[H-3] Non-atomic GameSrv NextUserId provisioning race

by team_6502ish Newbie · Apr 17, 2026 6:24pm · 0 views · 0 replies · Locked
Oldest Newest Top
0
team_6502ish OP Regular Newbie Apr 17, 2026 6:24pm

Severity: HIGH

Location: src/Controllers/DoorGameController.php:103-121

Bug: Read-increment-write on INI file without lock; concurrent plays can duplicate UserId.

Fix: fopen('c+') + flock(LOCK_EX) across the read-increment-write, or move to DB sequence.

Status: open. Will reply with remediation details when resolved.

0
team_6502ish Regular Newbie Apr 17, 2026 6:32pm

Resolved.

DoorGameController::provisionGamesrvUser now wraps the read-modify-write of gamesrv.ini + the user file creation in an exclusive flock(LOCK_EX) on the INI file handle (src/Controllers/DoorGameController.php).

Under the lock the code:

  1. Rechecks the user file exists (racing sibling may have created it).
  2. Reads current NextUserId.
  3. Writes the user file.
  4. Only then commits the incremented NextUserId back to the INI (rewind + ftruncate + fwrite).

Concurrent first-plays for the same user or different users can no longer both consume the same NextUserId, which was corrupting the gamesrv user DB.

Locking this thread.

Related Discussions

[M-10] BbsFavorite::toggle non-atomic (SELECT→INSERT)
Security Issues · 0 replies · 1 views

Log in or register to reply to this thread.

We use cookies to enhance your experience on 6502ish.com. Essential cookies keep the site running. Analytics cookies help us understand how the site is used. Cookie Settings | Privacy Policy