Saturday, 25.11.2017, 04:48
Приветствую Вас Гость
Register | Login | RSS
Jedi Academy Server Security
[ New messages · Users · Forum rules · Search · RSS ]
Page 1 of 11
Forum » JASS » English forum » Possible target_level_change fix (lugormod)
Possible target_level_change fix (lugormod)
WEAPON_XDate: Monday, 11.06.2012, 12:25 | Message # 1
Group: User
Messages: 12
Reputation: 0
Status: Offline
Hello,

In lugormod there is an old bug that can be used to inject console commands.

The bug:
/place target_level_change * targetname,bug,mapname,bug\nsay hi!
When this entity is used, the server will say hi.

The fix:
Code
    else if (cmd == G_SEND_CONSOLE_COMMAND)
   {
    char* buf = (char*)arg1;
    while (*buf)
    {
     if (*buf=='\n' | *buf==';')
     {
      if (*(buf+1) != '\0')
       JASS_RET_SUPERCEDE(1);
     }
     buf++;
    }
   }


This way we check that \n or ; are only at the end.

So far it seems to work ok. Any suggestions?


Message edited by WEAPON_X - Monday, 11.06.2012, 12:26
 
BufferOverflowDate: Monday, 11.06.2012, 13:32 | Message # 2
Group: Developer
Messages: 47
Reputation: 0
Status: Offline
WEAPON_X, as I've said, never use hooking if you can avoid that, so it's better solution. But, replace
Code
     if (*buf=='\n' | *buf==';')

with this:
Code
     if (*buf=='\n' | *buf=='\r' | *buf==';' )
 
Forum » JASS » English forum » Possible target_level_change fix (lugormod)
Page 1 of 11
Search: