 2026-03-20 15:41:04 +01:00
fourbites 35b8acb52a Allow L (array) types 2026-03-20 15:18:36 +01:00
fourbites c4ab0d13de Harden deserialization against malicious client input
Add three defenses to the Streamable deserialization system to prevent
exploitation by hacked clients:

- Class whitelist: ObjectInputStream.setAllowedClassPrefixes() validates
  class names before Class.forName(), blocking arbitrary class loading
  from crafted wire data. Callers configure at startup; unconfigured
  streams retain existing behavior for backward compatibility.

- Container size caps: BasicStreamers.validateSize() rejects arrays,
  collections, and maps with negative or >65536 element counts. Prevents
  OOM from a small frame declaring a massive allocation. Applied to all
  12 array/collection read paths and Streamer.ArrayStreamer.

- Recursion depth limit: ObjectInputStream.readObject() tracks nesting
  depth and throws at 32 levels, preventing stack overflow from
  maliciously nested structures (e.g., list-of-list-of-list).
2026-03-20 14:42:10 +01:00
fourbites 2a8db32013 Use keepalive and reduce ping interval
Some networks will kill connections sooner than 60s, especially if they are not using keepalive. This fix should reduce the random disconnects some players experience
2026-03-16 14:16:21 +01:00
Michael Bayne 91f1292ba4 Support Depot ByteEnum in Narya.
I don't think anything is directly streaming these over the wire, but it would
have worked before, so we'll try to keep it working now to avoid unpleasant
surprises.
2026-03-11 12:50:58 -07:00
Michael Bayne 283984464b [maven-release-plugin] prepare for next development iteration 2026-03-09 14:17:16 -07:00
Michael Bayne d930aacc8c [maven-release-plugin] prepare release narya-1.17.4 2026-03-09 14:17:13 -07:00
Ray J. Greenwell 3b0af94757 Drive-by: remove redundant null check. 2026-03-03 14:10:55 -08:00
Ray J. Greenwell fbf3238f80 Have FieldEditor update on ElementUpdatedEvents; Require match NamedEvent!
- It would update if an AttributeChangedEvent was received, but not an
  ElementUpdatedEvent!

- If you have 50 fields and 50 editors, then every one was updating
  whenever an event arrived? Filter by the field that actually changed?
  Does this break something?
2026-03-03 14:10:55 -08:00
Ray J. Greenwell 6e464e132f Allow the reboot manager to specify a time zone...
A balance between: This is obnoxious, I should fix it in my subclass
and/or we should be compositing functionality, not subclassing... but
adding a time zone to this old thing seems fundamental anyway and this
is an easy fix.
2026-03-02 13:28:40 -08:00
Michael Bayne 12c617158d [maven-release-plugin] prepare for next development iteration 2026-02-25 12:18:55 -08:00
Ray J. Greenwell 8813f630d6 [maven-release-plugin] prepare release narya-1.17.3 2026-02-25 12:05:53 -08:00
Ray J. Greenwell 114bfd0460 Include the proper number of parens... how did this get by? 2026-02-25 11:44:51 -08:00
Ray J. Greenwell 7f3b45d2da Add a string to the ignoreable exceptions, for newer Java. 2026-02-24 14:01:49 -08:00
Ray J. Greenwell 376d079272 Suppress this-escape warnings in some tools. 2026-02-20 10:32:53 -08:00
Ray J. Greenwell 7996dc1e61 Fix some deprecation warnings. 2026-02-20 10:32:53 -08:00
Ray J. Greenwell 45e5561460 InvocationProxy: View a *Provider instance as a *Service.
This is used on multi-noded servers so that I can have a service
interface for talking to the node in charge of a particular resource,
and use the same code path even if that node is the current node.

Perhaps this be more smoothly integrated in the future but for now it's
a static utility you need to manually set up.
2026-02-20 10:32:18 -08:00
Michael Bayne 794924e8a9 Revert "Avoid a concrete dependency on PresentsServer."
This reverts commit 938847bea9.

This didn't turn out to work well enough, so let's avoid unhelpful indirection.
2026-02-11 11:43:02 -08:00
Michael Bayne 4b6ec141f3 [maven-release-plugin] prepare for next development iteration 2026-02-11 10:06:30 -08:00
Michael Bayne c1b9ec813c [maven-release-plugin] prepare release narya-1.17.2 2026-02-11 10:06:26 -08:00
Michael Bayne 0336c305db Update the javadoc plugin. 2026-02-11 10:05:24 -08:00
Michael Bayne 938847bea9 Avoid a concrete dependency on PresentsServer.
ProjectX uses Guice to inject dependencies and this results in some random
manager having a dependency on the concrete server class, which invariably is
getting inject itself at the time this dependency has to be resolved, which
causes circular dependencies.

Guice was able to thread the needle with other sneaky business in some cases,
but also sometimes not. So let's give it a nice interface that it can proxy to
manage this particular circular dependency.
2026-02-11 09:59:23 -08:00
Michael Bayne 89f040768a Merge pull request #7 from fourbites/master
Fix IllegalAccessError crash
2026-01-03 15:20:21 -08:00
fourbites b6a687d2fa Fix IllegalAccessError crash
This was crashing when served from a webapp due to "IllegalAccessError". Lambda expressions seem to make it happy.
2026-01-03 19:45:40 +01:00
fourbites 4185d621f8 Prevent overlapping reboot warning messages
It's hard to say if this is the cause, but it won't hurt to clear existing intervals just in case.
2025-12-13 12:04:16 +01:00
Michael Bayne e35740aba7 [maven-release-plugin] prepare for next development iteration 2025-11-13 16:57:17 -08:00
Michael Bayne e78dfd88fd [maven-release-plugin] prepare release narya-1.17.1 2025-11-13 16:57:14 -08:00
Michael Bayne 0be130a383 Handle streaming of data manually.
We can no longer reflect on java.awt classes and fiddle with their internals.
2025-11-13 16:53:22 -08:00
Ray J. Greenwell 685468fd70 ConnectionManager can be configured to allow larger messages.
Messages that are too big are dropped and the clients have no hope of
recovering. Warnings are logged but that's it. Allow bigger.
2025-10-23 11:27:17 -07:00
Ray J. Greenwell c8996bedf0 Support alternate indent widths for code generation. 2025-09-09 16:05:34 -07:00
Michael Bayne 1361e237ef [maven-release-plugin] prepare for next development iteration 2025-07-04 09:46:01 -07:00
Michael Bayne 6ec6af0f25 [maven-release-plugin] prepare release narya-1.17 2025-07-04 09:45:58 -07:00
Michael Bayne 91f9d7bd39 Move central publishing plugin to <plugins>.
Apparently this new one doesn't want to be in <pluginManagement>?
2025-07-04 09:42:23 -07:00
Michael Bayne 530c0cb05d http to https. 2025-07-04 09:33:33 -07:00
Michael Bayne 5a1784eaaf Update to gpg plugin 1.5. 2025-07-04 09:31:43 -07:00
Michael Bayne 91b1c66767 Update to shipped depot & ooo-util. 2025-07-04 09:26:00 -07:00
Michael Bayne 5090cc943e Convert to new Sonatype publishing bits. 2025-07-04 08:58:05 -07:00
Michael Bayne 859c7d197d Javadoc fixes. 2025-07-04 08:54:52 -07:00
Michael Bayne 61fd40f318 Streamline the source header. Update the copyright. 2025-04-03 13:21:33 -07:00
Michael Bayne 1d7365ca32 Merge pull request #3 from threerings/dependabot/maven/tools/junit-junit-4.13.1
Bump junit from 4.10 to 4.13.1 in /tools
2025-04-03 13:13:46 -07:00
Michael Bayne 2b0ea73dd1 Merge pull request #4 from threerings/dependabot/maven/core/junit-junit-4.13.1
Bump junit from 4.10 to 4.13.1 in /core
2025-04-03 13:13:29 -07:00
Michael Bayne 494a8fd06e Merge pull request #5 from threerings/dependabot/maven/core/org.apache.ant-ant-1.10.9
Bump ant from 1.7.1 to 1.10.9 in /core
2025-04-03 13:13:11 -07:00
Michael Bayne 15ce3f38ea Merge pull request #6 from threerings/dependabot/maven/tools/org.apache.ant-ant-1.10.9
Bump ant from 1.7.1 to 1.10.9 in /tools
2025-04-03 13:13:00 -07:00
Michael Bayne cb3c971312 Ignore Maven target directories. 2025-02-05 11:23:35 -08:00
Michael Bayne 77ccbb97a2 Updating depends. 2025-02-05 10:55:13 -08:00
Michael Bayne cb065fcbd2 Target Java 10. 2025-02-05 10:54:59 -08:00