Code:


Problem description:

Seems that someone created a 'bad' Save File and is going around crashing servers hosting my game (and handing it out for others to do, or maybe its just group effort).

I was able to get a copy of this Save File and it appears that, as well as a lot of random vars filled with jibberish not realated to the game, the above is the main trigger of the crash which is at the start of the malicious Save File. Since all those random variables should be 'ignored' anyway.

My game loads the save file, and has an MD5 check. So it *should* reject a Save File if it loads and then finds values dont match hashs, but i suspect this is the problem. It has to load the save file *before* it can check it, and this 'usr = object(".0")' seems to cause the game crash when it loads it, so it would never et that far.

I'm aware that a number of other popular games have encounterd such attacks and possibly down to the same cause, so if anyone has any suggestions it would be helpful. I'm not really sure where to go from here since i was doing my utmost with the MD5. Thanks.

EDIT: After testing it out i cannot seem to get the game to crash with the save file given to me. Perhaps its because im host? I will connect to my own game as a user.

EDIT #2: Nope that didnt seem to work either, it just told me the save was invalid as per my save code (which is nothing fancy)... so im little confused now since i cant seem to replicate crashing (so have no clue where to start with all the complaints im getting).

EDIT #3: I suppose what im asking for help with here "code wise" is that id like to avoid the crashing of servers by use of currupt/damaged/malicious save files. I'm already doing an MD5 hash of variables to avoid tampering, but there must be other measures i can take?